diff --git a/services/jenkins/deployment.yaml b/services/jenkins/deployment.yaml
index 4492579..b5b3de6 100644
--- a/services/jenkins/deployment.yaml
+++ b/services/jenkins/deployment.yaml
@@ -40,8 +40,9 @@ spec:
           {{ end }}
           {{ with secret "kv/data/atlas/jenkins/webhook-tokens" }}
           TITAN_IAC_WEBHOOK_TOKEN={{ .Data.data.titan_iac_quality_gate }}
+          GIT_NOTIFY_TOKEN_BSTEIN_DEV_HOME={{ .Data.data.git_notify_bstein_dev_home }}
           {{ end }}
-        bstein.dev/restarted-at: "2026-01-20T14:35:00Z"
+        bstein.dev/restarted-at: "2026-01-20T14:52:41Z"
     spec:
       serviceAccountName: jenkins
       nodeSelector:
diff --git a/services/jenkins/kustomization.yaml b/services/jenkins/kustomization.yaml
index acb6fb4..0a03f5b 100644
--- a/services/jenkins/kustomization.yaml
+++ b/services/jenkins/kustomization.yaml
@@ -16,6 +16,7 @@ configMapGenerator:
   - name: jenkins-init-scripts
     namespace: jenkins
     files:
+      - git-notify-token.groovy=scripts/git-notify-token.groovy
       - theme.groovy=scripts/theme.groovy
     options:
       disableNameSuffixHash: true
diff --git a/services/jenkins/scripts/git-notify-token.groovy b/services/jenkins/scripts/git-notify-token.groovy
new file mode 100644
index 0000000..336c918
--- /dev/null
+++ b/services/jenkins/scripts/git-notify-token.groovy
@@ -0,0 +1,41 @@
+import hudson.plugins.git.ApiTokenPropertyConfiguration
+import hudson.Util
+import java.nio.charset.StandardCharsets
+import java.security.MessageDigest
+
+
+def entries = [
+  [env: 'GIT_NOTIFY_TOKEN_BSTEIN_DEV_HOME', name: 'gitea-bstein-dev-home'],
+]
+
+entries.each { entry ->
+  def token = System.getenv(entry.env)
+  if (!token || token.trim().isEmpty()) {
+    println("Git notifyCommit token ${entry.env} missing; skipping")
+    return
+  }
+
+  try {
+    def config = ApiTokenPropertyConfiguration.get()
+    if (config.hasMatchingApiToken(token)) {
+      println("Git notifyCommit token ${entry.name} already configured")
+      return
+    }
+
+    def digest = MessageDigest.getInstance("SHA-256")
+    def hash = Util.toHexString(digest.digest(token.getBytes(StandardCharsets.US_ASCII)))
+
+    def field = ApiTokenPropertyConfiguration.class.getDeclaredField("apiTokens")
+    field.setAccessible(true)
+    def tokens = field.get(config)
+
+    def ctor = ApiTokenPropertyConfiguration.HashedApiToken.class.getDeclaredConstructor(String.class, String.class)
+    ctor.setAccessible(true)
+    tokens.add(ctor.newInstance(entry.name, hash))
+    config.save()
+
+    println("Added git notifyCommit access token ${entry.name}")
+  } catch (Throwable e) {
+    println("Failed to configure git notifyCommit token ${entry.name}: ${e.class.simpleName}: ${e.message}")
+  }
+}
diff --git a/services/jenkins/scripts/theme.groovy b/services/jenkins/scripts/theme.groovy
index cf171f7..5950bf4 100644
--- a/services/jenkins/scripts/theme.groovy
+++ b/services/jenkins/scripts/theme.groovy
@@ -8,7 +8,6 @@ if (decorators?.size() > 0) {
   def theme = decorators[0]
   theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css")
   theme.setJsUrl("")
-  theme.setTheme("")
   instance.save()
   println("Applied simple-theme-plugin dark theme")
 } else {