From 764f12652444d615a393553ce25e19f45970d233 Mon Sep 17 00:00:00 2001
From: derped <derped@ophanim.de>
Date: Tue, 26 Feb 2019 14:10:58 +0100
Subject: [PATCH] Added mailserver submodule; OpenSSH now logs sftp access.

---
 .gitmodules          | 3 +++
 services/mailserver  | 1 +
 services/openssh.nix | 4 ++++
 3 files changed, 8 insertions(+)
 create mode 100644 .gitmodules
 create mode 160000 services/mailserver

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..4f9ebe1
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "services/mailserver"]
+	path = services/mailserver
+	url = ssh://git@git.ophanim.de/derped/nixos-mailserver.git
diff --git a/services/mailserver b/services/mailserver
new file mode 160000
index 0000000..2c59de8
--- /dev/null
+++ b/services/mailserver
@@ -0,0 +1 @@
+Subproject commit 2c59de8dcba6ec7ca386391cb139b06e40450bdd
diff --git a/services/openssh.nix b/services/openssh.nix
index 013a638..205b146 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -1,8 +1,12 @@
 { config, lib, pkgs, ... }:
 
+# For reference:
+# https://infosec.mozilla.org/guidelines/openssh.html
+# https://stribika.github.io/2015/01/04/secure-secure-shell.html
 {
   services.openssh = {
     enable = true;
+    sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
     startWhenNeeded = true;
     challengeResponseAuthentication = false;
     passwordAuthentication = false;