This guide covers the basics of hardening a new Linux virtual machine when you'd rather be doing something else.

It scratches the surface of the most obvious stuff. I’d only add running apps in isolation (docker or adduser) and maybe fail2ban.