feat: refactored impermanence modules to follow new pattern

modules/nixos-modules/server/fail2ban/storage.nix

@@ -0,0 +1,37 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  dataFolder = "/var/lib/fail2ban";
+  dataFile = "fail2ban.sqlite3";
+in {
+  options.services.fail2ban.impermanence.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.services.fail2ban.enable && config.storage.impermanence.enable;
+  };
+
+  config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [
+    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+      {
+        assertions = [
+          {
+            assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}";
+            message = "fail2ban data file does not match persistence";
+          }
+        ];
+      }
+      (lib.mkIf (!config.services.fail2ban.impermanence.enable) {
+        # TODO: placeholder to configure a unique dataset for this service
+      })
+      (lib.mkIf config.services.fail2ban.impermanence.enable {
+        storage.impermanence.datasets."persist/system/root" = {
+          directories."${dataFolder}" = {
+            owner.name = "fail2ban";
+            group.name = "fail2ban";
+          };
+        };
+      })
+    ]))
+  ]);
+}