diff --git a/deployments/synctools/vaultwarden.yaml b/deployments/synctools/vaultwarden.yaml
new file mode 100644
index 0000000..93c3475
--- /dev/null
+++ b/deployments/synctools/vaultwarden.yaml
@@ -0,0 +1,79 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bitwarden
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: bjw-s-charts
+  namespace: flux-system
+spec:
+  url: https://bjw-s.github.io/helm-charts/
+  interval: 1h
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vaultwarden
+  namespace: bitwarden
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 2.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+  install:
+    createNamespace: true
+  values:
+    # Basic container config
+    image:
+      repository: vaultwarden/server
+      tag: 1.30.5
+      pullPolicy: IfNotPresent
+
+    env:
+      WEBSOCKET_ENABLED: "true"
+      SIGNUPS_ALLOWED: "false"
+      DOMAIN: "https://vw.hxme.net"
+      ADMIN_TOKEN: "CHANGEME_SUPER_SECRET"
+
+    service:
+      main:
+        ports:
+          http:
+            port: 80
+
+    ingress:
+      main:
+        enabled: true
+        annotations:
+          kubernetes.io/ingress.class: "traefik" # Or nginx or your ingress class
+        hosts:
+          - host: vw.hxme.net
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - vw.hxme.net
+            secretName: bitwarden-tls
+
+    persistence:
+      data:
+        enabled: true
+        existingClaim: bitwarden-data # You must create a PVC or a StorageClass dynamic claim
+
+    resources:
+      requests:
+        cpu: 50m
+        memory: 128Mi
+      limits:
+        cpu: 250m
+        memory: 512Mi
+