diff --git a/devices/cluster/modules/caddy.nix b/devices/cluster/modules/caddy.nix
index 02935fe..ec74e90 100644
--- a/devices/cluster/modules/caddy.nix
+++ b/devices/cluster/modules/caddy.nix
@@ -47,7 +47,7 @@ in {
 
         subDomains = {
           # Misc one-liners
-          vault.reverseProxy = "${dockerIP}:8781";
+          vault.reverseProxy = "${servivi}:8781";
           hauk.reverseProxy = "${servivi}:3003";
           headscale.reverseProxy = "${clusterIP}:8085";
           jelly.reverseProxy = "${jellyIP}:80";
@@ -137,7 +137,7 @@ in {
               vaultwarden = {
                 subDirName = "vault";
                 experimental = true;
-                reverseProxy = "${dockerIP}:8780";
+                reverseProxy = "${servivi}:8780";
               };
             };
           };
diff --git a/devices/nas/modules/arion/default.nix b/devices/nas/modules/arion/default.nix
index ce5b4d4..e19c74b 100644
--- a/devices/nas/modules/arion/default.nix
+++ b/devices/nas/modules/arion/default.nix
@@ -12,6 +12,7 @@ in {
     ./music/jbots/compose.nix
     ./nextcloud/compose.nix
     ./resume/compose.nix
+    ./vaultwarden/compose.nix
     ./wg-easy/compose.nix
   ];
 
diff --git a/devices/nas/modules/arion/vaultwarden/compose.nix b/devices/nas/modules/arion/vaultwarden/compose.nix
new file mode 100644
index 0000000..ba9af9d
--- /dev/null
+++ b/devices/nas/modules/arion/vaultwarden/compose.nix
@@ -0,0 +1,25 @@
+{config, ...}: let
+  inherit (config.arion) rwDataDir;
+
+  rwPath = rwDataDir + "/vaultwarden";
+in {
+  arion.projects."vaultwarden" = {
+    "public-vault" = {
+      image = ./images/vaultwarden.nix;
+      restart = "always";
+
+      ports = ["8781:80"];
+      volumes = ["${rwPath}/public-data:/data"];
+      environment.WEBSOCKET_ENABLED = "true";
+    };
+
+    "private-vault" = {
+      image = ./images/vaultwarden.nix;
+      restart = "always";
+
+      ports = ["8780:80"];
+      volumes = ["${rwPath}/private-data:/data"];
+      environment.WEBSOCKET_ENABLED = "true";
+    };
+  };
+}
diff --git a/devices/nas/modules/arion/vaultwarden/images/vaultwarden.nix b/devices/nas/modules/arion/vaultwarden/images/vaultwarden.nix
new file mode 100644
index 0000000..22904d4
--- /dev/null
+++ b/devices/nas/modules/arion/vaultwarden/images/vaultwarden.nix
@@ -0,0 +1,8 @@
+pkgs:
+pkgs.dockerTools.pullImage {
+  imageName = "quay.io/vaultwarden/server";
+  imageDigest = "sha256:153defd78a3ede850445d64d6fca283701d0c25978e513c61688cf63bd47a14a";
+  sha256 = "0hgmnj651lyhf6rca0y0x5b0q3f1pv8h1rdkb2wmfxrng7wwjrg8";
+  finalImageName = "quay.io/vaultwarden/server";
+  finalImageTag = "latest";
+}