diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix
index 626fd26..bbc3c6b 100644
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -6,13 +6,14 @@
     ../../base.nix
     ../../misc/metrics-exporters.nix
 
-    ./services/website
-    ./services/nginx.nix
     ./services/gitea/default.nix
-    ./services/kerberos
-    ./services/webmail
-    ./services/mediawiki
     ./services/idp-simplesamlphp
+    ./services/kerberos
+    ./services/mediawiki
+    ./services/nginx.nix
+    ./services/vaultwarden.nix
+    ./services/webmail
+    ./services/website
   ];
 
   sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
diff --git a/hosts/bekkalokk/services/vaultwarden.nix b/hosts/bekkalokk/services/vaultwarden.nix
new file mode 100644
index 0000000..2b25e9a
--- /dev/null
+++ b/hosts/bekkalokk/services/vaultwarden.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.vaultwarden;
+  domain = "pw.pvv.ntnu.no";
+  address = "127.0.1.2";
+  port = 3011;
+  wsPort = 3012;
+in {
+  sops.secrets."vaultwarden/environ" = {
+    owner = "vaultwarden";
+    group = "vaultwarden";
+  };
+
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    environmentFile = config.sops.secrets."vaultwarden/environ".path;
+    config = {
+      domain = "https://${domain}";
+
+      rocketAddress = address;
+      rocketPort = port;
+
+      websocketEnabled = true;
+      websocketAddress = address;
+      wsPort = wsPort;
+
+      signupsAllowed = true;
+      signupsVerify=true;
+      signupsDomainsWhitelist = "pvv.ntnu.no";
+
+      smtpFrom = "vaultwarden@pvv.ntnu.no";
+      smtpFromName = "VaultWarden PVV";
+
+      smtpHost = "smtp.pvv.ntnu.no";
+      smtpUsername = "vaultwarden";
+      smtpSecurity = "force_tls";
+      smtpAuthMechanism = "Login";
+
+      # Configured in environ:
+      # databaseUrl = "postgresql://vaultwarden@/vaultwarden";
+      # smtpPassword = hemli
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+
+    extraConfig = ''
+      client_max_body_size 128M;
+    '';
+    locations."/" = {
+      proxyPass = "http://${address}:${toString port}";
+      proxyWebsockets = true;
+    };
+    locations."/notifications/hub" = {
+      proxyPass = "http://${address}:${toString wsPort}";
+      proxyWebsockets = true;
+    };
+    locations."/notifications/hub/negotiate" = {
+      proxyPass = "http://${address}:${toString port}";
+      proxyWebsockets = true;
+    };
+  };
+}
diff --git a/secrets/bekkalokk/bekkalokk.yaml b/secrets/bekkalokk/bekkalokk.yaml
index 152bafc..4030608 100644
--- a/secrets/bekkalokk/bekkalokk.yaml
+++ b/secrets/bekkalokk/bekkalokk.yaml
@@ -27,6 +27,8 @@ nettsiden:
         postgres_password: ENC[AES256_GCM,data:SvbrdHF4vQ94DgoEfy67QS5oziAsMT8H,iv:LOHBqMecA6mgV3NMfmfTh3zDGiDve+t3+uaO53dIxt4=,tag:9ffz84ozIqytNdGB1COMhA==,type:str]
         cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
         admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
+vaultwarden:
+    environ: ENC[AES256_GCM,data:U0ZWUx5gSCWrp2Tlr0dnaJWiad/IO5bxTJt/vv9deFaYgMtN5m/syne8VuJwLjfOdj4TNewoVCZ5upt97mcFV3DQVU+l7ovZNlWYEUTrkqPuXdiLuLtxTFJ1iJ7GkHF00YjwpjqhBG0/BEuZSfM/IPdddZmYe3oZCe8DocwgquI=,iv:3vmQIer5xDJpYzew4Oihj1JhT1gl1fZg42c4hK1k0Fg=,tag:psOgZZUeL4w/hnqjOViLEw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -60,8 +62,8 @@ sops:
             akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
             GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-14T21:58:31Z"
-    mac: ENC[AES256_GCM,data:+o7YvaaKTjN/uZT5mv3z9FgIbXwG4NPJePWwRmtkBINn9X+vrCmYOXqWhKw7qfInn4Ftcg0FA7cYFZe5Pv8MNp+f8v1yoiLrVX12cxmEYtqTXJz7pNeD2st1YjGJKihNi2/fyCCf4YBCGN+8Ze//HeVf7/tfWNB+ysyC9g9Tze4=,iv:C6XBCVXn8GuNeaWGdJRnUIh1us0i8fSoxu9Sx7Feb58=,tag:W0RLPPv7eP5kCNrhMG3z7A==,type:str]
+    lastmodified: "2024-05-26T01:12:14Z"
+    mac: ENC[AES256_GCM,data:xiWGqNLaY9lAyU75HYS/J3thkYMwUYKfWXKzTLmoJ+mPys3wvO4uK2YIdTSzmRuBUtDrEl72zViOS8OebJaxrfjZ3O9jR56gD69ls+tEiIKDIUteMVxel6VU4pQzgtY321PEk+4NMhKyW0uIGY0oUjLnncAY9xM0NMy7setFhrU=,iv:iiwtNWlJY1sHMQ+WccIPp0dayD3tVxlmTaKSN7X4Gis=,tag:yT88BvGdCCGC1M5xMpZoAA==,type:str]
     pgp:
         - created_at: "2023-05-21T00:28:40Z"
           enc: |
@@ -85,3 +87,4 @@ sops:
           fp: F7D37890228A907440E1FD4846B9228E814A2AAC
     unencrypted_suffix: _unencrypted
     version: 3.8.1
+