feat: moved services over to using the new storage datasets

2025-11-15 16:37:10 -06:00 · 2025-11-15 16:37:10 -06:00 · c2701ea8f0
commit c2701ea8f0
parent 757a3892e1
23 changed files with 281 additions and 606 deletions
--- a/modules/nixos-modules/ollama/storage.nix
+++ b/modules/nixos-modules/ollama/storage.nix
@ -10,18 +10,9 @@
    };
  };
-  config = lib.mkIf config.services.ollama.enable (
+  config = lib.mkIf (config.services.ollama.enable) {
-    lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+      directories."/var/lib/private/ollama" = lib.mkIf config.services.ollama.impermanence.enable {
        {
          # Ollama needs persistent storage for models and configuration
        }
        (lib.mkIf (!config.services.ollama.impermanence.enable) {
          # TODO: placeholder to configure a unique dataset for this service
        })
        (lib.mkIf config.services.ollama.impermanence.enable {
          storage.impermanence.datasets."persist/replicate/system/root" = {
            directories."/var/lib/private/ollama" = {
        enable = true;
        owner.name = config.services.ollama.user;
        group.name = config.services.ollama.group;
@ -42,8 +33,5 @@
        };
      };
    };
-        })
+  };
      ]))
    ]
  );
 }
--- a/modules/nixos-modules/server/actual/storage.nix
+++ b/modules/nixos-modules/server/actual/storage.nix
@ -11,31 +11,12 @@ in {
    default = config.services.actual.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.actual.enable (lib.mkMerge [
+  config = lib.mkIf config.services.actual.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${dataDirectory}" = lib.mkIf config.services.actual.impermanence.enable {
        assertions = [
          {
            assertion = config.services.actual.settings.dataDir == dataDirectory;
            message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}";
          }
          {
            assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false;
            message = "actual systemd service must have DynamicUser enabled to use private directory";
          }
        ];
      }
      (lib.mkIf (!config.services.actual.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.actual.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${dataDirectory}" = {
        owner.name = "actual";
        group.name = "actual";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/bazarr/storage.nix
+++ b/modules/nixos-modules/server/bazarr/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.bazarr.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [
+  config = lib.mkIf config.services.bazarr.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${bazarr_data_directory}" = lib.mkIf config.services.bazarr.impermanence.enable {
        assertions = [
          {
            assertion = config.services.bazarr.dataDir == bazarr_data_directory;
            message = "bazarr data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.bazarr.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.bazarr.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${bazarr_data_directory}" = {
        owner.name = "bazarr";
        group.name = "bazarr";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/crab-hole/storage.nix
+++ b/modules/nixos-modules/server/crab-hole/storage.nix
@ -10,28 +10,12 @@ in {
    default = config.services.crab-hole.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [
+  config = lib.mkIf config.services.crab-hole.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${workingDirectory}" = lib.mkIf config.services.crab-hole.impermanence.enable {
        assertions = [
          {
            assertion =
              config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory);
            message = "crab-hole working directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.crab-hole.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.crab-hole.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${workingDirectory}" = {
        owner.name = "crab-hole";
        group.name = "crab-hole";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/fail2ban/storage.nix
+++ b/modules/nixos-modules/server/fail2ban/storage.nix
@ -11,27 +11,12 @@ in {
    default = config.services.fail2ban.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [
+  config = lib.mkIf config.services.fail2ban.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${dataFolder}" = lib.mkIf config.services.fail2ban.impermanence.enable {
        assertions = [
          {
            assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}";
            message = "fail2ban data file does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.fail2ban.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.fail2ban.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${dataFolder}" = {
        owner.name = "fail2ban";
        group.name = "fail2ban";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/flaresolverr/storage.nix
+++ b/modules/nixos-modules/server/flaresolverr/storage.nix
@ -8,19 +8,12 @@
    default = config.services.flaresolverr.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [
+  config = lib.mkIf config.services.flaresolverr.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      (lib.mkIf (!config.services.flaresolverr.impermanence.enable) {
+      directories."/var/lib/flaresolverr" = lib.mkIf config.services.flaresolverr.impermanence.enable {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.flaresolverr.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."/var/lib/flaresolverr" = {
        owner.name = "flaresolverr";
        group.name = "flaresolverr";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/forgejo/storage.nix
+++ b/modules/nixos-modules/server/forgejo/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.forgejo.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [
+  config = lib.mkIf config.services.forgejo.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${stateDir}" = lib.mkIf config.services.forgejo.impermanence.enable {
        assertions = [
          {
            assertion = config.services.forgejo.stateDir == stateDir;
            message = "forgejo state directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.forgejo.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.forgejo.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${stateDir}" = {
        owner.name = "forgejo";
        group.name = "forgejo";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/home-assistant/storage.nix
+++ b/modules/nixos-modules/server/home-assistant/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.home-assistant.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [
+  config = lib.mkIf config.services.home-assistant.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${configDir}" = lib.mkIf config.services.home-assistant.impermanence.enable {
        assertions = [
          {
            assertion = config.services.home-assistant.configDir == configDir;
            message = "home assistant config directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.home-assistant.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.home-assistant.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${configDir}" = {
        owner.name = "hass";
        group.name = "hass";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/immich/storage.nix
+++ b/modules/nixos-modules/server/immich/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.immich.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.immich.enable (lib.mkMerge [
+  config = lib.mkIf config.services.immich.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${mediaLocation}" = lib.mkIf config.services.immich.impermanence.enable {
        assertions = [
          {
            assertion = config.services.immich.mediaLocation == mediaLocation;
            message = "immich media location does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.immich.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.immich.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${mediaLocation}" = {
        owner.name = "immich";
        group.name = "immich";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/jackett/storage.nix
+++ b/modules/nixos-modules/server/jackett/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.jackett.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.jackett.enable (lib.mkMerge [
+  config = lib.mkIf config.services.jackett.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${jackett_data_directory}" = lib.mkIf config.services.jackett.impermanence.enable {
        assertions = [
          {
            assertion = config.services.jackett.dataDir == jackett_data_directory;
            message = "jackett data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.jackett.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.jackett.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${jackett_data_directory}" = {
        owner.name = "jackett";
        group.name = "jackett";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/jellyfin/storage.nix
+++ b/modules/nixos-modules/server/jellyfin/storage.nix
@ -11,44 +11,27 @@ in {
    default = config.services.jellyfin.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [
+  config = lib.mkIf config.services.jellyfin.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate = {
-      {
+      "system/root" = {
        assertions = [
          {
            assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
            message = "jellyfin data directory does not match persistence";
          }
          {
            assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
            message = "jellyfin cache directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.jellyfin.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.jellyfin.impermanence.enable {
        storage.impermanence.datasets = {
          "persist/replicate/system/root" = {
        directories = {
-              "${jellyfin_data_directory}" = {
+          "${jellyfin_data_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable {
            enable = true;
            owner.name = "jellyfin";
            group.name = "jellyfin";
          };
-              "${jellyfin_cache_directory}" = {
+          "${jellyfin_cache_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable {
            enable = true;
            owner.name = "jellyfin";
            group.name = "jellyfin";
          };
        };
      };
-          "persist/replicate/system/jellyfin" = {
+      "system/jellyfin" = {
        atime = "off";
        relatime = "off";
-            directories."${config.services.jellyfin.media_directory}" = {
+        directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable {
          enable = true;
          owner.name = "jellyfin";
          group.name = "jellyfin_media";
@ -70,7 +53,5 @@ in {
        };
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/lidarr/storage.nix
+++ b/modules/nixos-modules/server/lidarr/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.lidarr.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [
+  config = lib.mkIf config.services.lidarr.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${lidarr_data_directory}" = lib.mkIf config.services.lidarr.impermanence.enable {
        assertions = [
          {
            assertion = config.services.lidarr.dataDir == lidarr_data_directory;
            message = "lidarr data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.lidarr.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.lidarr.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${lidarr_data_directory}" = {
        owner.name = "lidarr";
        group.name = "lidarr";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/panoramax/storage.nix
+++ b/modules/nixos-modules/server/panoramax/storage.nix
@ -8,26 +8,12 @@
    default = config.services.panoramax.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [
+  config = lib.mkIf config.services.panoramax.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."/var/lib/panoramax" = lib.mkIf config.services.panoramax.impermanence.enable {
        # TODO: configure impermanence for panoramax data
        # This would typically include directories like:
        # - /var/lib/panoramax
        # - panoramax storage directories
        # - any cache or temporary directories that need to persist
      }
      (lib.mkIf (!config.services.panoramax.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.panoramax.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."/var/lib/panoramax" = {
        owner.name = "panoramax";
        group.name = "panoramax";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/paperless/storage.nix
+++ b/modules/nixos-modules/server/paperless/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.paperless.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.paperless.enable (lib.mkMerge [
+  config = lib.mkIf config.services.paperless.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${dataDir}" = lib.mkIf config.services.paperless.impermanence.enable {
        assertions = [
          {
            assertion = config.services.paperless.dataDir == dataDir;
            message = "paperless data location does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.paperless.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.paperless.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${dataDir}" = {
        owner.name = "paperless";
        group.name = "paperless";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/postgres/storage.nix
+++ b/modules/nixos-modules/server/postgres/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.postgresql.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [
+  config = lib.mkIf config.services.postgresql.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${dataDir}" = lib.mkIf config.services.postgresql.impermanence.enable {
        assertions = [
          {
            assertion = config.services.postgresql.dataDir == dataDir;
            message = "postgres data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.postgresql.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.postgresql.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${dataDir}" = {
        owner.name = "postgres";
        group.name = "postgres";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/qbittorent/storage.nix
+++ b/modules/nixos-modules/server/qbittorent/storage.nix
@ -10,31 +10,16 @@ in {
    default = config.services.qbittorrent.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [
+  config = lib.mkIf config.services.qbittorrent.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate = {
-      {
+      "system/root" = {
-        assertions = [
+        directories."${qbittorent_profile_directory}" = lib.mkIf config.services.qbittorrent.impermanence.enable {
          {
            assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory;
            message = "qbittorrent data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.qbittorrent.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (
        lib.mkIf config.services.qbittorrent.impermanence.enable
        {
          storage.impermanence.datasets = {
            "persist/replicate/system/root" = {
              directories."${qbittorent_profile_directory}" = {
          owner.name = "qbittorrent";
          group.name = "qbittorrent";
        };
      };
-            "persist/replicate/system/qbittorrent" = {
+      "system/qbittorrent" = {
-              directories."${config.services.qbittorrent.mediaDir}" = {
+        directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable {
          owner.name = "qbittorrent";
          group.name = "qbittorrent";
          owner.permissions = {
@ -55,8 +40,5 @@ in {
        };
      };
    };
-        }
+  };
      )
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/radarr/storage.nix
+++ b/modules/nixos-modules/server/radarr/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.radarr.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.radarr.enable (lib.mkMerge [
+  config = lib.mkIf config.services.radarr.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${radarr_data_directory}" = lib.mkIf config.services.radarr.impermanence.enable {
        assertions = [
          {
            assertion = config.services.radarr.dataDir == radarr_data_directory;
            message = "radarr data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.radarr.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.radarr.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${radarr_data_directory}" = {
        owner.name = "radarr";
        group.name = "radarr";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/reverseProxy/storage.nix
+++ b/modules/nixos-modules/server/reverseProxy/storage.nix
@ -10,19 +10,12 @@ in {
    default = config.services.reverseProxy.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [
+  config = lib.mkIf config.services.reverseProxy.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      (lib.mkIf (!config.services.reverseProxy.impermanence.enable) {
+      directories."${dataDir}" = lib.mkIf config.services.reverseProxy.impermanence.enable {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.reverseProxy.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${dataDir}" = {
        owner.name = "acme";
        group.name = "acme";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/server/sonarr/storage.nix
+++ b/modules/nixos-modules/server/sonarr/storage.nix
@ -10,27 +10,12 @@ in {
    default = config.services.sonarr.enable && config.storage.impermanence.enable;
  };
-  config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [
+  config = lib.mkIf config.services.sonarr.enable {
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      directories."${sonarr_data_directory}" = lib.mkIf config.services.sonarr.impermanence.enable {
        assertions = [
          {
            assertion = config.services.sonarr.dataDir == sonarr_data_directory;
            message = "sonarr data directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.sonarr.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.sonarr.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${sonarr_data_directory}" = {
        owner.name = "sonarr";
        group.name = "sonarr";
      };
    };
-      })
+  };
    ]))
  ]);
 }
--- a/modules/nixos-modules/ssh.nix
+++ b/modules/nixos-modules/ssh.nix
@ -10,8 +10,7 @@
    };
  };
-  config = lib.mkMerge [
+  config = {
    {
    services = {
      openssh = {
        enable = true;
@ -23,17 +22,9 @@
        };
      };
    };
-    }
+
-    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      {
+      files = lib.mkIf config.services.openssh.impermanence.enable (builtins.listToAttrs (
        # SSH host keys need to be persisted to maintain server identity
      }
      (lib.mkIf (!config.services.openssh.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.openssh.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          files = builtins.listToAttrs (
        lib.lists.flatten (
          builtins.map (hostKey: [
            {
@ -47,9 +38,7 @@
          ])
          config.services.openssh.hostKeys
        )
-          );
+      ));
    };
  };
      })
    ]))
  ];
 }
--- a/modules/nixos-modules/sync/storage.nix
+++ b/modules/nixos-modules/sync/storage.nix
@ -13,45 +13,20 @@ in {
    };
  };
-  config = lib.mkIf config.services.syncthing.enable (
+  config = lib.mkIf config.services.syncthing.enable {
-    lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
      (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
        {
          # Syncthing needs persistent storage for configuration and data
        }
        (lib.mkIf (!config.services.syncthing.impermanence.enable) {
          # TODO: placeholder to configure a unique dataset for this service
        })
        (lib.mkIf config.services.syncthing.impermanence.enable {
          assertions =
            [
              {
                assertion = config.services.syncthing.configDir == configDir;
                message = "syncthing config dir does not match persistence";
              }
            ]
            ++ lib.attrsets.mapAttrsToList (_: folder: {
              assertion = lib.strings.hasPrefix mountDir folder.path;
              message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}";
            })
            config.services.syncthing.settings.folders;
          storage.impermanence.datasets."persist/replicate/system/root" = {
      directories = {
-              "${mountDir}" = {
+        "${mountDir}" = lib.mkIf config.services.syncthing.impermanence.enable {
          enable = true;
          owner.name = "syncthing";
          group.name = "syncthing";
        };
-              "${configDir}" = {
+        "${configDir}" = lib.mkIf config.services.syncthing.impermanence.enable {
          enable = true;
          owner.name = "syncthing";
          group.name = "syncthing";
        };
      };
    };
-        })
+  };
      ]))
    ]
  );
 }
--- a/modules/nixos-modules/tailscale/storage.nix
+++ b/modules/nixos-modules/tailscale/storage.nix
@ -12,25 +12,13 @@ in {
    };
  };
-  config = lib.mkIf config.services.tailscale.enable (
+  config = lib.mkIf config.services.tailscale.enable {
-    lib.mkMerge [
+    storage.datasets.replicate."system/root" = {
-      (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+      directories."${tailscale_data_directory}" = lib.mkIf config.services.tailscale.impermanence.enable {
        {
          # Tailscale needs persistent storage for keys and configuration
        }
        (lib.mkIf (!config.services.tailscale.impermanence.enable) {
          # TODO: placeholder to configure a unique dataset for this service
        })
        (lib.mkIf config.services.tailscale.impermanence.enable {
          storage.impermanence.datasets."persist/replicate/system/root" = {
            directories."${tailscale_data_directory}" = {
        enable = true;
        owner.name = "root";
        group.name = "root";
      };
    };
-        })
+  };
      ]))
    ]
  );
 }
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@ -402,7 +402,7 @@ in {
    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
      {
        # sops age key needs to be available to pre persist for user generation
-        storage.zfs.datasets."persist/local/system/sops" = {
+        storage.datasets.local."system/sops" = {
          type = "zfs_fs";
          mount = {
            enable = true;
@ -413,9 +413,9 @@ in {
        };
      }
      (lib.mkIf (!config.storage.impermanence.enable) {
-        storage.zfs.datasets = lib.mkMerge (
+        storage.datasets.replicate = lib.mkMerge (
          builtins.map (user: {
-            "persist/replicate/home/${user.name}" = {
+            "home/${user.name}" = {
              type = "zfs_fs";
              mount = {
                enable = true;
@ -428,9 +428,9 @@ in {
        );
      })
      (lib.mkIf config.storage.impermanence.enable {
-        storage.zfs.datasets = lib.mkMerge (
+        storage.datasets.ephemeral = lib.mkMerge (
          builtins.map (user: {
-            "ephemeral/home/${user.name}" = {
+            "home/${user.name}" = {
              type = "zfs_fs";
              mount = {
                enable = true;