diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix
index dd39158..2738c6e 100644
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@@ -367,6 +367,19 @@
           findtime = 600;
         };
       };
+      "vaultwarden" = {
+        settings = {
+          enabled = true;
+          filter = "vaultwarden";
+          backend = "systemd"; # Crucial: Reads from journalctl
+          # Optimizes performance by only looking at logs with this identifier
+          # Based on your log: "heimserver immich[...]" -> identifier is "immich"
+          journalmatch = "_SYSTEMD_UNIT=vaultwarden.service + SYSLOG_IDENTIFIER=vaultwarden";
+          action = "iptables-allports";
+          maxretry = 5;
+          findtime = 600;
+        };
+      };
     };
   };
 
@@ -387,6 +400,13 @@
 
     ignoreregex =
   '';
+  
+  environment.etc."fail2ban/filter.d/vaultwarden.local".text = ''
+    [Definition]
+    failregex = .*Username or password is incorrect\. Try again\. IP: <HOST>\. Username: .*
+
+    ignoreregex =
+  '';
 
   environment.etc."magic-update-script.sh".text = ''
     #!/usr/bin/env bash