diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix
index e37bac0..09996c0 100644
--- a/hosts/m3-atlas/secrets.nix
+++ b/hosts/m3-atlas/secrets.nix
@@ -29,6 +29,9 @@
         file = ../../secrets/traefik.age;
         owner = "traefik";
       };
+      vaultwarden-env = {
+        file = ../../secrets/vaultwarden-env.age;
+      };
       m3tam3re-secrets = {
         file = ../../secrets/m3tam3re-secrets.age;
         owner = "m3tam3re";
diff --git a/hosts/m3-atlas/services/containers/slash-nemoti.nix b/hosts/m3-atlas/services/containers/slash-nemoti.nix
new file mode 100644
index 0000000..223e92e
--- /dev/null
+++ b/hosts/m3-atlas/services/containers/slash-nemoti.nix
@@ -0,0 +1,27 @@
+{
+  virtualisation.oci-containers.containers."slash" = {
+    image = "docker.io/yourselfhosted/slash:latest";
+    ports = ["127.0.0.1:3016:5231"];
+    volumes = [
+      "slash_data:/var/opt/slash"
+    ];
+    extraOptions = ["--ip=10.89.0.16" "--network=web"];
+  };
+  # Traefik configuration specific to littlelink
+  services.traefik.dynamicConfigOptions.http = {
+    services.slash.loadBalancer.servers = [
+      {
+        url = "http://localhost:3016/";
+      }
+    ];
+
+    routers.slash = {
+      rule = "Host(`l.nemoti.art`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "slash";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix
index a5746cb..2e99305 100644
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@@ -10,6 +10,7 @@
     ./searx.nix
     ./tailscale.nix
     ./traefik.nix
+    ./vaultwarden.nix
     ./wastebin.nix
   ];
 }
diff --git a/hosts/m3-atlas/services/vaultwarden.nix b/hosts/m3-atlas/services/vaultwarden.nix
new file mode 100644
index 0000000..e45fc39
--- /dev/null
+++ b/hosts/m3-atlas/services/vaultwarden.nix
@@ -0,0 +1,29 @@
+{config, ...}: {
+  services.vaultwarden = {
+    enable = true;
+    backupDir = "/var/backup/vaultwarden";
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 3013;
+    };
+    environmentFile = "${config.age.secrets.vaultwarden-env.path}";
+  };
+
+  # Traefik configuration for headscale
+  services.traefik.dynamicConfigOptions.http = {
+    services.vaultwarden.loadBalancer.servers = [
+      {
+        url = "http://localhost:3009/";
+      }
+    ];
+
+    routers.vaultwarden = {
+      rule = "Host(`vw.m3ta.dev`)";
+      tls = {
+        certResolver = "godaddy";
+      };
+      service = "vaultwarden";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index 217a4e5..c02faf9 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -28,6 +28,7 @@ in {
   "secrets/searx.age".publicKeys = systems ++ users;
   "secrets/tailscale-key.age".publicKeys = systems ++ users;
   "secrets/traefik.age".publicKeys = systems ++ users;
+  "secrets/vaultwarden-env.age".publicKeys = systems ++ users;
   "secrets/wg-DE.age".publicKeys = systems ++ users;
   "secrets/wg-NL.age".publicKeys = systems ++ users;
   "secrets/wg-NO.age".publicKeys = systems ++ users;
diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age
new file mode 100644
index 0000000..4352c8c
Binary files /dev/null and b/secrets/vaultwarden-env.age differ