I did a bit of a tutorial that was just supposed to be a known good. I used debian but could be any.
In that I use DNSMasq for internal DNS and DHCP and meant to get round to posting about OpenVPN, SSH, Webmin and Fail2Ban.
Would be great if you started a thread on top tips, would be great maybe to also have a community wiki.
Maybe post something.