diff --git a/configs/sputnik/bitwarden.nix b/configs/sputnik/bitwarden.nix
new file mode 100644
index 0000000..52e1820
--- /dev/null
+++ b/configs/sputnik/bitwarden.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }: {
+  services.bitwarden_rs = {
+    enable = true;
+    config = {
+      domain = "https://bitwarden.ingolf-wagner.de";
+      #signupsAllowed = true;
+      signupsAllowed = false;
+      rocketPort = 8222;
+      rocketLog = "critical";
+    };
+  };
+
+}
diff --git a/configs/sputnik/configuration.nix b/configs/sputnik/configuration.nix
index b967950..a44f5f8 100644
--- a/configs/sputnik/configuration.nix
+++ b/configs/sputnik/configuration.nix
@@ -8,6 +8,7 @@
     ./nginx.nix
     ./tinc.nix
     ./codimd.nix
+    ./bitwarden.nix
     #./syncplay.nix
     #./mail-server.nix
 
diff --git a/configs/sputnik/nginx.nix b/configs/sputnik/nginx.nix
index 2e3209a..70a836f 100644
--- a/configs/sputnik/nginx.nix
+++ b/configs/sputnik/nginx.nix
@@ -39,6 +39,29 @@ in {
     recommendedProxySettings = true;
     virtualHosts = {
 
+      "bitwarden.ingolf-wagner.de" = {
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 4443;
+            ssl = true;
+          }
+          {
+            addr = "0.0.0.0";
+            port = 80;
+            ssl = false;
+          }
+        ];
+        forceSSL = true;
+        enableACME = true;
+
+        locations."/" = {
+          proxyPass = "http://localhost:${
+              toString config.services.bitwarden_rs.config.rocketPort
+            }";
+        };
+      };
+
       "git.ingolf-wagner.de" = {
         listen = [
           {
diff --git a/configs/workhorse/bitwarden.nix b/configs/workhorse/bitwarden.nix
deleted file mode 100644
index a270209..0000000
--- a/configs/workhorse/bitwarden.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, lib, pkgs, ... }: {
-  services.bitwarden_rs = {
-    enable = true;
-    backupDir = "/home/bitwarden_backups";
-    config = { signupsAllowed = true; };
-  };
-
-  backup.dirs = [ config.services.bitwarden_rs.backupDir ];
-
-}
diff --git a/configs/workhorse/graylog.nix b/configs/workhorse/graylog.nix
index 507edd9..11853a5 100644
--- a/configs/workhorse/graylog.nix
+++ b/configs/workhorse/graylog.nix
@@ -27,7 +27,7 @@ in {
   services.elasticsearch = {
     enable = true;
     listenAddress = "${config.networking.hostName}.private";
-    extraJavaOptions = ["-Des.http.cname_in_publish_address=true"];
+    extraJavaOptions = [ "-Des.http.cname_in_publish_address=true" ];
   };
 
   services.graylog.enable = true;