diff --git a/nix/application/containers.nix b/nix/application/containers.nix
index c5d05f4..0ba5e43 100644
--- a/nix/application/containers.nix
+++ b/nix/application/containers.nix
@@ -111,18 +111,28 @@
       };
 
       transmission = {
-        image = "haugene/transmission-openvpn:5";
+        image = "haugene/transmission-openvpn:5.3.1";
         ports = [ "9091:9091" ];
         volumes = [
           "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
           "/etc/localtime:/etc/localtime:ro"
           "/home/torrent/data:/data"
+          "/home/sezycei/srv/scripts/transmission/custom-data:/etc/openvpn/custom"
         ];
         environmentFiles =
           [ config.age.secrets.transmission-env.path ];
         extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
       };
 
+      vaultwarden = {
+        image = "vaultwarden/server:1.31.0";
+        ports = [ "40080:80" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/bitwarden/data:/data"
+        ];
+        environmentFiles = [ config.age.secrets.bitwarden-env.path ];
+      };
+
     };
   };
 }
diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix
index 4580636..aee5988 100644
--- a/nix/application/nginx.nix
+++ b/nix/application/nginx.nix
@@ -76,6 +76,7 @@
         "jame.su" = static { dir = "/var/www/jame.su"; };
         "matri.cx" = static { dir = "/var/www/matri.cx"; };
         "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
+        "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
         "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
         "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
         "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };
diff --git a/nix/system/age.nix b/nix/system/age.nix
index f5bff34..9404b5a 100644
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@@ -18,6 +18,7 @@
       };
       keys.file = ../../secrets/keys.age;
       miniflux.file = ../../secrets/miniflux.age;
+      bitwarden-env.file = ../../secrets/bitwarden-env.age;
       transmission-env.file = ../../secrets/transmission-env.age;
     };
     identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
diff --git a/nix/system/network.nix b/nix/system/network.nix
index 7fcddae..31bc12e 100644
--- a/nix/system/network.nix
+++ b/nix/system/network.nix
@@ -2,7 +2,7 @@
   networking = {
     hostName = "eve-psr-nix0";
     firewall = {
-      allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 3000 ];
+      allowedTCPPorts = [ 22 80 443 3000 7860 9418 23231 23232 23233 ];
       allowedUDPPorts = [ 53 1194 ];
       trustedInterfaces = [ "tun0" ];
     };
diff --git a/secrets.nix b/secrets.nix
index c7ff715..b9af65d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -13,5 +13,6 @@ in
   "secrets/htpasswd-dock.age" = { publicKeys = all; };
   "secrets/keys.age" = { publicKeys = all; };
   "secrets/miniflux.age" = { publicKeys = all; };
+  "secrets/bitwarden-env.age" = { publicKeys = all; };
   "secrets/transmission-env.age" = { publicKeys = all; };
 }
diff --git a/secrets/bitwarden-env.age b/secrets/bitwarden-env.age
new file mode 100644
index 0000000..4f82ae6
Binary files /dev/null and b/secrets/bitwarden-env.age differ
diff --git a/secrets/transmission-env.age b/secrets/transmission-env.age
index 4011475..45eb4be 100644
Binary files a/secrets/transmission-env.age and b/secrets/transmission-env.age differ