diff --git a/jobs/services/vaultwarden-backup.hcl b/jobs/services/vaultwarden-backup.hcl
new file mode 100644
index 0000000..790e8c6
--- /dev/null
+++ b/jobs/services/vaultwarden-backup.hcl
@@ -0,0 +1,50 @@
+job "vaultwarden-backup" {
+  datacenters = ["aperture"]
+  type        = "batch"
+
+  periodic {
+    crons            = ["0 */3 * * * *"]
+    prohibit_overlap = true
+  }
+
+  group "db-backup" {
+    task "postgres-backup" {
+      driver = "raw_exec"
+
+      config {
+        command = "/bin/bash"
+        args    = ["local/script.sh"]
+      }
+
+      template {
+        data        = <<EOH
+#!/bin/bash
+
+file=/storage/backups/nomad/vaultwarden/postgresql-vaultwarden-$(date +%Y-%m-%d_%H-%M-%S).sql
+
+mkdir -p /storage/backups/nomad/vaultwarden
+
+alloc_id=$(nomad job status vaultwarden | grep running | tail -n 1 | cut -d " " -f 1)
+
+job_name=$(echo ${NOMAD_JOB_NAME} | cut -d "/" -f 1)
+
+nomad alloc exec -task db $alloc_id pg_dumpall -U {{ key "vaultwarden/db/user" }} > "${file}"
+
+find /storage/backups/nomad/vaultwarden/postgresql-vaultwarden* -ctime +3 -exec rm {} \; || true
+
+if [ -s "$file" ]; then # check if file exists and is not empty
+  echo "Backup successful"
+  exit 0
+else
+  rm $file
+  curl -H "Content-Type: application/json" -d \
+  '{"content": "<@&585512338728419341> `PostgreSQL` backup for **'"${job_name}"'** has just **FAILED**\nFile name: `'"$file"'`\nDate: `'"$(TZ=Europe/Dublin date)"'`\nTurn off this script with `nomad job stop '"${job_name}"'` \n\n## Remember to restart this backup job when fixed!!!"}' \
+  {{ key "postgres/webhook/discord" }}
+fi
+EOH
+        destination = "local/script.sh"
+      }
+    }
+  }
+}
+
diff --git a/jobs/services/vaultwarden.hcl b/jobs/services/vaultwarden.hcl
index a13f717..44e42f3 100644
--- a/jobs/services/vaultwarden.hcl
+++ b/jobs/services/vaultwarden.hcl
@@ -9,6 +9,9 @@ job "vaultwarden" {
       port "http" {
         to = 80
       }
+      port "db" {
+        to = 5432
+      }
     }
 
     service {
@@ -31,14 +34,15 @@ job "vaultwarden" {
         ports = ["http"]
 
         volumes = [
-          "/storage/nomad/vaultwarden:/data"
+          "/storage/nomad/${NOMAD_JOB_NAME}:/data",
+          "/etc/localtime:/etc/localtime:ro"
         ]
       }
 
       template {
         data = <<EOF
 DOMAIN=https://vault.redbrick.dcu.ie
-DATABASE_URL=postgresql://{{ key "vaultwarden/db/user" }}:{{ key "vaultwarden/db/password" }}@postgres.service.consul:5432/{{ key "vaultwarden/db/name" }}
+DATABASE_URL=postgresql://{{ key "vaultwarden/db/user" }}:{{ key "vaultwarden/db/password" }}@{{ env "NOMAD_ADDR_db" }}/{{ key "vaultwarden/db/name" }}
 SIGNUPS_ALLOWED=false
 INVITATIONS_ALLOWED=true
 
@@ -55,14 +59,37 @@ EOF
         destination = "local/env"
         env         = true
       }
-# These yubico variables are not necessary for yubikey support, only to verify the keys with yubico.
-#YUBICO_CLIENT_ID={{ key "vaultwarden/yubico/client_id" }}
-#YUBICO_SECRET_KEY={{ key "vaultwarden/yubico/secret_key" }}
+      # These yubico variables are not necessary for yubikey support, only to verify the keys with yubico.
+      #YUBICO_CLIENT_ID={{ key "vaultwarden/yubico/client_id" }}
+      #YUBICO_SECRET_KEY={{ key "vaultwarden/yubico/secret_key" }}
 
       resources {
         cpu    = 500
         memory = 500
       }
     }
+
+    task "db" {
+      driver = "docker"
+
+      config {
+        image = "postgres:17-alpine"
+        ports = ["db"]
+
+        volumes = [
+          "/storage/nomad/${NOMAD_JOB_NAME}/${NOMAD_TASK_NAME}:/var/lib/postgresql/data",
+        ]
+      }
+
+      template {
+        data        = <<EOH
+POSTGRES_PASSWORD={{ key "vaultwarden/db/password" }}
+POSTGRES_USER={{ key "vaultwarden/db/user" }}
+POSTGRES_NAME={{ key "vaultwarden/db/name" }}
+EOH
+        destination = "local/db.env"
+        env         = true
+      }
+    }
   }
 }