diff --git a/flake.lock b/flake.lock
index 34139bd..1fd8943 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,50 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1770165109,
+        "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -21,6 +66,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -58,10 +124,26 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "disko": "disko",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "nixpkgs": "nixpkgs"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 10127e8..bc9169e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,9 +7,12 @@
         disko.inputs.nixpkgs.follows = "nixpkgs";
         home-manager.url = "github:nix-community/home-manager";
         home-manager.inputs.nixpkgs.follows = "nixpkgs";
+        agenix.url = "github:ryantm/agenix";
+        agenix.inputs.nixpkgs.follows = "nixpkgs";
+
     };
 
-    outputs = { self, nixpkgs, disko, home-manager }:
+    outputs = { self, nixpkgs, disko, home-manager, agenix }:
     let
         # options
         system = "x86_64-linux";
@@ -22,7 +25,7 @@
         nixosConfigurations = {
             isengard = lib.nixosSystem {
                 inherit system;
-                specialArgs = { inherit release myUser disko; };
+                specialArgs = { inherit release myUser disko agenix; };
                 modules = [
                     ./hosts/isengard.nix
                     ./modules/base.nix
@@ -32,8 +35,8 @@
                 inherit system;
                 specialArgs = { inherit release myUser disko; };
                 modules = [
-                    ./hosts/palantir.nix
                     ./modules/base.nix
+                    ./hosts/palantir.nix
 
                     home-manager.nixosModules.home-manager
                     ./modules/home.nix
diff --git a/hosts/isengard.nix b/hosts/isengard.nix
index 99ff051..e180acd 100644
--- a/hosts/isengard.nix
+++ b/hosts/isengard.nix
@@ -4,9 +4,13 @@
     # Imports
     imports = [
         disko.nixosModules.disko ../disko/isengard/btrfs-legacy.nix
+        
+        # Secrets
+        ../modules/agenix.nix
 
         # Containers
         ../modules/containers/ntfy.nix
+        ../modules/containers/vaultwarden.nix
 
     ];
     # Disks
@@ -38,4 +42,3 @@
 
     system.stateVersion = release;
 }
-
diff --git a/modules/agenix.nix b/modules/agenix.nix
new file mode 100644
index 0000000..00daffa
--- /dev/null
+++ b/modules/agenix.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, agenix, system, ... }:
+
+{
+
+    imports = [
+        agenix.nixosModules.default
+    ];
+    environment.systemPackages = [
+        agenix.packages.${system}.default
+    ];
+
+    # Secrets
+    age.secrets = {
+        vaultwarden-admin-token = {
+            file = ../secrets/vaultwarden-admin-token.age;
+            owner = "root";
+            group = "root";
+            mode = "0400";
+        };
+    };
+}
diff --git a/modules/containers/ntfy.nix b/modules/containers/ntfy.nix
index e3bb3a4..80c700e 100644
--- a/modules/containers/ntfy.nix
+++ b/modules/containers/ntfy.nix
@@ -15,7 +15,7 @@ in
         image = "binwiederhier/ntfy:latest";
 
         ports = [
-            "127.0.0.1:10000:80"
+            "0.0.0.0:10000:80"
         ];
 
         volumes = [
diff --git a/modules/containers/vaultwarden.nix b/modules/containers/vaultwarden.nix
new file mode 100644
index 0000000..f3895c3
--- /dev/null
+++ b/modules/containers/vaultwarden.nix
@@ -0,0 +1,31 @@
+{ config, ... }:
+
+let
+    vaultwardenDir = "/srv/containers/vaultwarden";
+in
+{
+    systemd.tmpfiles.rules = [
+        "d ${vaultwardenDir} 2775 root admin"
+    ];
+
+    virtualisation.oci-containers.containers.vaultwarden = {
+        autoStart = true;
+        image = "vaultwarden/server:latest";
+
+        ports = [
+            "0.0.0.0:10001:80"
+        ];
+
+        volumes = [
+            "${vaultwardenDir}:/data"
+        ];
+        
+        environment = {
+            TZ = "Europe/Bucharest";
+            WEBSOCKET_ENABLED = "true";
+            SIGNUPS_ALLOWED = "false";
+            ROCKET_PORT = "80";
+            ROCKET_ADDRESS = "0.0.0.0";
+        };
+    };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..ea04aa9
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,10 @@
+let
+  victor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiNyGO4RAxSdxvn2ZIBZ2Ze4iVVMrBNmu/V9JO70PoT victor@battleship";
+  users = [ victor ];
+
+  isengard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpsaUGNNrF8kHzmHAPOc4C15vF0SE9Nn6h+NC7nONX7 root@isengard";
+  systems = [ isengard ];
+in
+{
+  "vaultwarden-admin-token.age".publicKeys = [ victor isengard ];
+}
diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age
new file mode 100644
index 0000000..d25a631
--- /dev/null
+++ b/secrets/vaultwarden-env.age
@@ -0,0 +1,10 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFA5bEdnQSB4RitR
+M0dlbjRZU0ZQZWNkZWs2eFRxRWZ4eVhlcnc2OUo0Rmszbkx1cUZvCnFSS3ZlanBJ
+MnJ1YmRsTDBRY3RkNGVPR0NxWC9CSjN4TlV6VjNxWHBXY0EKLT4gc3NoLWVkMjU1
+MTkgS0tuNDVBIHk3RGF0Y1V3bHBwQmZ5SlltSENLZlc1Ui96ZklrVlRHczhhdjJu
+YUlCQkUKSGkxY0w1ZFhsTW5xOVRqL3E0dGtYZXEvNzNOZlR4T0gxM3RKT1RmODQy
+TQotPiAmTCw3by0tZ3JlYXNlIGl6RD1pIEhwJGJvKgoya0xNT0lpczhnCi0tLSAv
+alp3bVBjenQ5WDlCdzRFeEJ4c01CQWhCMVk4R3dUeFpEbFpHdGVwTjVrCtAo7n+8
+1WWIS4y//7I5luHmYIz9b909UJSwg/g7oG9Q
+-----END AGE ENCRYPTED FILE-----