diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
index 41f7de5d8..31c183ed5 100644
--- a/nixos/modules/services/security/vaultwarden/default.nix
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@@ -25,7 +25,7 @@ let
       configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) {
         ${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value;
       }) cfg.config;
-    in { DATA_FOLDER = "/var/lib/${StateDirectory}"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
+    in { DATA_FOLDER = cfg.dataDir; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
       WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
     } // configEnv;
 
@@ -157,6 +157,16 @@ in {
       defaultText = lib.literalExpression "pkgs.vaultwarden.webvault";
       description = "Web vault package to use.";
     };
+
+    dataDir = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/${StateDirectory}";
+      description = ''
+        The directury in which vaultwarden will keep its state. If left as the default value
+        this directory will automatically be created before the vaultwarden server starts, otherwise
+        the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -224,7 +234,7 @@ in {
     systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) {
       description = "Backup vaultwarden";
       environment = {
-        DATA_FOLDER = "/var/lib/${StateDirectory}";
+        DATA_FOLDER = cfg.dataDir;
         BACKUP_FOLDER = cfg.backupDir;
       };
       path = with pkgs; [ sqlite ];