diff --git a/configs/services/vikunja.nix b/configs/services/vikunja.nix
index 14f76c6..47f3eed 100644
--- a/configs/services/vikunja.nix
+++ b/configs/services/vikunja.nix
@@ -6,6 +6,19 @@ let
   dbport = 5432;
 in
 {
+
+  # set up email passwd
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = {
+      mail_passwd.sopsFile = ../../secrets/vikunja/secrets.yaml;
+    };
+
+    templates."mail_passwd".content = ''
+      VIKUNJA_MAILER_PASSWORD=${config.sops.placeholder.mail_passwd}
+    '';
+  };
+
   services = {
     vikunja = {
       enable = true;
@@ -18,9 +31,18 @@ in
           timezone = "Europe/Berlin";
           sentry = false;
         };
+        # mail settings
+        # TODO: BROKEN
+        mailer = {
+          enabled = true;
+          host = "mail.cdaut.de";
+          port = 587;
+          authtype = "plain";
+          username = "vikunja@cdaut.de";
+          fromemail = "vikunja@cdaut.de";
+        };
         redis = {
           enabled = true;
-
         };
       };
       database = {
@@ -29,6 +51,7 @@ in
         host = "localhost";
         database = dbname;
       };
+      environmentFiles = [ config.sops.templates."mail_passwd".path ];
     };
 
     postgresql = {
diff --git a/secrets/vikunja/secrets.yaml b/secrets/vikunja/secrets.yaml
index fdf51f0..bae82a5 100644
--- a/secrets/vikunja/secrets.yaml
+++ b/secrets/vikunja/secrets.yaml
@@ -1,4 +1,4 @@
-db_pass: ENC[AES256_GCM,data:nFca+ylk589nh9xm0mZiptAJf9xYyyI2wX33NYJx57POxg==,iv:qChMVSnmzrVr/R6ija5FLzdVWjZT9LWuSd1fp1703uk=,tag:nRyGofS8G6o06jvTb5cOZA==,type:str]
+mail_passwd: ENC[AES256_GCM,data:pnX5t2XiU2P/4xHoeA+MFH3JskuiHQwC144fD+y8y3UEXVtWRg6PJdmgMskrWzgxQiZYswXR1KHPAtulSC0hsQ==,iv:MCd9hJebifpndRth6E/DanaguDtx3Y5J4Is5/NdD+oY=,tag:19I8oHQiCJfuRju5LNc5Dg==,type:str]
 sops:
     age:
         - recipient: age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc
@@ -10,8 +10,8 @@ sops:
             WWVwMzNPaFByK0dxblZEOW1vTmp2bXcKgVF7xqVYLfl6BY7RrJL5u1TRdsWCkF1v
             akgi7MF5vUyP5Yii2v3uL2Uv5Xi2P/swDH7KGCz6NjWHgNu8/kcYig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-08T22:35:52Z"
-    mac: ENC[AES256_GCM,data:CsTqsm6AJuGaNnJvnF+VF609lOibXn5KWNz6JGwmpZu+cewXsd/ijTEoSY5kVJ1yCMPauJpfgS0PUUzdBliWB16a4TLttnGNIyxFAjIQdOg/VyI+ECGr5X9tRSIGbEPGbdj4P9NvgctPGGBFfPbR+hkY3p983Wb+LFihxt1nKD4=,iv:9n1g9vNA+Q5iQwGjt7kYzhLEZeAx1mHZzM3HPFEYMa4=,tag:yzhomTsbfRloMdkqik7M1w==,type:str]
+    lastmodified: "2025-08-20T19:54:52Z"
+    mac: ENC[AES256_GCM,data:gI3/YU8Fv00+MgQSaQ6tlyM0O8UtAyTI4gDz9qbTYApiqFZIW7wdRmzCROeN+3oOg3HYjtTUdDBKQGDQ0A4GbRgtbDd81G7xtLZoI2MR27Eysqssu+7TftdQvC+1lpxxravbylftOyl3uBYtpChhgzrjMoyae7MlQWaljTTB4jg=,iv:/DEGhTxkgYmrg7uXVTE2FanuXJV0kH83XKLNPNi5XuI=,tag:j890XXLLOQRScUbknE1ztQ==,type:str]
     pgp:
         - created_at: "2025-08-08T22:35:08Z"
           enc: |-