diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix
index 84783f6..9c6a8c7 100644
--- a/hosts/chunk/miniflux.nix
+++ b/hosts/chunk/miniflux.nix
@@ -12,6 +12,7 @@
 
   services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
     import common
+    import authelia
     reverse_proxy localhost:8080
   '';
 }
diff --git a/modules/authelia.nix b/modules/authelia.nix
index ae5b0ad..afd8b52 100644
--- a/modules/authelia.nix
+++ b/modules/authelia.nix
@@ -35,7 +35,7 @@ in
           default_policy = "deny";
           rules = [
             {
-              domain = "red.cy7.sh";
+              domain = "*.cy7.sh";
               policy = "one_factor";
             }
           ];
diff --git a/modules/vault.nix b/modules/vault.nix
new file mode 100644
index 0000000..1e3772d
--- /dev/null
+++ b/modules/vault.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.my.vault;
+in
+{
+  options.my.vault = {
+    enable = lib.mkEnableOption "hashicorp vault";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.vault = {
+
+    };
+  };
+}
\ No newline at end of file