diff --git a/nginx.nix b/nginx.nix
index b7ca94b..b84a3a4 100755
--- a/nginx.nix
+++ b/nginx.nix
@@ -1,4 +1,5 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
+
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
@@ -15,10 +16,10 @@ let
   bazarrPort = 6767;
   sonarrPort = 8989;
   prowlarrPort = 9696;
-  vaultPort = 9666;
   searxPort = 8080;
   kavitaPort = 5000;
   nextcloudPort = 80;
+  vaultPort = config.services.vaultwarden.config.ROCKET_PORT;
 in {
   services.nginx = {
     enable = true;
diff --git a/servers.nix b/servers.nix
index 6ef31c3..c362e46 100644
--- a/servers.nix
+++ b/servers.nix
@@ -46,16 +46,36 @@ in {
       group = "piracy";
     };
   in {
+    sonarr = base // { package = unstable.pkgs.sonarr; };
+    radarr = base // { package = unstable.pkgs.radarr; };
+    bazarr = base // { };
+    jellyfin = base // { };
     prowlarr.enable = true;
+    vaultwarden = {
+      enable = true;
+      dbBackend = "postgresql";
+      package = unstable.pkgs.vaultwarden;
+      config = {
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_PORT = 8222;
+        WEBSOCKET_PORT = 8333;
+        ADMIN_TOKEN =
+          "x9BLqz2QmnU5RmrMLt2kPpoPBTNPZxNFw/b8XrPgpQML2/01+MYENl87dmhDX+Jm";
+        DATABASE_URL =
+          "postgresql://vaultwarden:sopacerias@127.0.0.1:5432/vaultwarden";
+        ENABLE_DB_WAL = false;
+        WEBSOCKET_ENABLED = true;
+        SHOW_PASSWORD_HINT = false;
+        SIGNUPS_ALLOWED = false;
+        EXTENDED_LOGGING = true;
+        LOG_LEVEL = "warn";
+      };
+    };
     kavita = {
       enable = true;
       tokenKeyFile = "${pkgs.writeText "kavitaToken"
         "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
     };
-    sonarr = base // { package = unstable.pkgs.sonarr; };
-    radarr = base // { package = unstable.pkgs.radarr; };
-    bazarr = base // { };
-    jellyfin = base // { };
     nextcloud = {
       enable = true;
       https = true;
@@ -116,7 +136,7 @@ in {
     };
     postgresql = {
       enable = true;
-      ensureDatabases = [ "paperless" "nextcloud" "mealie" ];
+      ensureDatabases = [ "paperless" "nextcloud" "mealie" "vaultwarden" ];
       ensureUsers = [
         {
           name = "nextcloud";
@@ -130,6 +150,10 @@ in {
           name = "mealie";
           ensurePermissions = { "DATABASE mealie" = "ALL PRIVILEGES"; };
         }
+        {
+          name = "vaultwarden";
+          ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; };
+        }
       ];
       authentication = pkgs.lib.mkOverride 10 ''
         local all all              trust
@@ -138,6 +162,7 @@ in {
       '';
     };
   };
+  environment.systemPackages = with pkgs; [ docker-compose ];
   virtualisation.docker = {
     enable = true;
     storageDriver = "btrfs";