diff --git a/nixos/modules/services/web-apps/lemmy.md b/nixos/modules/services/web-apps/lemmy.md
index e6599cd843e3..faafe096d138 100644
--- a/nixos/modules/services/web-apps/lemmy.md
+++ b/nixos/modules/services/web-apps/lemmy.md
@@ -13,13 +13,10 @@ services.lemmy = {
     hostname = "lemmy.union.rocks";
     database.createLocally = true;
   };
-  jwtSecretPath = "/run/secrets/lemmyJwt";
   caddy.enable = true;
 }
 ```
 
-(note that you can use something like agenix to get your secret jwt to the specified path)
-
 this will start the backend on port 8536 and the frontend on port 1234.
 It will expose your instance with a caddy reverse proxy to the hostname you've provided.
 Postgres will be initialized on that same instance automatically.
diff --git a/nixos/modules/services/web-apps/lemmy.nix b/nixos/modules/services/web-apps/lemmy.nix
index 1f2168b2a4c6..1945c8291433 100644
--- a/nixos/modules/services/web-apps/lemmy.nix
+++ b/nixos/modules/services/web-apps/lemmy.nix
@@ -10,15 +10,14 @@ in
   # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml`
   meta.doc = ./lemmy.xml;
 
+  imports = [
+    (mkRemovedOptionModule [ "services" "lemmy" "jwtSecretPath" ] "As of v0.13.0, Lemmy auto-generates the JWT secret.")
+  ];
+
   options.services.lemmy = {
 
     enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust");
 
-    jwtSecretPath = mkOption {
-      type = types.path;
-      description = lib.mdDoc "Path to read the jwt secret from.";
-    };
-
     ui = {
       port = mkOption {
         type = types.port;
@@ -168,18 +167,14 @@ in
 
         requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ];
 
-        # script is needed here since loadcredential is not accessible on ExecPreStart
         script = ''
           ${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson
-          jwtSecret="$(< $CREDENTIALS_DIRECTORY/jwt_secret )"
-          ${pkgs.jq}/bin/jq ".jwt_secret = \"$jwtSecret\"" /run/lemmy/config.hjson | ${pkgs.moreutils}/bin/sponge /run/lemmy/config.hjson
           ${pkgs.lemmy-server}/bin/lemmy_server
         '';
 
         serviceConfig = {
           DynamicUser = true;
           RuntimeDirectory = "lemmy";
-          LoadCredential = "jwt_secret:${cfg.jwtSecretPath}";
         };
       };
 
diff --git a/nixos/modules/services/web-apps/lemmy.xml b/nixos/modules/services/web-apps/lemmy.xml
index 0be9fb8aefa9..f04316b3c515 100644
--- a/nixos/modules/services/web-apps/lemmy.xml
+++ b/nixos/modules/services/web-apps/lemmy.xml
@@ -8,21 +8,16 @@
     <para>
       the minimum to start lemmy is
     </para>
-    <programlisting language="bash">
+    <programlisting language="nix">
 services.lemmy = {
   enable = true;
   settings = {
     hostname = &quot;lemmy.union.rocks&quot;;
     database.createLocally = true;
   };
-  jwtSecretPath = &quot;/run/secrets/lemmyJwt&quot;;
   caddy.enable = true;
 }
 </programlisting>
-    <para>
-      (note that you can use something like agenix to get your secret
-      jwt to the specified path)
-    </para>
     <para>
       this will start the backend on port 8536 and the frontend on port
       1234. It will expose your instance with a caddy reverse proxy to
diff --git a/nixos/tests/lemmy.nix b/nixos/tests/lemmy.nix
index 543bd2ce57a5..a317b4cf15ba 100644
--- a/nixos/tests/lemmy.nix
+++ b/nixos/tests/lemmy.nix
@@ -14,10 +14,6 @@ in
     "${lemmyNodeName}" = {
       services.lemmy = {
         enable = true;
-        jwtSecretPath = pkgs.writeTextFile {
-          name = "lemmy-secret";
-          text = "very-secret-password123";
-        };
         ui.port = uiPort;
         settings = {
           hostname = "http://${lemmyNodeName}";