diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix
index ea5f988..b9527af 100644
--- a/modules/services/forgejo/default.nix
+++ b/modules/services/forgejo/default.nix
@@ -61,6 +61,11 @@ in {
 
   config = mkMerge [
     (mkIf cfg.enable {
+      age.secrets.forgejoSendgridKey = {
+        file = ../../../secrets/sendgrid-key.age;
+        owner = "forgejo";
+        group = "forgejo";
+      };
       services.forgejo = {
         enable = true;
         package = pkgs.unstable.forgejo;
@@ -83,6 +88,15 @@ in {
         settings.oauth2_client = {
           ENABLE_AUTO_REGISTRATION = true;
         };
+        settings.mailer = {
+          ENABLED = true;
+          FROM = "forgejo@michaelt.xyz";
+          PROTOCOL = "starttls";
+          SMTP_ADDR = "smtp.sendgrid.net";
+          SMTP_PORT = 587;
+          USER = "apikey";
+        };
+        mailerPasswordFile = config.age.secrets.forgejoSendgridKey.path;
       };
 
       networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 2f1fe02..b441023 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,6 +7,7 @@ in {
   "wireguard-thinkcentre.age".publicKeys = [venus];
   "keycloak-db.age".publicKeys = [venus];
   "forgejo-actions.age".publicKeys = [venus];
+  "sendgrid-key.age".publicKeys = [venus];
 
   # Oracle
   "wireguard-oracle.age".publicKeys = [oracle];
diff --git a/secrets/sendgrid-key.age b/secrets/sendgrid-key.age
new file mode 100644
index 0000000..a9660a1
Binary files /dev/null and b/secrets/sendgrid-key.age differ