Anything beyond setting up a network-wide dns blocker on docker, so... crowdsec, fail2ban, some proxy-related stuff, zero trust tunnelers and so on.
Why? Because its overkill to my current setup and I don't see myself using em for real other than for learning purposes, and thats it.
And before someone asks "Do you protect your server at all?". Other than making some "hacky" stuff with my internet so all ports appear as closed whilst they actually aren't? Eh, not really. Still, my server is about to reach a year of running nonstop 24/7 and it has never been hacked a single time since then, so naaaw.