diff --git a/nixos/home-manager/scripts.nix b/nixos/home-manager/scripts.nix
index f38ae262..39f58dc3 100644
--- a/nixos/home-manager/scripts.nix
+++ b/nixos/home-manager/scripts.nix
@@ -1,57 +1,7 @@
 { config, pkgs, ... }:
-
-let
-  mount-vault = pkgs.writeTextFile {
-    name = "mount-vault";
-    executable = true;
-    destination = "/bin/mount-vault";
-    text = ''
-      #!/usr/bin/env bash
-
-      set -e
-      set -o pipefail
-
-      VERACRYPT="veracrypt"
-      if [[ "$OSTYPE" == "darwin"* ]]; then
-        VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
-      fi
-
-      MOUNT_TARGET=$2
-      if [[ -z "$MOUNT_TARGET" ]]; then
-        MOUNT_TARGET=$HOME/.vault
-      fi
-
-      sudo chown $USER "$MOUNT_TARGET"
-      mkdir -p "$MOUNT_TARGET"
-
-      MOUNT_SOURCE=$1
-      if [[ -z "$MOUNT_SOURCE" ]]; then
-        MOUNT_SOURCE="$HOME/vaults/vault.vera"
-      fi
-
-      chmod a+x "$MOUNT_SOURCE"
-
-      if [[ -z "$VAULT_PASSWORD" ]]; then
-        echo "interactive mount"
-        $VERACRYPT -t --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
-      else
-        echo "non-interactive mount of '$MOUNT_SOURCE' to '$MOUNT_TARGET'"
-        sudo $VERACRYPT -t --non-interactive -p $VAULT_PASSWORD --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
-      fi
-      echo "mounted"
-      sudo chown $USER "$MOUNT_TARGET"
-      echo "chowned"
-
-      echo "$MOUNT_SOURCE -> $MOUNT_TARGET"
-
-      if [[ -z $NO_INSTALL_VAULT ]]; then
-        "$MOUNT_TARGET/install"
-      fi
-    '';
-  };
-
-in
-  {
-
-    home.packages = with pkgs; [ mount-vault ];
-  }
+{
+  imports = [
+    ./scripts/mount-vault.nix
+    ./scripts/umount-vault.nix
+  ];
+}
diff --git a/nixos/home-manager/scripts/mount-vault.nix b/nixos/home-manager/scripts/mount-vault.nix
new file mode 100644
index 00000000..f38ae262
--- /dev/null
+++ b/nixos/home-manager/scripts/mount-vault.nix
@@ -0,0 +1,57 @@
+{ config, pkgs, ... }:
+
+let
+  mount-vault = pkgs.writeTextFile {
+    name = "mount-vault";
+    executable = true;
+    destination = "/bin/mount-vault";
+    text = ''
+      #!/usr/bin/env bash
+
+      set -e
+      set -o pipefail
+
+      VERACRYPT="veracrypt"
+      if [[ "$OSTYPE" == "darwin"* ]]; then
+        VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
+      fi
+
+      MOUNT_TARGET=$2
+      if [[ -z "$MOUNT_TARGET" ]]; then
+        MOUNT_TARGET=$HOME/.vault
+      fi
+
+      sudo chown $USER "$MOUNT_TARGET"
+      mkdir -p "$MOUNT_TARGET"
+
+      MOUNT_SOURCE=$1
+      if [[ -z "$MOUNT_SOURCE" ]]; then
+        MOUNT_SOURCE="$HOME/vaults/vault.vera"
+      fi
+
+      chmod a+x "$MOUNT_SOURCE"
+
+      if [[ -z "$VAULT_PASSWORD" ]]; then
+        echo "interactive mount"
+        $VERACRYPT -t --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
+      else
+        echo "non-interactive mount of '$MOUNT_SOURCE' to '$MOUNT_TARGET'"
+        sudo $VERACRYPT -t --non-interactive -p $VAULT_PASSWORD --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
+      fi
+      echo "mounted"
+      sudo chown $USER "$MOUNT_TARGET"
+      echo "chowned"
+
+      echo "$MOUNT_SOURCE -> $MOUNT_TARGET"
+
+      if [[ -z $NO_INSTALL_VAULT ]]; then
+        "$MOUNT_TARGET/install"
+      fi
+    '';
+  };
+
+in
+  {
+
+    home.packages = with pkgs; [ mount-vault ];
+  }
diff --git a/nixos/home-manager/scripts/umount-vault.nix b/nixos/home-manager/scripts/umount-vault.nix
new file mode 100644
index 00000000..23c555f0
--- /dev/null
+++ b/nixos/home-manager/scripts/umount-vault.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+let
+  umount-vault = pkgs.writeTextFile {
+    name = "umount-vault";
+    executable = true;
+    destination = "/bin/umount-vault";
+    text = ''
+      #!/usr/bin/env bash
+
+      set -e
+      VERACRYPT="veracrypt"
+      if [[ "$OSTYPE" == "darwin"* ]]; then
+        VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
+      fi
+      $VERACRYPT -t -d
+    '';
+  };
+
+in
+  {
+    home.packages = with pkgs; [ umount-vault ];
+  }
diff --git a/tools/mount-vault b/tools/mount-vault
deleted file mode 100755
index cf57fa07..00000000
--- a/tools/mount-vault
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-set -o pipefail
-
-VERACRYPT="veracrypt"
-if [[ "$OSTYPE" == "darwin"* ]]; then
-  VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
-fi
-
-MOUNT_TARGET=$2
-if [[ -z "$MOUNT_TARGET" ]]; then
-  MOUNT_TARGET=$HOME/.vault
-fi
-
-sudo chown $USER "$MOUNT_TARGET"
-mkdir -p "$MOUNT_TARGET"
-
-MOUNT_SOURCE=$1
-if [[ -z "$MOUNT_SOURCE" ]]; then
-  MOUNT_SOURCE="$HOME/vaults/vault.vera"
-fi
-
-chmod a+x "$MOUNT_SOURCE"
-
-if [[ -z "$VAULT_PASSWORD" ]]; then
-  echo "interactive mount"
-  $VERACRYPT -t --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
-else
-  echo "non-interactive mount of '$MOUNT_SOURCE' to '$MOUNT_TARGET'"
-  sudo $VERACRYPT -t --non-interactive -p $VAULT_PASSWORD --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
-fi
-echo "mounted"
-sudo chown $USER "$MOUNT_TARGET"
-echo "chowned"
-
-echo "$MOUNT_SOURCE -> $MOUNT_TARGET"
-
-if [[ -z $NO_INSTALL_VAULT ]]; then
-  "$MOUNT_TARGET/install"
-fi