diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix
index 18ec6cd..778a0b5 100755
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -6,6 +6,7 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./vault.nix
   ];
 
   networking = {
diff --git a/hosts/monolith/vault.nix b/hosts/monolith/vault.nix
new file mode 100644
index 0000000..c717a88
--- /dev/null
+++ b/hosts/monolith/vault.nix
@@ -0,0 +1,20 @@
+{ secrets, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      domain = "https://vault.leaf.ninja";
+      signupsAllowed = false;
+      rocketAddress = "0.0.0.0";
+      rocketPort = 8222;
+      smtpHost = "smtp.migadu.com";
+      smtpFrom = "vaultwarden@leaf.ninja";
+      smtpPort = 587;
+      smtpSecurity = "starttls";
+      smtpUsername = "vaultwarden@leaf.ninja";
+      smtpPassword = secrets.vaultwarden.smtpPassword;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8222 ];
+}
diff --git a/secrets.json b/secrets.json
index 7fb8fce..6ef8747 100755
Binary files a/secrets.json and b/secrets.json differ