diff --git a/clan/network.nix b/clan/network.nix
index b89e878..8c9e3d0 100644
--- a/clan/network.nix
+++ b/clan/network.nix
@@ -66,6 +66,7 @@
       ip = "fd28:387a:90:c400::1";
       services = [
         "ca"
+        "vaultwarden"
       ];
     };
 
diff --git a/machines/verbena/configuration.nix b/machines/verbena/configuration.nix
index 3cafaa5..990a3bd 100644
--- a/machines/verbena/configuration.nix
+++ b/machines/verbena/configuration.nix
@@ -4,6 +4,7 @@
     self.nixosModules.nix-defaults
     self.nixosModules.nextcloud
     self.nixosModules.gitea
+    self.nixosModules.vaultwarden
 
     self.inputs.srvos.nixosModules.server
 
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
new file mode 100644
index 0000000..4ae455f
--- /dev/null
+++ b/modules/vaultwarden.nix
@@ -0,0 +1,18 @@
+{
+  config,
+  ...
+}:
+{
+  services.vaultwarden = {
+    enable = true;
+    domain = "vaultwarden.val";
+    configureNginx = true;
+  };
+
+  services.nginx.virtualHosts.${config.services.vaultwarden.domain} = {
+    enableACME = true;
+  };
+
+  security.acme.certs.${config.services.vaultwarden.domain}.server =
+    "https://ca.val/acme/acme/directory";
+}