Not a full list, just some ideas for personal servers.

• Make sure that only the services are exposed that you want to have exposed. For example, a webserver with PHP and mariadb probably does not need to have mariadb reachable from the network.
• Check the default config of all the programs you install. The default is often not the most secure option.
• Have secure authentication on every service on the server. Change all the default passwords.
• DO NOT disable security features like selinux.
• Document your setup, the specific changes you made and make and test backups.

Please be aware that the requirements in a business environment might be different.