diff --git a/tasks/main.yml b/tasks/main.yml
index 167347c..010631d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -50,7 +50,52 @@
         ##     configSecretKey: shared.yaml
         ##
         ## Most settings are configurable but some settings are owned by the chart and can't overwritten
-        additional: {}
+        additional:
+          email:
+            from: '"Matrix Authentication Service" <matrix-authentication-service@eom.dev>'
+            reply_to: '"No reply" <no-reply@eom.dev>'
+            transport: smtp
+            mode: tls
+            hostname: postfix.eom.dev
+            port: 587
+            username: matrix-authentication-service
+            password: "{{ matrix_auth_service_admin_password }}"
+          upstream_oauth2:
+            providers:
+              - id: 01JG22H4F0G8PYCZ5HVTQVHBC4
+                issuer: https://google.com/
+                client_id: "{{ matrix_google_oidc_client_id }}"
+                client_secret: "{{ matrix_google_oidc_client_secret }}"
+                token_endpoint_auth_method: client_secret_basic
+                discovery_mode: oidc
+                claims_imports:
+                  subject:
+                    template: "{{ '{{ user.sub }}' | quote }}"
+
+                  # -- The localpart is the local part of the user's Matrix ID.
+                  # For example, on the `example.com` server, if the localpart is `alice`,
+                  #  the user's Matrix ID will be `@alice:example.com`.
+                  localpart:
+                    action: require
+                    template: "{{ '{{ user.preferred_username }}' | quote }}"
+
+                  # -- The display name is the user's display name.
+                  displayname:
+                    action: suggest
+                    template: "{{ '{{ user.name }}' | quote }}"
+
+                  # -- An email address to import.
+                  email:
+                    action: suggest
+                    template: "{{ '{{ user.email }}' | quote }}"
+                    # -- Whether the email address must be marked as verified.
+                    # Possible values are:
+                    #  - `import`: mark the email address as verified if the upstream provider
+                    #     has marked it as verified, using the `email_verified` claim.
+                    #     This is the default.
+                    #   - `always`: mark the email address as verified
+                    #   - `never`: mark the email address as not verified
+                    set_email_verification: import
         ingress:
           host: mas.eom.dev
       postgres:
@@ -96,3 +141,11 @@
         signingKey: {}
         ingress:
           host: synapse.eom.dev
+        custom-config:
+          config: |
+            smtp_host: postfix.eom.dev
+            smtp_port: 587
+            smtp_user: synapse
+            smtp_pass: {{ synapse_admin_password }}
+            client_base_url: https://element.eom.dev/
+