diff --git a/modules/forgejo/config.nix b/modules/forgejo/config.nix
index 7f49f33..133ad38 100644
--- a/modules/forgejo/config.nix
+++ b/modules/forgejo/config.nix
@@ -7,11 +7,18 @@
   "repository.pull-request".DEFAULT_MERGE_STYLE = "merge";
   "repository.signing".DEFAULT_TRUST_MODEL = "committer";
   ui.DEFAULT_THEME = "forgejo-light";
+
   oauth2 = {
-    ENABLED = false;
+    ENABLED = true;
     JWT_SECRET = "ref+sops://secrets.yml#/forgejo/jwtSecret";
   };
 
+  oauth2_client = {
+    ENABLE_AUTO_REGISTRATION = true;
+    ACCOUNT_LINKING = "auto";
+    USERNAME = "email";
+  };
+
   DEFAULT = {
     APP_NAME = "Forgejo: Beyond coding. We forge.";
     RUN_MODE = "prod";
@@ -85,11 +92,11 @@
   };
 
   service = {
-    DISABLE_REGISTRATION = true;
+    DISABLE_REGISTRATION = false;
     REQUIRE_SIGNIN_VIEW = false;
     REGISTER_EMAIL_CONFIRM = false;
     ENABLE_NOTIFY_MAIL = false;
-    ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
+    ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
     ENABLE_CAPTCHA = false;
     DEFAULT_KEEP_EMAIL_PRIVATE = true;
     DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
@@ -98,7 +105,7 @@
   };
 
   openid = {
-    ENABLE_OPENID_SIGNIN = true;
+    ENABLE_OPENID_SIGNIN = false;
     ENABLE_OPENID_SIGNUP = false;
   };
 }
diff --git a/secrets.yml b/secrets.yml
index 194cd09..55b771f 100644
--- a/secrets.yml
+++ b/secrets.yml
@@ -44,6 +44,8 @@ authentik:
             client_secret: ENC[AES256_GCM,data:hdNQzatO6Pf6mxvfO4h1XrhycKMBUHElEwacGttzByi4JDbIndAwYc2GXdwUmytPMYs/s+lVjcdHhspUFWS01DETWQfnWm/GN73GzW18uj3XyRXqt62HhMf18GvRlOWkGX+jYpUTGGoonYes2xijhD/mNCjxKk5Q+6FVFT2mdJ4=,iv:pScEX6YnoU7HelxmCes8A9vJjPdvFbqbclHYMme8OOE=,tag:FURxphI8IDMvOwB4ahD8hg==,type:str]
         paperless-ngx:
             client_secret: ENC[AES256_GCM,data:GgF+gQt8olzKUzGMDL6mh6UWDv49OPDH5tB/gboWkFd7Njc1SrSkqf71gQryOcPQ0vpXrh0nK1z6ZjMpmDEA5ohTwWymeLCgwNtJSAMHZ1VlZ2aQZr70r3KtAxKjmTiT5flUYnxS79fCF43BveSMGeAshRCvQmYCdi43sP2E4To=,iv:DzsIRPiMzxaqVrjaHMVKWgOR0asZQzWf8EE1nxRSJmk=,tag:79bo7EzVq9tvL6ap6jfV+Q==,type:str]
+        forgejo:
+            client_secret: ENC[AES256_GCM,data:I0LBIrsPuARFEcvu0sKhIbkEYxLhZrwpRfPls3KDARu5rnfwgbJ6AVtfMmcAIM9ISFzXykoyMXossHo1i23N90PsHdl2t580EffhJ+q/UUfCIk7/rX/6CXlcb8WHdab4ymN5r9jEsgD3mAWX55IehU96ZKGRKRhxSIowCIYRhyQ=,iv:1wQDGCDhSu0s+IqXULiHmRiKGTLRvOjwsYaNMCWfkjg=,tag:p1mwks0KP9lhbciTIv3/Dw==,type:str]
 smtp2go:
     username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str]
     password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str]
@@ -71,8 +73,8 @@ sops:
             azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
             UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-10T22:06:20Z"
-    mac: ENC[AES256_GCM,data:h0ftLDeqbu/CRzjKJ3XXqFvkIZ3ukUR1nLNnYkqEuZ+91pHgzwY+zrTd17rFtTR6qVWh3i6BNLy7bCG+sHO+V3+573mzOsKkkEsUMp0ldR2MWz/1hpeNKma0gKWFZ8TCyligS6De4eZAStyhmT6sSiV4vYmj5Hh6mzX9DIp5TFI=,iv:353NJukBFAVaAqHzpWxpcmDwAqJVaB26/bXHmyKKzLo=,tag:XtvsmLS7GvRUGeKaTFmmlw==,type:str]
+    lastmodified: "2025-02-11T13:15:47Z"
+    mac: ENC[AES256_GCM,data:IzXlag5LcmeuH43IdsTJ6pflQYr8B4GqQYXtC385E5oqnnYHUVa27zo8XZEmaL6O9ooDOmcq1rtlZaPIMgawbvfbT2r31C9Z4zuAz50ogypOKuAh+/KeKO5an9YqySM/mrFWujpVk+kExurS+BwKvgLGvKxcRrznWgqjVOEPiiE=,iv:7frEopY+a36KGfCW2/obTOym4RV5sutqKXoiszZ+OJY=,tag:w/8c0Xic/zF22qSXyC+j6A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4