diff --git a/.forgejo/workflows/eval.yaml b/.forgejo/workflows/eval.yaml
index 8c36e03..9e08e77 100644
--- a/.forgejo/workflows/eval.yaml
+++ b/.forgejo/workflows/eval.yaml
@@ -29,6 +29,16 @@ jobs:
           # Enter the shell
           nix-shell --run 'colmena build --on storage01'
 
+  build_vault01:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build vault01
+        run: |
+          # Enter the shell
+          nix-shell --run 'colmena build --on vault01'
+
   build_web01:
     runs-on: nix
     steps:
diff --git a/machines/vault01/_configuration.nix b/machines/vault01/_configuration.nix
new file mode 100644
index 0000000..2f1eb5c
--- /dev/null
+++ b/machines/vault01/_configuration.nix
@@ -0,0 +1,21 @@
+{ lib, ... }:
+
+lib.extra.mkConfig {
+  enabledModules = [
+    # List of modules to enable
+    "dgn-fail2ban"
+  ];
+
+  enabledServices = [
+    # List of services to enable
+  ];
+
+  extraConfig = {
+    dgn-fail2ban.jails =
+      lib.extra.enableAttrs' "enabled" [ "sshd-bruteforce" "sshd-timeout" ];
+
+    services.netbird.enable = true;
+  };
+
+  root = ./.;
+}
diff --git a/machines/vault01/_hardware-configuration.nix b/machines/vault01/_hardware-configuration.nix
new file mode 100644
index 0000000..7f4189f
--- /dev/null
+++ b/machines/vault01/_hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules =
+        [ "xhci_pci" "megaraid_sas" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
+      kernelModules = [ ];
+    };
+
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+    kernelPackages = pkgs.linuxKernel.packages.linux_6_7;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/cfa2a9fd-f053-42ce-9d9a-65cdd773272d";
+      fsType = "ext4";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/33AE-7115";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/954ecb9c-ccd1-4e98-9eb6-3514bd3c01d1"; }];
+}
diff --git a/machines/vault01/secrets/secrets.nix b/machines/vault01/secrets/secrets.nix
new file mode 100644
index 0000000..bad9995
--- /dev/null
+++ b/machines/vault01/secrets/secrets.nix
@@ -0,0 +1,6 @@
+let
+  lib = import ../../../lib { };
+  publicKeys = lib.getNodeKeys "vault01";
+
+in lib.setDefault { inherit publicKeys; } [
+]
diff --git a/meta/infrastructure.nix b/meta/infrastructure.nix
index d983ec7..ef30234 100644
--- a/meta/infrastructure.nix
+++ b/meta/infrastructure.nix
@@ -7,6 +7,11 @@
     "storage01"
   ];
 
+  # Jourdan
+  par02 = [
+    "vault01"
+  ];
+
   # VMs du SPI/NPS/Whatever
   dmi01 = [
     "web01"
diff --git a/meta/network.nix b/meta/network.nix
index 8072f8b..3d6d9f2 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -60,6 +60,20 @@ builtins.mapAttrs mkNet {
     hostId = "d4e7c369";
   };
 
+  vault01 = {
+    interfaces = {
+      enp130s0f0 = {
+        ipv4 = [
+          { address = "129.199.210.85"; prefixLength = 24; }
+        ];
+
+        gateways = [ "129.199.210.254" ];
+      };
+    };
+
+    hostId = "e83b600d";
+  };
+
   web01 = {
     interfaces = {
       ens3 = {
diff --git a/meta/nodes.nix b/meta/nodes.nix
index 56d8478..358aa0d 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -37,4 +37,8 @@ builtins.mapAttrs mkNode {
   storage01 = {
     stateVersion = "23.11";
   };
+
+  vault01 = {
+    stateVersion = "23.11";
+  };
 }