diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..4f9ebe1
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "services/mailserver"]
+	path = services/mailserver
+	url = ssh://git@git.ophanim.de/derped/nixos-mailserver.git
diff --git a/services/mailserver b/services/mailserver
new file mode 160000
index 0000000..2c59de8
--- /dev/null
+++ b/services/mailserver
@@ -0,0 +1 @@
+Subproject commit 2c59de8dcba6ec7ca386391cb139b06e40450bdd
diff --git a/services/openssh.nix b/services/openssh.nix
index 013a638..205b146 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -1,8 +1,12 @@
 { config, lib, pkgs, ... }:
 
+# For reference:
+# https://infosec.mozilla.org/guidelines/openssh.html
+# https://stribika.github.io/2015/01/04/secure-secure-shell.html
 {
   services.openssh = {
     enable = true;
+    sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
     startWhenNeeded = true;
     challengeResponseAuthentication = false;
     passwordAuthentication = false;