diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index 7b918c0..2e8286e 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -8,7 +8,17 @@ in
     enable = lib.mkEnableOption "vaultwarden";
 
     config = lib.mkOption {
-      type = lib.types.attrsOf lib.types.str;
+      type = lib.types.submodule {
+        freeformType = lib.types.attrsOf lib.types.str;
+        options = {
+          DATA_FOLDER = lib.mkOption {
+            type = lib.types.srt;
+            default = "/var/lib/vaultwarden/";
+            readOnly = true;
+            description = "Data directory used by vaultwarden. it cannot be changed as it's using systemd's StateDirectory";
+          };
+        };
+      };
       description = "Vaultwarden is configured using environment variables";
       default = {
         ROCKET_ADDRESS = "::1"; # default to localhost
@@ -41,7 +51,7 @@ in
       wantedBy = [ "multi-user.target" ];
       wants = [ "network-online.target" ];
       after = [ "network-online.target" ];
-      environment = cfg.environment;
+      environment = cfg.config;
       serviceConfig = {
         Type = "notify";
         DynamicUser = true;