diff --git a/configuration.nix b/configuration.nix
index 95cfecd..2180ef1 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,6 +2,7 @@
   imports = [
     ./services/openssh.nix
     ./services/forgejo.nix
+    ./services/vaultwarden.nix
     ./services/misc.nix
 
     ./modules/git.nix
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index 6eeb07a..f7ebc6e 100755
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,19 +1,23 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
 
-  swapDevices = [ ];
+  swapDevices = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/modules/networking.nix b/modules/networking.nix
index 3aa0636..e2bb0a8 100755
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,19 +1,21 @@
-{ hostname ? "server" }: { ... }: {
+{hostname ? "server"}: {...}: {
   networking.hostName = hostname;
   networking.hostId = "2ead098f";
   networking.networkmanager.enable = true;
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ ];
+    allowedTCPPorts = [];
+    allowedUDPPorts = [];
   };
 
   # Static ip
   networking.interfaces.enp2s0 = {
-    ipv4.addresses = [{
-      address = "10.0.201.83";
-      prefixLength = 24;
-    }];
+    ipv4.addresses = [
+      {
+        address = "10.0.201.83";
+        prefixLength = 24;
+      }
+    ];
   };
   networking.defaultGateway = {
     address = "10.0.201.1";
diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix
new file mode 100644
index 0000000..0cbab52
--- /dev/null
+++ b/services/vaultwarden.nix
@@ -0,0 +1,34 @@
+{...}: let
+  host = "127.0.0.1";
+  port = 8222;
+in {
+  services.vaultwarden = {
+    enable = true;
+
+    config = {
+      DOMAIN = "https://bitwarden.spoodythe.one";
+      SIGNUPS_ALLOWED = false;
+
+      ROCKET_ADDRESS = host;
+      ROCKET_PORT = port;
+      ROCKET_LOG = "critical";
+
+      SMTP_HOST = host;
+      SMTP_PORT = 25;
+      SMTP_SSL = false;
+
+      SMTP_FROM = "admin@bitwarden.spoodythe.one";
+      SMTP_FROM_NAME = "SpoodyThe.One Bitwarden Server";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [port];
+  networking.firewall.allowedUDPPorts = [port];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts."bitwarden.spoodythe.one".extraConfig = ''
+      reverse_proxy * ${host}:${toString port}
+    '';
+  };
+}