diff --git a/hosts/muho/configuration.nix b/hosts/muho/configuration.nix
index ea87ebe..44718ca 100644
--- a/hosts/muho/configuration.nix
+++ b/hosts/muho/configuration.nix
@@ -37,6 +37,7 @@ in {
   mods.server.grav.enable = true;
   mods.server.homebox.enable = true;
   mods.server.share.enable = true;
+  mods.server.vault.enable = true;
 
   mods.tailscale.enable = true;
   mods.wireguard.id = 3;
diff --git a/hosts/ports.nix b/hosts/ports.nix
index 76f1de9..3f02287 100644
--- a/hosts/ports.nix
+++ b/hosts/ports.nix
@@ -4,6 +4,7 @@
     homebox = 3002;
     git = 3003;
     share = 3004;
+    vault = 3005;
 
     search = 8081;
     videos = 8082;
diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix
index b90beb5..bd7aa5a 100644
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@@ -15,5 +15,6 @@
     ./frontends.nix
     ./homebox.nix
     ./share.nix
+    ./vault.nix
   ];
 }
diff --git a/modules/nixos/server/vault.nix b/modules/nixos/server/vault.nix
new file mode 100644
index 0000000..0d65733
--- /dev/null
+++ b/modules/nixos/server/vault.nix
@@ -0,0 +1,24 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.mods.server.vault;
+  port = config.mods.server.nginx.ports.vault;
+in with lib; {
+  options.mods.server = {
+    vault = {
+      enable = mkEnableOption {
+        default = false;
+        description = "enables vaultwarden server";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.vaultwarden = {
+      enable = true;
+      config = {
+        ROCKET_ADDRESS = "0.0.0.0";
+        ROCKET_PORT = port;
+      };
+    };
+  };
+}