diff --git a/host_vars/poincare/vars b/host_vars/poincare/vars
index e83844c..afb2e27 100644
--- a/host_vars/poincare/vars
+++ b/host_vars/poincare/vars
@@ -1,3 +1,14 @@
 certbot_domains:
   - mfocko.xyz
   - '*.mfocko.xyz'
+
+vaultwarden_db_user: "{{ vault_vaultwarden_db_user }}"
+vaultwarden_db_pass: "{{ vault_vaultwarden_db_pass }}"
+vaultwarden_db_host: "{{ vault_vaultwarden_db_host }}"
+vaultwarden_db_name: "{{ vault_vaultwarden_db_name }}"
+
+vaultwarden_push_installation_id: "{{ vault_vaultwarden_push_installation_id }}"
+vaultwarden_push_installation_key: "{{ vault_vaultwarden_push_installation_key }}"
+
+vaultwarden_yubico_client_id: "{{ vault_vaultwarden_yubico_client_id }}"
+vaultwarden_yubico_secret_key: "{{ vault_vaultwarden_yubico_secret_key }}"
diff --git a/host_vars/poincare/vault b/host_vars/poincare/vault
index 094bc81..78e0b7b 100644
--- a/host_vars/poincare/vault
+++ b/host_vars/poincare/vault
@@ -1,16 +1,44 @@
 $ANSIBLE_VAULT;1.1;AES256
-32373735633265643033656563343839666566353330653231353538646537643363373438636664
-3535373337356161653838653734616431336539623338630a663766393436343964623737663064
-36323130313462306333663932386438613731336163343434333833313065366130313462633532
-6533663439313565310a623161333466376166656630323636366435336334316635623138353761
-36346539646632326166643935623137363964383036373632616466396239346533626239356565
-37613331613238336561326161343163303733393262303230663732386334323232353037396334
-34326633663031613837353464616436666663623733386463306164393562613061383031623137
-35616564396562653163653938353163306362666530373663373361383434323962656236326164
-61376434643365633863363833323665363662633638626663356164383864353064393163383532
-65613739373665396333326631323663316561383932666662376137316636363536376532336632
-65333562626530643835636561376166653732343731633737363237313263313464656162623138
-30623939373930316239366336316466393333656365326135393964396538656638663066393832
-65623438343562343332313438306235363839383136376333393933303730316265303133373939
-62303838313036333262616438303263663666393063393030646336343239383631396130346361
-313061323037333237623965396362373936
+38396632393034303131393039353862623439616432616131393366393236386637623764636336
+6331326239316563363964663962323034386362623033310a393766613836636634366536383336
+33623339626637346130383865643464343363363030323333333639373230326635316461386135
+6630326635626138320a353365393832663531663939663238303333646661653266396539326665
+31373035373361663939336433393234303730336562653763393063313765626462623364396237
+63396234303633663566343237313163313365623066356330346538643830363137636262306430
+36363730623363393561353166366262643862316331393631643734643866313135303561396635
+30303663373634333436383066323966626462343065613365656633646565333938636336626161
+30313864653539373864326363626137306534303930643463353232383163636335326361633164
+64623435616338363564653863343335666636653132623331653533666532333334323965303139
+30396664663037643362653631386638663532383436366139353537623735303964343361326539
+34303432376437376133396434326233636665656365363233613363653261353965333834343031
+35653536356239616462613936663335666366623637656662666661663637326261383137356536
+65343037363538333162626337396165373064376237646161356432613938616433616430336366
+36393561383037633439666430336162613063376339393736346631333664656564663533356164
+63363664643261633739646335353336656433303633613363373966353033643436373566323735
+62316266333038373334313561363466656563393361623463623262333262346263663136383235
+62373666353664303761333764343936306537323262393761373362616633326534303939353936
+31653837373935373766386333333937306365356166303538383664633834356438643338363365
+32313136636361633938393866306164646339393838346231623938613335613462323261343233
+64656564626163303132353934386531383531636461653264613233343836663131346533363365
+65333261633662313861636431363133646630663232623636366162386337393839626561613665
+33316461633536653361396438363864326562646463396163656362303338376435666365336563
+39666636343762656563343936373939363931623364346330666536626334356439393437326136
+36313962356435643466333537346461313337653965616562643262336539343265343266303531
+36386432373865363036383866366566356239396666323532633235623635326535363663643838
+39623632623233613835353139616466623437616461626232343061393461393430623135346238
+61316533333330323166303536316332663830373838326635306539323735353537393966356266
+39306237373134396164313332356332633064383064623334303236646531383162663835363431
+38316332386633356165333062666165613863303766633432613463653333343639333436323666
+38306362313434613833363461386236363265646661633237346663353264343538633736373638
+33336435316537616536383432646464396134373464316235656436323733333862623238386563
+30303034303931636563613133383364663330373733643535393161613530636436386232653461
+37383764613866303965306133653561333831323331643666346165646436666636366366356365
+39626438306434316534653838316564373664323537386630373830623335613035303632623064
+64343031646139616631633930386233303334383766333438323833303232383536636437663338
+65643132376434643666626361323765303638363062613463303931626266343236393463313065
+62363231363861363634373734326663323139346338663465616465666333323166376130366131
+63666237383739363162613139336331653666616633383532613331656464343238323961373633
+63383930346665396462633437363830316662633635316463646563393434636165656134343239
+39303763353566656365373630366636326333343338313464376133313066373234323038646166
+35393231303530303039396162633139366464383462393834613232646631313836396637623461
+613966633165366164313336393436663832
diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml
new file mode 100644
index 0000000..6b0d112
--- /dev/null
+++ b/roles/vaultwarden/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Install the Vaultwarden quadlets
+  ansible.builtin.template:
+    src: "templates/{{ item }}"
+    dest: "/etc/containers/systemd/{{ item }}"
+    mode: 0644
+    owner: root
+    group: root
+  loop:
+    - vaultwarden.container
+    - vaultwarden.network
+    - vaultwarden.volume
+
+- name: Install environment file for Vaultwarden
+  ansible.builtin.template:
+    src: templates/vaultwarden.ini
+    dest: /etc/vaultwarden.ini
+    mode: 0600
+    owner: root
+    group: root
+
+- name: Enable the Vaultwarden quadlet
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+    enabled: true
+    name: vaultwarden.service
+    state: "started"
diff --git a/roles/vaultwarden/templates/vaultwarden.container b/roles/vaultwarden/templates/vaultwarden.container
new file mode 100644
index 0000000..a8e7729
--- /dev/null
+++ b/roles/vaultwarden/templates/vaultwarden.container
@@ -0,0 +1,20 @@
+[Unit]
+Description=Vaultwarden
+
+[Container]
+ContainerName=vaultwarden
+Image=ghcr.io/dani-garcia/vaultwarden:latest
+
+EnvironmentFile=/etc/vaultwarden.ini
+
+Network=vaultwarden.network
+PublishPort=8888:80
+PublishPort=3012:3012
+
+Volume=vaultwarden-data:/data
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/vaultwarden/templates/vaultwarden.ini b/roles/vaultwarden/templates/vaultwarden.ini
new file mode 100644
index 0000000..d9dcb1d
--- /dev/null
+++ b/roles/vaultwarden/templates/vaultwarden.ini
@@ -0,0 +1,15 @@
+DATABASE_URL=postgresql://{{ vaultwarden_db_user }}:{{ vaultwarden_db_pass | urlencode }}@{{ vaultwarden_db_host }}/{{ vaultwarden_db_name }}
+
+DOMAIN=https://{{ vaultwarden_address }}
+
+PUSH_ENABLED=true
+PUSH_INSTALLATION_ID={{ vaultwarden_push_installation_id }}
+PUSH_INSTALLATION_KEY={{ vaultwarden_push_installation_key }}
+
+WEBSOCKET_ENABLED=true
+
+YUBICO_CLIENT_ID={{ vaultwarden_yubico_client_id }}
+YUBICO_SECRET_KEY={{ vaultwarden_yubico_secret_key }}
+
+# dunno why, but ok…
+ROCKET_WORKERS=1
diff --git a/roles/vaultwarden/templates/vaultwarden.network b/roles/vaultwarden/templates/vaultwarden.network
new file mode 100644
index 0000000..5d4e868
--- /dev/null
+++ b/roles/vaultwarden/templates/vaultwarden.network
@@ -0,0 +1,2 @@
+[Network]
+NetworkName=vaultwarden
diff --git a/roles/vaultwarden/templates/vaultwarden.volume b/roles/vaultwarden/templates/vaultwarden.volume
new file mode 100644
index 0000000..9158846
--- /dev/null
+++ b/roles/vaultwarden/templates/vaultwarden.volume
@@ -0,0 +1,2 @@
+[Volume]
+VolumeName=vaultwarden-data