diff --git a/deployments/home-server/vaultwarden.yaml b/deployments/home-server/vaultwarden.yaml
index 6dc807a..60c10e6 100644
--- a/deployments/home-server/vaultwarden.yaml
+++ b/deployments/home-server/vaultwarden.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: vaultwarden-pv
+  name: vaultwarden-pgdata-pv
 spec:
   capacity:
     storage: 5Gi
@@ -11,12 +11,12 @@ spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: local-path
   hostPath:
-    path: /dpool/services/vaultwarden/data
+    path: /dpool/services/vaultwarden-pgdata
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: vaultwarden-pvc
+  name: vaultwarden-pgdata-pvc
   namespace: home-server
 spec:
   accessModes:
@@ -25,83 +25,63 @@ spec:
   resources:
     requests:
       storage: 5Gi
-  volumeName: vaultwarden-pv
+  volumeName: vaultwarden-pgdata-pv
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: vaultwarden
+  name: vaultwarden-postgres
   namespace: home-server
 spec:
-  selector:
-    app: vaultwarden
   ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
+    - port: 5432
+  selector:
+    app: vaultwarden-postgres
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vaultwarden-postgres-secret
+  namespace: home-server
+type: Opaque
+stringData:
+  postgres-password: "super-strong-password"
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: vaultwarden
+  name: vaultwarden-postgres
   namespace: home-server
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: vaultwarden
+      app: vaultwarden-postgres
   template:
     metadata:
       labels:
-        app: vaultwarden
+        app: vaultwarden-postgres
     spec:
       containers:
-        - name: vaultwarden
-          image: vaultwarden/server:latest
-          imagePullPolicy: Always
+        - name: postgres
+          image: postgres:15
           env:
-            - name: TZ
-              value: "Australia/Brisbane"
-            - name: WEBSOCKET_ENABLED
-              value: "true"
-            - name: SIGNUPS_ALLOWED
-              value: "false" # Set to "true" if you want open registration
-            - name: ADMIN_TOKEN
-              value: 0h12893hj0129j30129j3
+            - name: POSTGRES_DB
+              value: vaultwarden
+            - name: POSTGRES_USER
+              value: vaultuser
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-postgres-secret
+                  key: postgres-password
           ports:
-            - containerPort: 80
+            - containerPort: 5432
           volumeMounts:
-            - name: vaultwarden-data
-              mountPath: /data
+            - name: pgdata
+              mountPath: /var/lib/postgresql/data
       volumes:
-        - name: vaultwarden-data
+        - name: pgdata
           persistentVolumeClaim:
-            claimName: vaultwarden-pvc
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: vaultwarden
-  namespace: home-server
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: vault.hxme.net
-    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
-    nginx.ingress.kubernetes.io/server-snippet: |
-      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
-spec:
-  tls:
-    - hosts:
-        - vault.hxme.net
-      secretName: wildcard-hxme-net
-  rules:
-    - host: vault.hxme.net
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: vaultwarden
-                port:
-                  number: 80
+            claimName: vaultwarden-pgdata-pvc