diff --git a/modules/server/caddy/default.nix b/modules/server/caddy/default.nix
index c7a914bc..bbe0aa63 100644
--- a/modules/server/caddy/default.nix
+++ b/modules/server/caddy/default.nix
@@ -12,11 +12,11 @@ in {
     server.caddy.enable = mkEnableOption "Enables caddy";
   };
   config = mkIf cfg.enable {
-    age.secrets.cloudflare-env = {
-      file = "${self}/secrets/cloudflare-env.age";
-      owner = "caddy";
-      mode = "400";
-    };
+    # age.secrets.cloudflare-env = {
+    #   file = "${self}/secrets/cloudflare-env.age";
+    #   owner = "caddy";
+    #   mode = "400";
+    # };
     networking.firewall = let
       ports = [80 443];
     in {
@@ -26,7 +26,7 @@ in {
 
     services.caddy = {
       enable = true;
-      environmentFile = config.age.secrets.cloudflare-env.path;
+      # environmentFile = config.age.secrets.cloudflare-env.path;
       # package = self.packages.${pkgs.system}.caddy-with-plugins;
     };
   };
diff --git a/modules/server/vaultwarden/default.nix b/modules/server/vaultwarden/default.nix
index 1c359449..b9e79758 100644
--- a/modules/server/vaultwarden/default.nix
+++ b/modules/server/vaultwarden/default.nix
@@ -29,14 +29,14 @@ in {
       Group = "root";
     };
 
-    services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
-      encode zstd gzip
-      reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} {
-        header_up X-Real-IP {remote_host}
-        # Use this instead, if using Cloudflare's proxy
-        # header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
-      }
-    '';
+    # services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
+    #   encode zstd gzip
+    #   reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} {
+    #     # header_up X-Real-IP {remote_host}
+    #     # Use this instead, if using Cloudflare's proxy
+    #     header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
+    #   }
+    # '';
 
     services.vaultwarden = {
       enable = true;
@@ -51,6 +51,7 @@ in {
         ROCKET_PORT = 8222;
         EXTENDED_LOGGING = true;
         LOG_LEVEL = "warn";
+        IP_HEADER = "CF-Connecting-IP";
       };
     };
   };
diff --git a/secrets/cloudflare-env.age b/secrets/cloudflare-env.age
index 0aa737fa..1f4c6bd9 100644
Binary files a/secrets/cloudflare-env.age and b/secrets/cloudflare-env.age differ
diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age
index 9e1e5ec6..99293ee3 100644
Binary files a/secrets/vaultwarden-env.age and b/secrets/vaultwarden-env.age differ