diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
new file mode 100644
index 0000000..38a2192
--- /dev/null
+++ b/modules/services/vaultwarden.nix
@@ -0,0 +1,34 @@
+{ config, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "sqlite";
+    config = {
+      SIGNUPS_ALLOWED = false;
+      ENABLE_WEBSOCKET = true;
+      SENDS_ALLOWED = true;
+      INVITATIONS_ENABLED = true;
+      EMERGENCY_ACCESS_ALLOWED = true;
+      EMAIL_ACCESS_ALLOWED = true;
+      DOMAIN = "https://passwords.liv.town";
+      ROCKET_ADDRESS = "0.0.0.0";
+      ROCKET_PORT = 8003;
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "passwords.liv.town" = {
+        forceSSL = true;
+        sslCertificate = "/var/lib/acme/liv.town/cert.pem";
+        sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}