diff --git a/roles/traefik.nix b/roles/traefik.nix
index 13566e1..06467db 100644
--- a/roles/traefik.nix
+++ b/roles/traefik.nix
@@ -36,6 +36,19 @@
           ) (builtins.attrNames hosts);
         in
         {
+
+          environment.persistence."/persistent" = {
+            directories = [
+              "/etc/traefik"
+              {
+                directory = "/etc/traefik";
+                user = "traefik";
+                group = "root";
+                mode = "u=rwx,g=,o=";
+              }
+            ];
+          };
+
           sops.secrets = {
             "traefik/acmeEmail" = {
               owner = "traefik";
@@ -94,7 +107,7 @@
                 letsencrypt = {
                   acme = {
                     email = "$acmeEmail";
-                    storage = "acme.json";
+                    storage = "/etc/traefik/acme.json";
                     dnsChallenge = {
                       provider = "cloudflare";
                     };