diff --git a/.github/README.coolify.md b/.github/README.coolify.md
index 6410577..ea38587 100644
--- a/.github/README.coolify.md
+++ b/.github/README.coolify.md
@@ -13,10 +13,11 @@ daily; the Coolify-specific patch lives in
 2. On the `ghost` service, set the primary **Domain (FQDN)** to the URL
    you want (e.g. `https://blog.example.com`). Coolify fills in
    `SERVICE_URL_GHOST` automatically and wires Traefik to port 2368.
-3. Set SMTP env vars on the resource: `mail__options__host`,
-   `mail__options__port`, `mail__options__auth__user`,
-   `mail__options__auth__pass`, `mail__from`. Transactional email is
-   required by Ghost for staff invites and password resets.
+3. Fill in the SMTP rows in the **Environment Variables** tab — the
+   keys (`mail__options__host`, `mail__options__port`,
+   `mail__options__auth__user`, `mail__options__auth__pass`, `mail__from`)
+   are pre-listed. Transactional email is required for staff invites and
+   password resets; Ghost will still boot without it, only those flows fail.
 4. **Deploy**. MySQL credentials generate on first boot via
    `SERVICE_USER_MYSQL` / `SERVICE_PASSWORD_MYSQL` / `SERVICE_PASSWORD_MYSQLROOT` —
    you don't enter them manually.
diff --git a/.github/scripts/patch.py b/.github/scripts/patch.py
index 2716564..ce55c0b 100644
--- a/.github/scripts/patch.py
+++ b/.github/scripts/patch.py
@@ -173,6 +173,25 @@ def patch_compose() -> None:
         "activitypub.SERVICE_URL_ACTIVITYPUB_8080",
     )
 
+    # Expose SMTP vars as explicit ${...} refs so Coolify's env scanner
+    # surfaces them in the UI (upstream passes mail via env_file, which
+    # Coolify doesn't scan).
+    c = swap(
+        c,
+        "      tinybird__stats__endpoint: ${TINYBIRD_API_URL:-https://api.tinybird.co}\n"
+        "    volumes:\n",
+        "      tinybird__stats__endpoint: ${TINYBIRD_API_URL:-https://api.tinybird.co}\n"
+        "      mail__transport: ${mail__transport:-SMTP}\n"
+        "      mail__options__host: ${mail__options__host:-}\n"
+        "      mail__options__port: ${mail__options__port:-465}\n"
+        "      mail__options__secure: ${mail__options__secure:-true}\n"
+        "      mail__options__auth__user: ${mail__options__auth__user:-}\n"
+        "      mail__options__auth__pass: ${mail__options__auth__pass:-}\n"
+        "      mail__from: ${mail__from:-}\n"
+        "    volumes:\n",
+        "ghost.mail vars",
+    )
+
     path.write_text(c)
 
 
diff --git a/.github/scripts/test-patch.sh b/.github/scripts/test-patch.sh
index 625a502..848374b 100755
--- a/.github/scripts/test-patch.sh
+++ b/.github/scripts/test-patch.sh
@@ -37,6 +37,14 @@ grep -q 'SERVICE_URL_ACTIVITYPUB_8080: ""' compose.yml
 echo "→ assert Ghost healthcheck injected"
 grep -q 'localhost:2368/ghost/api/admin/site' compose.yml
 
+echo "→ assert mail vars exposed to Coolify UI"
+# shellcheck disable=SC2016  # literal compose ${...} syntax, no shell expansion wanted
+grep -qF 'mail__transport: ${mail__transport:-SMTP}' compose.yml
+# shellcheck disable=SC2016
+grep -qF 'mail__options__host: ${mail__options__host:-}' compose.yml
+# shellcheck disable=SC2016
+grep -qF 'mail__from: ${mail__from:-}' compose.yml
+
 echo "→ assert ADMIN_DOMAIN kept upstream :+ conditional"
 # shellcheck disable=SC2016  # literal compose syntax, no shell expansion wanted
 grep -qF '${ADMIN_DOMAIN:+https://${ADMIN_DOMAIN}}' compose.yml