diff --git a/modules/binds.nix b/modules/binds.nix
new file mode 100644
index 0000000..9c7d4ad
--- /dev/null
+++ b/modules/binds.nix
@@ -0,0 +1,9 @@
+{ config, lib, ...}: {
+  imports = [ ./options.nix ];
+  fileSystems = lib.mapAttrs (dest: key: {
+    depends = [ "/persist" ];
+    device = "/persist/binds/${key}";
+    fsType = "none";
+    options = [ "bind" ];
+  }) config.me.binds;
+}
diff --git a/modules/default.nix b/modules/default.nix
index d55b54a..6775c55 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -14,6 +14,7 @@ let
     }) paths
   );
 in {
+  binds = ./binds.nix;
   options = ./options.nix;
   services = mkAttrsFromPaths [
     ./services/banksia.nix
diff --git a/modules/options.nix b/modules/options.nix
index b522127..e861c12 100644
--- a/modules/options.nix
+++ b/modules/options.nix
@@ -44,5 +44,10 @@ in {
       type = types.bool;
       default = false;
     };
+
+    binds = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      default = {};
+    };
   };
 }
diff --git a/modules/system/base.nix b/modules/system/base.nix
index 36c9993..c45eb99 100644
--- a/modules/system/base.nix
+++ b/modules/system/base.nix
@@ -1,5 +1,5 @@
 { config, inputs, modules, ... }: {
-  imports = [ modules.options ];
+  imports = [ modules.binds modules.options ];
 
   environment.etc = {
     "machine-id".source = "/persist/machine-id";
diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix
index 4bded31..732a9bb 100644
--- a/modules/system/tailscale.nix
+++ b/modules/system/tailscale.nix
@@ -1,5 +1,6 @@
 { config, ... }: {
   age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
+  me.binds."/var/lib/tailscale" = "tailscale";
   services.tailscale = {
     enable = true;
     authKeyFile = config.age.secrets.tailscale_auth.path;