@pixelfed cool! This is an important step to enable people to run they're own servers. π
As a professional I would like to suggest to build in a basic security test if possible.
Like:
Are the database ports reachable from outside?
Is sshd secured?
Actual software?
Regularly reminder to keep the OS updated π
...