What I did (a few years ago now) was add http authentication to the ports where I ran my personal projects and left my projects port public. Don’t think I have to worry about recruiters brute forcing a password, hah.
I think it adds a little credibility to the fact that it’s actually you.
The future if text documents were Json:
City_pic.png.xml