From 4f43d323302ce493fb4767c69ed2828d4780e247 Mon Sep 17 00:00:00 2001
From: buildplan <170122315+buildplan@users.noreply.github.com>
Date: Wed, 15 Oct 2025 21:00:20 +0100
Subject: [PATCH 1/3] Refactor main for better flow

---
 du_setup.sh | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/du_setup.sh b/du_setup.sh
index b180234..5abe3ac 100644
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -3467,10 +3467,13 @@ main() {
     touch "$LOG_FILE" && chmod 600 "$LOG_FILE"
     log "Starting Debian/Ubuntu hardening script."
 
-    # Existing system checks
+    # --- PRELIMINARY CHECKS ---
     check_system
+    run_update_check
+    print_header
+    check_dependencies
 
-    # Handle --cleanup-only flag
+    # --- HANDLE SPECIAL OPERATIONAL MODES ---
     if [[ "$CLEANUP_ONLY" == "true" ]]; then
         print_info "Running in cleanup-only mode..."
         detect_environment
@@ -3479,7 +3482,6 @@ main() {
         exit 0
     fi
 
-    # Handle --cleanup-preview flag
     if [[ "$CLEANUP_PREVIEW" == "true" ]]; then
         print_info "Running cleanup preview mode..."
         detect_environment
@@ -3488,20 +3490,10 @@ main() {
         exit 0
     fi
 
-    # Normal flow - detect environment first
+    # --- NORMAL EXECUTION FLOW ---
+    # Detect environment used for the summary report at the end.
     detect_environment
-
-    # Run cleanup unless --skip-cleanup is set
-    if [[ "$SKIP_CLEANUP" == "false" ]]; then
-        cleanup_provider_packages
-    else
-        print_info "Skipping provider cleanup (--skip-cleanup flag set)."
-        log "Provider cleanup skipped via --skip-cleanup flag."
-    fi
-
-    run_update_check
-    print_header
-    check_dependencies
+    # --- CORE SETUP AND HARDENING ---
     collect_config
     install_packages
     setup_user
@@ -3517,6 +3509,16 @@ main() {
     setup_backup
     configure_swap
     configure_security_audit
+
+    # --- PROVIDER PACKAGE CLEANUP ---
+    if [[ "$SKIP_CLEANUP" == "false" ]]; then
+        cleanup_provider_packages
+    else
+        print_info "Skipping provider cleanup (--skip-cleanup flag set)."
+        log "Provider cleanup skipped via --skip-cleanup flag."
+    fi
+
+    # --- FINAL STEPS ---
     final_cleanup
     generate_summary
 }

From 880f25cc6c5ee8513bed8dfe115cbee10f9288fd Mon Sep 17 00:00:00 2001
From: buildplan <170122315+buildplan@users.noreply.github.com>
Date: Wed, 15 Oct 2025 21:09:51 +0100
Subject: [PATCH 2/3] print header before other checks

---
 du_setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/du_setup.sh b/du_setup.sh
index 5abe3ac..f08ef86 100644
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -3468,9 +3468,9 @@ main() {
     log "Starting Debian/Ubuntu hardening script."
 
     # --- PRELIMINARY CHECKS ---
+    print_header
     check_system
     run_update_check
-    print_header
     check_dependencies
 
     # --- HANDLE SPECIAL OPERATIONAL MODES ---

From b30cd1bcbd33a35897ac803e10eae3d739ab6d38 Mon Sep 17 00:00:00 2001
From: buildplan <170122315+buildplan@users.noreply.github.com>
Date: Wed, 15 Oct 2025 21:36:01 +0100
Subject: [PATCH 3/3] Reorder SSH configuration in setup script

Configure firewall before ssh configuration - this avoids the issue if a provider (Vultr) has firewall enabled by default.
---
 du_setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/du_setup.sh b/du_setup.sh
index f08ef86..efe8405 100644
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -3498,9 +3498,9 @@ main() {
     install_packages
     setup_user
     configure_system
-    configure_ssh
     configure_firewall
     configure_fail2ban
+    configure_ssh
     configure_auto_updates
     configure_time_sync
     configure_kernel_hardening