diff --git a/hosts/mosquitto/configuration.nix b/hosts/mosquitto/configuration.nix
index 81d773c..dfd29b8 100644
--- a/hosts/mosquitto/configuration.nix
+++ b/hosts/mosquitto/configuration.nix
@@ -26,11 +26,19 @@
   environment.systemPackages = with pkgs; [];
 
   services.mosquitto = {
-    users = {};
+    users = {
+      victor = {
+        acl = ["topic readwrite #"];
+      };
+      zigbee2mqtt = {
+        acl = ["topic readwrite #"];
+      };
+    };
     enable = true;
 
     port = 1883;
     host = "0.0.0.0";
+    
     allowAnonymous = true;
     aclExtraConf = "topic readwrite #";
   };
@@ -39,7 +47,7 @@
     enable = true;
     dataDir = "/var/lib/zigbee2mqtt";
     settings = {
-      homeassistant = false;
+      homeassistant = true;
       permit_join = true;
 
       serial = {
diff --git a/hosts/vault.1/configuration.nix b/hosts/vault.1/configuration.nix
new file mode 100644
index 0000000..6ba1188
--- /dev/null
+++ b/hosts/vault.1/configuration.nix
@@ -0,0 +1,44 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Import common config
+      ../../common/generic-lxc.nix
+      ../../common
+    ];
+
+
+  networking.hostName = "vault";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [];
+
+  # Vault
+  networking.firewall.allowedTCPPorts = [ 8200 ];
+
+  services.vault = {
+    enable = true;
+    # bin version includes the UI
+    package = pkgs.vault-bin;
+    address = "0.0.0.0:8200";
+    storageBackend = "file";
+    storagePath = "/var/lib/vault";
+    extraConfig = ''
+      api_addr = "10.42.42.6:8200"
+      ui = true
+    '';
+  };
+}