diff --git a/host_vars/snunmu.yml b/host_vars/snunmu.yml
index 9b6775b..5f7f1ab 100644
--- a/host_vars/snunmu.yml
+++ b/host_vars/snunmu.yml
@@ -12,14 +12,6 @@ portainer_required_templates:
 
 portainer_endpoint: 23
 services:
-  - name: bookstack
-    template_vars:
-      image: linuxserver/bookstack
-      tag: 23.06.1
-  - name: vaultwarden
-    template_vars:
-      image: vaultwarden/server
-      tag: 1.28.1
   - name: linkding
   - name: pihole
   - name: hasteypaste
diff --git a/playbooks/setup-homelab.yml b/playbooks/setup-homelab.yml
index e044b04..b09e2c9 100644
--- a/playbooks/setup-homelab.yml
+++ b/playbooks/setup-homelab.yml
@@ -59,14 +59,14 @@
 - name: Setup and deploy portainer services (snunmu).
   hosts: snunmu
   become: true
+  tags: [services]
   pre_tasks:
     - name: Include vault variables.
       ansible.builtin.include_vars: '../{{ vault_file }}'
       tags: [always]
   roles:
     - role: portainer_bookstack
-      tags: [services]
-
+    - role: portainer_vaultwarden
 
 #- name: Setup and deploy portainer services.
 #  hosts: servers
diff --git a/roles/portainer_bookstack/tasks/main.yml b/roles/portainer_bookstack/tasks/main.yml
index 345087e..5feb1e9 100644
--- a/roles/portainer_bookstack/tasks/main.yml
+++ b/roles/portainer_bookstack/tasks/main.yml
@@ -35,7 +35,7 @@
             - DB_DATABASE={{ bookstack_database }}
             - APP_URL={{ bookstack_app_url }}
           volumes:
-            - config:/config"
+            - config:/config
           ports:
             - "{{ bookstack_expose_port }}:80"
           restart: "{{ bookstack_restart_policy }}"
diff --git a/roles/portainer_vaultwarden/defaults/main.yml b/roles/portainer_vaultwarden/defaults/main.yml
new file mode 100644
index 0000000..b3af832
--- /dev/null
+++ b/roles/portainer_vaultwarden/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+vaultwarden_image: vaultwarden/server
+vaultwarden_tag: 1.28.1
+vaultwarden_backup_enabled: true
+vaultwarden_backup_schedule: "nightly"
+vaultwarden_expose_port: 80
+vaultwarden_portainer_stack_name: vaultwarden
+
+# Environment variables
+vaultwarden_websocket_enabled: true
+vaultwarden_sends_allowed: true
+vaultwarden_emergency_access_allowed: true
+vaultwarden_domain: "https://vault.cianhatton.ie"
+vaultwarden_signups_allowed: false
+vaultwarden_webvault_enabled: true
+
+# Backup variables
+vaultwarden_docker_backup_restore_force: false
+vaultwarden_docker_backup_restore_latest_s3_key: true
+vaultwarden_docker_backup_fail_on_no_s3_backups: false
diff --git a/roles/portainer_vaultwarden/tasks/main.yml b/roles/portainer_vaultwarden/tasks/main.yml
new file mode 100644
index 0000000..158d0ce
--- /dev/null
+++ b/roles/portainer_vaultwarden/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: "Vaultwarden | Restore any missing volumes from S3"
+  ansible.builtin.include_role:
+    name: chatton.docker_backup.docker_s3_volume_restore
+  vars:
+    docker_backup_restore_force: "{{ vaultwarden_docker_backup_restore_force }}"
+    docker_backup_restore_latest_s3_key: "{{ vaultwarden_docker_backup_restore_latest_s3_key }}"
+    docker_backup_fail_on_no_s3_backups: "{{ vaultwarden_docker_backup_fail_on_no_s3_backups }}"
+    docker_backup_s3_volume:
+      name: "{{ vaultwarden_portainer_stack_name }}_data"
+
+- name: "Vaultwarden | Update Portainer."
+  chatton.portainer.portainer_stack:
+    username: admin
+    password: '{{ portainer.password }}'
+    base_url: '{{ portainer_base_url }}'
+    stack_name: '{{ vaultwarden_portainer_stack_name }}'
+    endpoint_id: '{{ portainer_endpoint }}'
+    state: present
+    definition:
+      version: '3.3'
+      services:
+        vaultwarden:
+          labels:
+            ie.cianhatton.backup.enabled: "{{ vaultwarden_backup_enabled }}"
+            ie.cianhatton.backup.schedule: "{{ vaultwarden_backup_schedule }}"
+          image: "{{ vaultwarden_image }}:{{ vaultwarden_tag }}"
+          environment:
+            WEBSOCKET_ENABLED: "{{ vaultwarden_websocket_enabled }}"
+            SENDS_ALLOWED: "{{ vaultwarden_sends_allowed }}"
+            EMERGENCY_ACCESS_ALLOWED: "{{ vaultwarden_emergency_access_allowed }}"
+            WEB_VAULT_ENABLED: "{{ vaultwarden_webvault_enabled }}"
+            DOMAIN: "{{ vaultwarden_domain }}"
+            ADMIN_TOKEN: "{{ vaultwarden_admin_token }}"
+            SIGNUPS_ALLOWED: "{{ vaultwarden_signups_allowed }}"
+          restart: unless-stopped
+          ports:
+            - "{{ vaultwarden_expose_port }}:80"
+          volumes:
+            - data:/data
+      volumes:
+        data: {}