diff --git a/hosts/hosting-01/default.nix b/hosts/hosting-01/default.nix
index b1e0a7c..1612e68 100644
--- a/hosts/hosting-01/default.nix
+++ b/hosts/hosting-01/default.nix
@@ -156,6 +156,28 @@ in
     };
   };
 
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    config = {
+      DOMAIN = "bitwarden.kinkystar.com";
+    };
+    environmentFile = config.sops.secrets.vaultwarden.path;
+  };
+
+  sops.secrets.vaultwarden = {
+    owner = "root";
+    sopsFile = ./secrets.yaml;
+  };
+
+  services.nginx.virtualHosts."bitwarden.kinkystar.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+    };
+  };
+
   security.acme.defaults.email = "landervandenbulcke@gmail.com";
   security.acme.acceptTerms = true;
 
diff --git a/hosts/hosting-01/secrets.yaml b/hosts/hosting-01/secrets.yaml
index 621ed98..6a2a910 100644
--- a/hosts/hosting-01/secrets.yaml
+++ b/hosts/hosting-01/secrets.yaml
@@ -20,6 +20,7 @@ forgejo:
     mailer-password: ENC[AES256_GCM,data:sO8Tt1Smwcr8hME/zYs118DiUfbcmhKnT2FCyjyUZfId4cHfjvxHuqZIHvBSlec27sbCmxRBHeCJ3Can6IFCAA==,iv:kPmW6oFCRBEzKScpFrW3Z0xhFCRg+MpiA9qJozakHjE=,tag:9xCVN/wFjN8Kl95PSC9aXA==,type:str]
     oidc-secret: ENC[AES256_GCM,data:NeLfEXssdP5f4ff1uz3RwURw+OWAm3QgYz/EPpWb1aE+vIDIhPigiPem1+NrVvdBQ5uysL3VdnLtJPxwppcouoT7VGJkcog+,iv:eCl4I7EC7GTeQNSthk5QrMqNl1B9qvGGxQTspjD+LEU=,tag:qyPKf7E5xNmUI913Fb8n8A==,type:str]
 mealie-env: ENC[AES256_GCM,data:3fZJffJs/WwtmMirHBRkghfPPkTB5sgY6oWNs5GUbkUzOooWurOvm0OcQHAEQf+HLn21kCOk/ilmlrcdMFtzXijClpHuy8n7cwmdGI0bwZ14QPCVlSYvSPisjX0=,iv:tc77J3T4tNGzBnXNBlq4wmfFMFQ44ZFEtl2N1QAt77U=,tag:hW7YceS5/GQveJj8fcf5uA==,type:str]
+vaultwarden: ENC[AES256_GCM,data:8mv//++mIkbJHrREx0ESy038tU/ZS7EE5OCxOXLufxogr891fx4wFSTrVT2QRQ9+iLsdmSI9h5ug7SUiZ7layga2pJp502luOJZOXATYnGj9Bn8z8Nlrz9RkbbuUy7pY/6Ka66DxXzoukO3djhaSfTvt1DvJvlwOMvS94C6rA+Dpf5IzuZeaomTg1GWHAvfLgypCyQy973WHh1ZHLaTv7wMJYq9ZDoU5aw==,iv:HvsKgWjyzRKDE9BiQLIa4v6JhvS3BS8QAOVPCvmlfgE=,tag:l5vT78Xe0GRpo4JA/QtqFQ==,type:str]
 sops:
     age:
         - recipient: age18g4z53ykxzq35dsjq3a2np4f88xwat0kwtax229l3zn0ykhlpvqqy8fgtv
@@ -31,8 +32,8 @@ sops:
             NW9CUkJQbis1NmpyU0xrb3J4UVNKTDgKsPFnlQBa8LGm6s8uZsUXq9RIt4WzzROc
             mz9dEVq/R54xvjMRltgzZyu54BWWOQYgkZUEhOnDoqwVnA7XwGGYtA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-28T09:49:37Z"
-    mac: ENC[AES256_GCM,data:YL5dyXcK8L+F2A/3TB9rzM/M8d9DraqmFfX5l9diQbgmuMO9ni+H6RC2lhKa2rcACVN+vhABHa6ofX7hwZLagI27cMLf4pOFJif78PFz/GCpSQagGtG7LdihgKDW6FF/sL7MpnkSjF0UbDjJlAwYSgMGtY9IAtj25MaeeZiLheY=,iv:ziYlKl1hV1kPUzGGY5EcVMNBcS2RCRIZpF+/1gCc8VI=,tag:leoSyONpmbvL7E+t6/OOuQ==,type:str]
+    lastmodified: "2025-10-14T13:26:58Z"
+    mac: ENC[AES256_GCM,data:+3VBgbv7jeeeH8K8CXQCIXgbazGG98KJvglzHSQhpRY6P14EuF0xi8tkeSD69IfrfoATHNcV5QUppNMYB6DBWl3JClhuPRKkp2wQsCUE3OxsMgxuMxSjNXt+5UJvNJ3kCtfoX7Nm/8ammCK5x8lIQJdFleTMK9r6Am2QQy4HGOY=,iv:dsTWs5Ym5nmhZjrhAHC3qzPZAHeHfZuXdOukatJBKSs=,tag:OhrCtGP/cE8+GSAURo9gag==,type:str]
     pgp:
         - created_at: "2025-07-06T18:28:35Z"
           enc: |-