diff --git a/spec/eientei/vaultwarden.nix b/spec/eientei/vaultwarden.nix
new file mode 100644
index 00000000..8e6d6d30
--- /dev/null
+++ b/spec/eientei/vaultwarden.nix
@@ -0,0 +1,27 @@
+{
+  services.vaultwarden = {
+    enable = true;
+    environmentFile = "/nix/persist/service/vaultwarden/secret.env";
+    config = {
+      domain = "https://vault.514fpv.io:2096";
+      signupsAllowed = true;
+      rocketAddress = "127.0.0.1";
+      rocketPort = 8222;
+      rocketLog = "critical";
+      databaseUrl = "postgresql:///vaultwarden";
+    };
+    dbBackend = "postgresql";
+  };
+
+  services.nginx.virtualHosts."vault.514fpv.io" = {
+    useACMEHost = ".514fpv.io";
+    addSSL = true;
+    locations."/".proxyPass = "http://127.0.0.1:8222";
+  };
+
+  environment.persistence."/nix/persist/fhs".directories = [
+    "/var/lib/bitwarden_rs"
+  ];
+
+  global.fs.zfs.mountpoints."/nix/persist/service/vaultwarden" = "service/vaultwarden";
+}