diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix
index 7529610..cedece2 100644
--- a/hosts/chunk/vaultwarden.nix
+++ b/hosts/chunk/vaultwarden.nix
@@ -1,15 +1,6 @@
-{ config, ... }:
+{ ... }:
 {
-  services.vaultwarden = {
-    enable = true;
-    dbBackend = "postgresql";
-    environmentFile = config.sops.secrets."vaultwarden/env".path;
-    config = {
-      ROCKET_ADDRESS = "127.0.0.1";
-      ROCKET_PORT = "8081";
-      DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
-    };
-  };
+  my.vaultwarden.enable = true;
 
   services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
     import common
diff --git a/hosts/common.nix b/hosts/common.nix
index 80707cb..feafd17 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -54,7 +54,7 @@
       # https://github.com/jauderho/nts-servers
       "ntp3.fau.de"
       "ntppool1.time.nl"
-      "time.signorini.ch"
+      "ntpmon.dcs1.biz"
       "stratum1.time.cifelli.xyz"
       "nts.teambelgium.net"
       "c.st1.ntp.br"
diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix
index 7fd9309..7873c92 100644
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@@ -406,14 +406,5 @@
     enableTCPIP = true;
   };
 
-  services.vaultwarden = {
-    enable = true;
-    dbBackend = "postgresql";
-    environmentFile = config.sops.secrets."vaultwarden/env".path;
-    config = {
-      ROCKET_ADDRESS = "0.0.0.0";
-      ROCKET_PORT = "8081";
-      DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
-    };
-  };
+  my.vaultwarden.enable = true;
 }
diff --git a/modules/default.nix b/modules/default.nix
index 0fec850..489ec66 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -6,5 +6,6 @@
     ./roundcube.nix
     ./zipline.nix
     ./containerization.nix
+    ./vaultwarden.nix
   ];
 }
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
new file mode 100644
index 0000000..8fda611
--- /dev/null
+++ b/modules/vaultwarden.nix
@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.my.vaultwarden;
+in
+{
+  options.my.vaultwarden = {
+    enable = lib.mkEnableOption "vaultwarden";
+    domain = lib.mkOption {
+      type = lib.types.str;
+      default = "https://pass.cy7.sh";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.vaultwarden = {
+      enable = true;
+      dbBackend = "postgresql";
+      environmentFile = config.sops.secrets."vaultwarden/env".path;
+      config = {
+        ROCKET_ADDRESS = "0.0.0.0";
+        ROCKET_PORT = "8081";
+        DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
+        EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2";
+        DOMAIN = cfg.domain;
+      };
+    };
+  };
+}
\ No newline at end of file