diff --git a/Agap-Installation.md b/Agap-Installation.md
index aa6dcef..69bbe3e 100644
--- a/Agap-Installation.md
+++ b/Agap-Installation.md
@@ -107,26 +107,24 @@ Install [Claude Code](https://claude.ai/code), then configure:
 ```json
 {
   "env": {
-    "GITEA_TOKEN": "<gitea-api-token>",
-    "ZABBIX_TOKEN": "<zabbix-api-token>",
+    "PATH": "/home/alvis/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+    "BW_PASSWORD": "<vaultwarden-master-password>",
+    "NODE_TLS_REJECT_UNAUTHORIZED": "0",
     "HTTP_PROXY": "http://127.0.0.1:56928",
     "HTTPS_PROXY": "http://127.0.0.1:56928",
     "ALL_PROXY": "http://127.0.0.1:56928",
-    "NO_PROXY": "localhost,127.0.0.1,172.17.0.0/16",
-    "TELEGRAM_BOT_TOKEN": "<telegram-bot-token>",
-    "TELEGRAM_CHAT_ID": "<telegram-chat-id>",
-    "HA_TOKEN": "<home-assistant-long-lived-token>"
+    "NO_PROXY": "localhost,127.0.0.1,172.17.0.0/16"
   },
   "effortLevel": "low"
 }
 ```
 
-**`~/.claude/CLAUDE.md`** — global instructions (Gitea wiki integration, Zabbix API, HA API). Copy from existing Agap setup.
+All API tokens (Gitea, Zabbix, Telegram, HA) are stored in **Vaultwarden** AI collection and fetched on demand — see [[Vaultwarden]].
+
+**`~/.claude/CLAUDE.md`** — global instructions (Gitea wiki integration, Zabbix API, HA API, Vaultwarden token fetch). Copy from existing Agap setup.
 
 **`~/agap_git/CLAUDE.md`** — project-level instructions (services, storage paths, common commands). Already in the repo.
 
-> Tokens must be regenerated on a fresh install — they are not stored in the repo.
-
 ## 8. Services
 
 Start all Docker services:
@@ -137,5 +135,38 @@ docker compose up -d                        # Immich
 cd gitea && docker compose up -d            # Gitea
 cd ../openai && docker compose up -d        # Open WebUI + Ollama
 cd ../zabbix && docker compose up -d        # Zabbix
+cd ../seafile && docker compose up -d       # Seafile + SeaDoc + OnlyOffice
+cd ../vaultwarden && docker compose up -d   # Vaultwarden
 cd ~/adolf && docker compose up -d          # Adolf AI assistant
 ```
+
+### Seafile post-start
+
+Restore `.env` from Vaultwarden (credentials: `SEAFILE_MYSQL_DB_PASSWORD`, `SEAFILE_REDIS_PASSWORD`, etc.).
+
+WebDAV mount (add to `/etc/hosts` first — see hairpin NAT note above):
+```bash
+sudo mkdir -p /mnt/seafile
+sudo mount -t davfs https://docs.alogins.net/seafdav/ /mnt/seafile -o uid=1000,gid=1000
+```
+
+### Root cron jobs (add to existing)
+
+```bash
+sudo crontab -e
+```
+
+Add:
+```
+0 2 */3 * * /home/alvis/agap_git/vaultwarden/backup.sh >> /var/log/vaultwarden-backup.log 2>&1
+0 2 */3 * * /home/alvis/agap_git/seafile/backup.sh >> /var/log/seafile-backup.log 2>&1
+```
+
+Store Zabbix token for backup scripts:
+```bash
+# Get token from Vaultwarden and save for root
+BW=/home/alvis/bin/bw
+SESSION=$($BW unlock "$BW_PASSWORD" --raw 2>/dev/null)
+$BW get password "ZABBIX_TOKEN" --session "$SESSION" 2>/dev/null | sudo tee /root/.zabbix_token > /dev/null
+sudo chmod 600 /root/.zabbix_token
+```