{
  lib,
  config,
  ...
}: let
  workingDirectory = "/var/lib/private/crab-hole";
in {
  options.services.crab-hole.impermanence.enable = lib.mkOption {
    type = lib.types.bool;
    default = config.services.crab-hole.enable && config.storage.impermanence.enable;
  };

  config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [
    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
      {
        assertions = [
          {
            assertion =
              config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory);
            message = "crab-hole working directory does not match persistence";
          }
        ];
      }
      (lib.mkIf (!config.services.crab-hole.impermanence.enable) {
        # TODO: placeholder to configure a unique dataset for this service
      })
      (lib.mkIf config.services.crab-hole.impermanence.enable {
        storage.impermanence.datasets."persist/replicate/system/root" = {
          directories."${workingDirectory}" = {
            owner.name = "crab-hole";
            group.name = "crab-hole";
          };
        };
      })
    ]))
  ]);
}