diff --git a/machines/Ophanim/options.nix b/machines/Ophanim/options.nix
index 749f4b2..4a0a7f0 100644
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@@ -5,6 +5,7 @@ with lib;
 {
   imports = [ 
     ../../options/machine.nix 
+    ../../options/mailman3/options.nix
   ];
 
   config.machine = rec {
@@ -48,4 +49,22 @@ with lib;
       allowedTCPPortRanges = [];
     };
   };
+  config.services.mailman3 = {
+    enable = true;
+    site_owner = "derped@ophanim.de";
+    database = {
+      type = "mysql";
+      name = "mailman3";
+      user = "mailman3";
+      host = "localhost";
+      port = 3306;
+      passwordFile = "/secret/mailman3_db";
+    };
+    mta = {
+      lmtp_host = "mail.ophanim.de";
+      smtp_host = "mail.ophanim.de";
+      smtp_user = "mailman3";
+      smtp_passFile = "/secret/mailman3_mail";
+    };
+  };
 }
diff --git a/services/gitea.nix b/services/gitea.nix
index 3465832..97ccab8 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -13,7 +13,7 @@ mkIf (elem "gitea" config.machine.services) {
       type = "mysql";
       user = "git";
       name = "gitea";
-      passwordFile = "/secret/gitea";
+      passwordFile = "/secret/gitea_db";
     };
     extraConfig = ''
       [repository]
@@ -31,8 +31,10 @@ mkIf (elem "gitea" config.machine.services) {
   };
 
   users.users.git = {
+    description = "Gitea Service";
     isNormalUser = true;
-    home = "/var/lib/gitea";
+    home = config.services.gitea.stateDir;
     createHome = true;
+    useDefaultShell = true;
   };
 }
diff --git a/services/mailserver.nix b/services/mailserver.nix
index 270685f..48d6b58 100644
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@@ -8,9 +8,12 @@ mkIf (elem "mailserver" config.machine.services) {
     fqdn = "mail.${config.machine.domain}";
     domains = [ config.machine.domain ];
     loginAccounts = {
-        "derped@${config.machine.domain}" = {
-            hashedPassword = (fileContents /secret/derped.mail);
-        };
+      "derped@${config.machine.domain}" = {
+        hashedPassword = (fileContents /secret/derped.mail);
+      };
+      "mailman3@${config.machine.domain}" = {
+        hashedPassword = (fileContents /secret/mailman3.mail);
+      };
     };
     # Use Let's Encrypt certificates. Note that this needs to set up a stripped
     # down nginx and opens port 80.
diff --git a/services/mariaDB.nix b/services/mariaDB.nix
index 3015d85..d3f2a09 100644
--- a/services/mariaDB.nix
+++ b/services/mariaDB.nix
@@ -3,19 +3,23 @@
 with lib;
 
 let
-  giteapwd = if config.services.gitea.enable then (fileContents /secret/gitea) else "";
+  cfg = config.services;
+  mkInitialDatabases = servicename: if (cfg."${servicename}".enable && (cfg."${servicename}".database.type == "mysql")) then
+    let 
+      password = (fileContents "/secret/${servicename}_db");
+      cfg = config.services."${servicename}".database;
+    in {
+      name = cfg.name;
+      schema = pkgs.writeText "${cfg.name}.sql" ''
+        create user if not exists ${cfg.user}@'localhost' identified by ${password};
+        grant all privileges on ${cfg.name}.* to ${cfg.user}@'localhost' identified by ${password};
+      '';
+    } else {};
 in mkIf (elem "mariaDB" config.machine.services) {
   services.mysql = {
     enable = true;
     package = pkgs.mariadb;
-    initialDatabases = if config.services.gitea.enable then [ {
-      name = "gitea";
-      schema = pkgs.writeText "gitea.sql"
-      ''
-        create user if not exists 'git'@'localhost' identified by ${giteapwd};
-        grant all privileges on gitea.* to 'git'@'localhost' identified by ${giteapwd};
-      '';
-    } ] else [];
+    initialDatabases = (map mkInitialDatabases [ "mailman3" "gitea" ]);
   };
 }