diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
new file mode 100644
index 0000000..1b5b271
--- /dev/null
+++ b/modules/nixos/default.nix
@@ -0,0 +1,46 @@
+{ lib, config, ... }:
+let
+  inherit (lib) mkOption;
+  inherit (lib.types)
+    listOf
+    str
+    coercedTo
+    submodule
+    ;
+  rootDir = submodule {
+    options = {
+      directory = mkOption { type = str; };
+      user = mkOption {
+        type = str;
+        default = "root";
+      };
+      group = mkOption {
+        type = str;
+        default = "root";
+      };
+      mode = mkOption {
+        type = str;
+        default = "0755";
+      };
+    };
+  };
+in
+{
+  options = {
+    persistDirs = mkOption {
+      type = listOf (coercedTo str (d: { directory = d; }) rootDir);
+      default = [ ];
+    };
+  };
+
+  config = {
+    # Helper options
+    environment.persistence."/persist".directories = config.persistDirs;
+
+    # Global options
+    persistDirs = [
+      "/var/lib/systemd"
+      "/var/lib/nixos"
+    ];
+  };
+}
diff --git a/modules/nixos/hardware/btrfs.nix b/modules/nixos/hardware/btrfs.nix
index 5b43f07..f848eb1 100644
--- a/modules/nixos/hardware/btrfs.nix
+++ b/modules/nixos/hardware/btrfs.nix
@@ -84,12 +84,9 @@ in
           	  '';
         programs.fuse.userAllowOther = true;
         fileSystems."/persist".neededForBoot = true;
+        #FIXME: below should be in module or something
         environment.persistence."/persist" = {
           hideMounts = true;
-          directories = [
-            "/var/lib/systemd"
-            "/var/lib/nixos"
-          ];
           files = [
             "/etc/ssh/ssh_host_ed25519_key"
             "/etc/ssh/ssh_host_ed25519_key.pub"
diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix
index 3bb2ccc..46739eb 100644
--- a/modules/nixos/hardware/default.nix
+++ b/modules/nixos/hardware/default.nix
@@ -52,7 +52,7 @@ in
         ];
       };
       services.fwupd.enable = true;
-      environment.persistence."/persist".directories = lib.singleton "/var/lib/bluetooth";
+      persistDirs = singleton "/var/lib/bluetooth";
       hardware.bluetooth = {
         enable = true;
         settings.General.Experimental = true;
diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix
index 372bebe..5be5803 100644
--- a/modules/nixos/hardware/networking.nix
+++ b/modules/nixos/hardware/networking.nix
@@ -1,4 +1,7 @@
 { config, lib, ... }:
+let
+  inherit (lib) singleton;
+in
 {
   config = {
     networking = {
@@ -19,6 +22,6 @@
       enable = true;
       authKeyFile = config.sops.secrets."keys/tailscale".path;
     };
-    environment.persistence."/persist".directories = [ "/var/lib/tailscale" ];
+    persistDirs = singleton "/var/lib/tailscale";
   };
 }
diff --git a/modules/nixos/server/databases/default.nix b/modules/nixos/server/databases/default.nix
index 7008374..b75fb66 100644
--- a/modules/nixos/server/databases/default.nix
+++ b/modules/nixos/server/databases/default.nix
@@ -5,6 +5,7 @@
   ...
 }:
 let
+  inherit (lib) singleton;
   cfg = config.server.databases;
 in
 {
@@ -26,13 +27,11 @@ in
   config = lib.mkMerge [
     (lib.mkIf cfg.postgresql.enable {
       networking.firewall.allowedTCPPorts = lib.singleton cfg.postgresql.port;
-      environment.persistence."/persist".directories = [
-        {
-          directory = builtins.toString config.services.postgresql.dataDir;
-          user = "postgres";
-          group = "postgres";
-        }
-      ];
+      persistDirs = singleton {
+        directory = builtins.toString config.services.postgresql.dataDir;
+        user = "postgres";
+        group = "postgres";
+      };
       services.postgresql = {
         enable = true;
         enableTCPIP = true;
@@ -48,13 +47,11 @@ in
     })
     (lib.mkIf cfg.mongodb.enable {
       networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ];
-      environment.persistence."/persist".directories = [
-        {
-          directory = builtins.toString config.services.mongodb.dbpath;
-          user = "mongodb";
-          group = "mongodb";
-        }
-      ];
+      persistDirs = singleton {
+        directory = builtins.toString config.services.mongodb.dbpath;
+        user = "mongodb";
+        group = "mongodb";
+      };
       services.mongodb = {
         enable = true;
         bind_ip = "0.0.0.0";
@@ -65,13 +62,11 @@ in
     })
     (lib.mkIf cfg.mysql.enable {
       networking.firewall.allowedTCPPorts = [ cfg.mysql.port ];
-      environment.persistence."/persist".directories = [
-        {
-          directory = builtins.toString config.services.mysql.dataDir;
-          user = "mysql";
-          group = "mysql";
-        }
-      ];
+      persistDirs = singleton {
+        directory = builtins.toString config.services.mysql.dataDir;
+        user = "mysql";
+        group = "mysql";
+      };
       services.mysql = {
         enable = true;
         package = pkgs.mariadb;
diff --git a/modules/nixos/server/web-apps/librechat/default.nix b/modules/nixos/server/web-apps/librechat/default.nix
index c0e30b4..c3bab9d 100644
--- a/modules/nixos/server/web-apps/librechat/default.nix
+++ b/modules/nixos/server/web-apps/librechat/default.nix
@@ -23,7 +23,7 @@ in
   };
 
   config = mkIf cfg.enable {
-    environment.persistence."/persist".directories = singleton {
+    persistDirs = singleton {
       directory = upstreamCfg.logDir;
       inherit (upstreamCfg) user group;
     };
diff --git a/modules/nixos/server/web-apps/mattermost/default.nix b/modules/nixos/server/web-apps/mattermost/default.nix
index 474a45a..51ca56b 100644
--- a/modules/nixos/server/web-apps/mattermost/default.nix
+++ b/modules/nixos/server/web-apps/mattermost/default.nix
@@ -33,7 +33,7 @@ in
         message = "You must enable a local instance of postgresql.";
       }
     ];
-    environment.persistence."/persist".directories = [
+    persistDirs = [
       (mkDir cfg.configDir)
       (mkDir cfg.logDir)
       (mkDir cfg.dataDir)
diff --git a/modules/nixos/server/web-apps/sd-webui-forge/default.nix b/modules/nixos/server/web-apps/sd-webui-forge/default.nix
new file mode 100644
index 0000000..bd71e1c
--- /dev/null
+++ b/modules/nixos/server/web-apps/sd-webui-forge/default.nix
@@ -0,0 +1,27 @@
+{ config, lib, ... }:
+let
+  inherit (lib) singleton mkEnableOption mkIf;
+  cfg = config.server.sd-webui-forge;
+  upstreamCfg = config.services.sd-webui-forge;
+in
+{
+  options.server.sd-webui-forge = {
+    enable = mkEnableOption "";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = singleton {
+      assertion = config.hardware.gpu == "nvidia";
+      message = "You must run the sd-webui-forge service only with an nvidia gpu.";
+    };
+    persistDirs = singleton {
+      directory = upstreamCfg.dataDir;
+      inherit (upstreamCfg) user group;
+    };
+    services.sd-webui-forge = {
+      enable = true;
+      listen = true;
+      extraArgs = "--cuda-malloc";
+    };
+  };
+}
diff --git a/systems/x86_64-linux/nemesis/default.nix b/systems/x86_64-linux/nemesis/default.nix
index c9dfaa6..d4dfd41 100644
--- a/systems/x86_64-linux/nemesis/default.nix
+++ b/systems/x86_64-linux/nemesis/default.nix
@@ -38,11 +38,5 @@
     };
   };
 
-  services = {
-    sd-webui-forge = {
-      enable = true;
-      listen = true;
-      extraArgs = "--cuda-malloc";
-    };
-  };
+  server.sd-webui-forge.enable = true;
 }