Well, I'm most in favour of a do it yourself method. Getting a server on a host with built in DDoS mitigation and rolling your own haproxy setup. Doing so will require having someone familiar with Linux and webserver management. I've set up servers like this before, although they're often set up to be far more protective of their origin IP than PeakD would need.

On top of that, Cloudflare tends to give website maintainers a false sense of security. However, it looks like PeakD has been properly configured as I was only able to find out that you use Hetzner for part of your infrastructure.

Also, worth noting, if you're using OVH as your host, they already provide built in DDoS mitigation.

If you need a CDN, there's plenty of those. You've got Rackspace, Akamai, Limelight, CDN77, and Amazon Cloudfront to name a few.

Also, blocklist sharing sounds good on paper but turns out horrific in practice. It's been done on Twitter before and ended up being a complete disaster. It'd be far better to implement some form of Trust Propagation, however it would be very difficult to do so in a way that scales well.