diff --git a/host.nix b/host.nix
index 1f954ab..66883dd 100644
--- a/host.nix
+++ b/host.nix
@@ -10,11 +10,12 @@ let services = with builtins;
     secrets = import ./secrets/secrets.nix;
 
     hostIp = "10.10.0.1";
+    hostVolumeDir = "/var/lib/container-storage/";
 in
 
 { 
   containers = 
-lib.foldMap ({ name, config, ip, ports, ... }: 
+lib.flatMap ({ name, config, ip, ports, volumes, ... }: 
 {
   ${name} = {
       autoStart = true;
@@ -22,13 +23,22 @@ lib.foldMap ({ name, config, ip, ports, ... }:
       privateNetwork = true;
       hostAddress = hostIp;
       localAddress = ip;
+      bindMounts = lib.flatMap (volume@{ name, mountPoint }:
+      {
+        "${name}" = {
+          inherit mountPoint;
+          isReadOnly = if volume ? readOnly then volume.readOnly else false;
+          hostPath = hostVolumeDir + name;
+        };
+      }
+      ) volumes;
       config = config // {
         boot.isContainer = true;
 
         networking = {
           hostName = "${name}";
 
-          hosts = lib.foldMap ({ name, ip, ...}:
+          hosts = lib.flatMap ({ name, ip, ...}:
             { "${ip}" = [ "${name}.containers" "${name}" ]; }
           ) services;
 
@@ -47,13 +57,20 @@ lib.foldMap ({ name, config, ip, ports, ... }:
 //
 
 {
+
+  system.activationScripts.makeBindMounts = with builtins;
+    lib.flatMapS (name: ''
+      mkdir -p ${hostVolumeDir + name}
+    '') 
+    (concatMap (s: map (v: v.name) s.volumes) services);
+
   # [NGINX]
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;
     virtualHosts =
-      lib.foldMap ({ ports, hosts, ip, ... }: 
-        lib.foldMap (host: 
+      lib.flatMap ({ ports, hosts, ip, ... }: 
+        lib.flatMap (host: 
           if (builtins.isNull ports.http) 
             then {}
             else {
diff --git a/lib.nix b/lib.nix
index f0185b0..2803aca 100644
--- a/lib.nix
+++ b/lib.nix
@@ -1,3 +1,4 @@
 {
-  foldMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
+  flatMap = (f: list: builtins.foldl' (acc: elem: acc // elem) {} (builtins.map f list));
+  flatMapS = (f: list: builtins.foldl' (acc: elem: acc + elem) "" (builtins.map f list));
 }
diff --git a/result b/result
deleted file mode 120000
index 8d0a1a7..0000000
--- a/result
+++ /dev/null
@@ -1 +0,0 @@
-/nix/store/cy1mab4p2g1zf38bcdpb3ix034wxs8a8-nixos-vm
\ No newline at end of file
diff --git a/services/gitea.nix b/services/gitea.nix
index dd92126..1cc974b 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -26,4 +26,8 @@
     http = 3001;
   };
   hosts = [ "localhost" ];
+  volumes = [{
+    name = "gitea-statedir";
+    mountPoint = "/var/lib/gitea";
+  }]; # TODO
 }
diff --git a/services/postgres.nix b/services/postgres.nix
index 56c50d7..eccab69 100644
--- a/services/postgres.nix
+++ b/services/postgres.nix
@@ -21,4 +21,8 @@
     http = null;
   };
   hosts = [ ];
+  volumes = [{
+    name = "postgres-storage";
+    mountPoint = "/var/lib/postgresql";
+  }];
 }
diff --git a/services/readme.md b/services/readme.md
index e7f2cc6..9eded8a 100644
--- a/services/readme.md
+++ b/services/readme.md
@@ -15,5 +15,12 @@ Services are of the form:
     http = 80;
   };
   hosts = [ "myservice.domain.mjau" ];
+  volumes = [
+  {
+    name = "myservice-storage";
+    mountPoint = "/var/lib/whatever";
+    readOnly = false;
+  };
+  ];
 }
 ```