diff --git a/hosts/nuc/modules/vaultwarden/default.nix b/hosts/nuc/modules/vaultwarden/default.nix
new file mode 100644
index 0000000..5a8ab41
--- /dev/null
+++ b/hosts/nuc/modules/vaultwarden/default.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+let
+  domain = "vault.rfive.de";
+in
+{
+  config.sops.secrets."vaultwarden/env" = { };
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    environmentFile = config.sops.secrets."vaultwarden/env".path;
+    config = {
+      domain = domain;
+      signupsAllowed = false;
+      rocketPort = 8000;
+    };
+    services.nginx.virtualHosts."bitwarden.example.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+      };
+    };
+  };
+}
diff --git a/secrets/nuc.yaml b/secrets/nuc.yaml
index cd8da69..00154c1 100644
--- a/secrets/nuc.yaml
+++ b/secrets/nuc.yaml
@@ -1,6 +1,8 @@
 nextcloud:
     dbpass: ENC[AES256_GCM,data:M8NrNlTJe9r5qUyGcSod5qGGRsJu18Ppng==,iv:YHjImCZEbJGC8Mj278Iz6ETMmCs3k+IZsCACI27bMM8=,tag:+nvMxCj8YxMIIbLoosxsvg==,type:str]
     adminpass: ENC[AES256_GCM,data:w4gkgC0wnBh2NLjKz58JBg+FU7hLLkuaJQ==,iv:5FOBhbngHccVY9WxyjC1x93vXzHlBFsF06+oVTC1vl8=,tag:8sLPIBl2/QJTk134OEtAfw==,type:str]
+vaultwarden:
+    env: ENC[AES256_GCM,data:d/FTv/6O/r4HSaMBPnr6oU/VcGYzS658hP2koM1pm/Pg/oxIbw1xi7PlSb97DQprvGy/zh/M5wqWqCGzS5Dwk0TIy5NAvuzAAXYMvvQSJfOhwRnRR7KVoaTCZi7CQHWOvjp1d/N3zKcj1KD6,iv:nR0YUQ/2ZpzwZD22XLH4BiwzTU7LTAymK4lWkT05MXo=,tag:b65zfcY9N/mOn1CS/vr/DA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +18,8 @@ sops:
             cWdNRzdhOUdheFdaWlNNTG4rUFlaVlUKs+/IYY3/2n60+QbVkXZu9Sp57jh+7ncA
             DqrjJGBo9MNXfSS7qJ+p7dVksA2kxCNwvKV7y/zbvtXKGusvs+Qe/A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-24T10:56:15Z"
-    mac: ENC[AES256_GCM,data:kpueAVFABUAZ6GO5NmNtTBWcxQ6SH1whTVueF5oxQFA+BxFY+J3fUBnxRk1oAlR1VEmevqtHmMYbp9U5pu17j9M7ZJ5fZZMxunB9tr3oSPDYHLgmIENaVoh1O9F/+MDA/6AamqhVlvq16Ltb/uHR7sSmR6GAh+tKEJLb7ivyPis=,iv:pN6B7GV+J+T0ZENKpH5UtWwzkjLNJkJ3hliqrcX8oBw=,tag:9Z6ujfpGu3pDcDUHnoXi3A==,type:str]
+    lastmodified: "2023-01-25T12:43:55Z"
+    mac: ENC[AES256_GCM,data:CkV8vnwa+XBjCHDerxaGZOlU5Gexc+FjH5zetoASZPR3ojef3hwV+dEfAqFq09wUPaCzCHN7azU70QBDL8Z1CO4pJHzc/pJhKadEfwICgnEuH/YwqE0xChMrrdIWkd5pR1wxi6TbuVPizqN0PxAo10vtO3sdSFymMQ1exSKQo/8=,iv:cbe21CftPlwKn+Sim3wPLFrZM8S5Cj8u2x/yh5VyCr4=,tag:hOc/ynnFNRmDp0oj6/QF8w==,type:str]
     pgp:
         - created_at: "2023-01-24T10:54:00Z"
           enc: |-