{
  lib,
  config,
  ...
}: let
  dataFolder = "/var/lib/fail2ban";
  dataFile = "fail2ban.sqlite3";
in {
  options.services.fail2ban.impermanence.enable = lib.mkOption {
    type = lib.types.bool;
    default = config.services.fail2ban.enable && config.storage.impermanence.enable;
  };

  config = lib.mkIf config.services.fail2ban.enable {
    storage.datasets.replicate."system/root" = {
      directories."${dataFolder}" = lib.mkIf config.services.fail2ban.impermanence.enable {
        owner.name = "fail2ban";
        group.name = "fail2ban";
      };
    };
  };
}