diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index ea8f0f5ad..46e0a3981 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -18,6 +18,7 @@ in lib.fix(self: {
     ../modules/depot.nix
     ../modules/hound.nix
     ../modules/monorepo-gerrit.nix
+    ../modules/smtprelay.nix
     ../modules/tvl-slapd/default.nix
     "${pkgs.nixpkgsSrc}/nixos/modules/services/web-apps/gerrit.nix"
   ];
@@ -277,6 +278,17 @@ in lib.fix(self: {
     };
   };
 
+  # Start a local SMTP relay to Gmail (used by gerrit)
+  services.depot.smtprelay = {
+    enable = true;
+    args = {
+      listen = ":2525";
+      remote_host = "smtp.gmail.com:587";
+      remote_auth = "plain";
+      remote_user = "tvlbot@tazj.in";
+    };
+  };
+
   # serve my website(s)
   services.nginx = {
     enable = true;
diff --git a/ops/nixos/modules/smtprelay.nix b/ops/nixos/modules/smtprelay.nix
new file mode 100644
index 000000000..ca960f519
--- /dev/null
+++ b/ops/nixos/modules/smtprelay.nix
@@ -0,0 +1,52 @@
+# NixOS module for configuring the simple SMTP relay.
+{ pkgs, config, lib, ... }:
+
+let
+  inherit (builtins) attrValues mapAttrs;
+  inherit (lib)
+    concatStringsSep
+    mkEnableOption
+    mkOption
+    types
+;
+
+  cfg = config.services.depot.smtprelay;
+  description = "Simple SMTP relay";
+
+  # Configuration values that are always overridden. In particular,
+  # `config` is specified to always load $StateDirectory/secure.config
+  # (so that passwords can be loaded from there) and logging is pinned
+  # to stdout for journald compatibility.
+  overrideArgs = {
+    logfile = "";
+    config = "/var/lib/smtprelay/secure.config";
+  };
+
+  # Creates the command line argument string for the service.
+  prepareArgs = args:
+    concatStringsSep " "
+      (attrValues (mapAttrs (key: value: "-${key} '${toString value}'")
+                            (args // overrideArgs)));
+in {
+  options.services.depot.smtprelay = {
+    enable = mkEnableOption description;
+    args = mkOption {
+      type = types.attrsOf types.str;
+      description = "Key value pairs for command line arguments";
+    };
+  };
+
+  config = {
+    systemd.services.smtprelay = {
+      inherit description;
+      script = "${config.depot.third_party.smtprelay}/bin/smtprelay ${prepareArgs cfg.args}";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Restart = "always";
+        StateDirectory = "smtprelay";
+        DynamicUser = true;
+      };
+    };
+  };
+}
diff --git a/third_party/smtprelay/default.nix b/third_party/smtprelay/default.nix
new file mode 100644
index 000000000..6a8b063a5
--- /dev/null
+++ b/third_party/smtprelay/default.nix
@@ -0,0 +1,20 @@
+# A simple SMTP relay without the kitchen sink.
+{ pkgs, lib, ... }:
+
+pkgs.buildGoModule {
+  name = "smtprelay";
+  vendorSha256 = "0kv9cv2jca2r90qsf40qmqpw84kgxvbxlf39bfw8rvs2lnmqc2dg";
+
+  src = pkgs.fetchFromGitHub {
+    owner = "decke";
+    repo = "smtprelay";
+    rev = "ed1c3a98889e752291aaca6c64149e48452d0583";
+    sha256 = "16q2d2ja2cipjvsnfxmdzixkg85sh15rh9r95w6bw2r1gjqr65hr";
+  };
+
+  meta = with lib; {
+    description = "Simple Golang SMTP relay/proxy server";
+    homepage = https://github.com/decke/smtprelay;
+    license = licenses.mit;
+  };
+}