Add hardening module and enable firewall, auditd,

and fail2ban

modules/system.nix

@@ -1,15 +1,9 @@
 { config, pkgs, ... }:
 
 {
-
   # Enable CUPS to print documents.
   services.printing.enable = true;
 
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
-
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
@@ -24,15 +18,19 @@
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
+  # Add system packages
   environment.systemPackages = with pkgs; [
-    git
   ];
 
+  # Enable fish shell
+  programs.fish.enable = true;
+
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.panotaka = {
     isNormalUser = true;
     description = "panotaka";
     extraGroups = [ "networkmanager" "wheel" ];
+    shell = pkgs.fish;
     openssh.authorizedKeys.keys = [
     ];
   };