diff --git a/nomad/core.tf b/nomad/core.tf
index d32dbcf..7eb8f0b 100644
--- a/nomad/core.tf
+++ b/nomad/core.tf
@@ -15,6 +15,22 @@ module "traefik" {
   base_hostname = var.base_hostname
 }
 
+module "nomad_login" {
+  source = "./levant"
+
+  template_path = "service.nomad"
+  variables = {
+    name         = "nomad-login"
+    image        = "iamthefij/nomad-vault-login"
+    service_port = 5000
+    ingress      = true
+    ingress_rule = "Host(`nomad.thefij.rocks`) && PathPrefix(`/login`)"
+    env = jsonencode({
+      VAULT_ADDR = "http://$${attr.unique.network.ip-address}:8200",
+    })
+  }
+}
+
 module "metrics" {
   source = "./metrics"
 }
diff --git a/nomad/service.nomad b/nomad/service.nomad
index e522770..f2b62d7 100644
--- a/nomad/service.nomad
+++ b/nomad/service.nomad
@@ -110,6 +110,9 @@ job "[[.name]]" {
         [[ if default false .ingress -]]
         "traefik.enable=true",
         "traefik.http.routers.[[.name]].entryPoints=websecure",
+        [[ if not (empty .ingress_rule) -]]
+        "traefik.http.routers.[[.name]].rule=[[.ingress_rule]]",
+        [[ end -]]
         [[ end -]]
       ]
     }