diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
new file mode 100644
index 0000000..66ab761
--- /dev/null
+++ b/modules/vaultwarden.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, unstable, ... }:
+
+let
+  dn = "vault.tfcconnection.org";
+in
+with lib;
+{
+  services = {
+    vaultwarden = {
+      config = {
+        DOMAIN = "https://${dn}";
+        SIGNUPS_ALLOWED = false;
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = 8222;
+
+        ROCKET_LOG = "critical";
+
+        SMTP_HOST = "127.0.0.1";
+        SMTP_PORT = 25;
+        SMTP_SSL = false;
+
+        SMTP_FROM = "no-reply@mail.tfcconnection.org";
+        SMTP_FROM_NAME = "TFC ADMIN Bitwarden";
+      };
+
+    };
+    nginx.virtualHosts.${dn} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+    };
+  };
+}