diff --git a/machines/auth/lldap.nix b/machines/auth/lldap.nix
index bea3d14..c37c5dd 100644
--- a/machines/auth/lldap.nix
+++ b/machines/auth/lldap.nix
@@ -15,6 +15,10 @@ in {
     "lldap/admin_password".owner = "lldap";
   };
 
+  sops.templates."lldap_config.toml".content = ''
+    LLDAP_SMTP_OPTIONS__PASSWORD=${config.sops.placeholder."lldap/admin_password"}
+  '';
+
   networking.firewall.allowedTCPPorts = [
     cfg.settings.http_port
     cfg.settings.ldap_port
@@ -25,8 +29,11 @@ in {
   services.lldap = {
     enable = true;
     settings = {
+      verbose = true;
       ldap_base_dn = "dc=procopius,dc=dk";
       ldap_user_email = "admin@procopius.dk";
+      http_url = "https://lldap.procopius.dk";
+      enable_password_reset = true;
 
       database_url = "postgresql://lldap@localhost/lldap?host=/run/postgresql";
     };
@@ -34,7 +41,16 @@ in {
       LLDAP_JWT_SECRET_FILE = config.sops.secrets."lldap/jwt_secret".path;
       LLDAP_KEY_SEED_FILE = config.sops.secrets."lldap/key_seed".path;
       LLDAP_LDAP_USER_PASS_FILE = config.sops.secrets."lldap/admin_password".path;
+
+      LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET = "true";
+      LLDAP_SMTP_OPTIONS__SERVER = "mail.procopius.dk";
+      LLDAP_SMTP_OPTIONS__PORT = "465";
+      LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION = "TLS";
+      LLDAP_SMTP_OPTIONS__USER = "admin@procopius.dk";
+      LLDAP_SMTP_OPTIONS__FROM = "LLDAP Admin <admin@procopius.dk>";
+      LLDAP_SMTP_OPTIONS__REPLY_TO = "Do not reply <noreply@procopius.dk>";
     };
+    environmentFile = config.sops.templates."lldap_config.toml".path;
   };
 
   systemd.services.lldap = let