For external users to access those services, you either need to port forward the services or run a cloudflare tunnel (or something similar). Since you don't have CGNAT you can simply port forward, then have a dynamic dns entry setup just in case your static ip changes after a reboot or something. I would start there, get things working, and then you can migrate to a cloudflare tunnel if you choose.