diff --git a/flake.lock b/flake.lock
index 808cb73..9d8573f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1170,11 +1170,11 @@
     },
     "nixpkgs_9": {
       "locked": {
-        "lastModified": 1732981179,
-        "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=",
+        "lastModified": 1734083684,
+        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65",
+        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
         "type": "github"
       },
       "original": {
diff --git a/nki-personal-do/peertube.nix b/nki-personal-do/peertube.nix
index 1e07358..e5c78c9 100644
--- a/nki-personal-do/peertube.nix
+++ b/nki-personal-do/peertube.nix
@@ -3,7 +3,9 @@ let
   secrets = config.sops.secrets;
   cfg = config.services.peertube;
 
+  user = "peertube";
   host = "peertube.dtth.ch";
+  dataFolder = "/mnt/data/peertube";
   port = 19878;
 in
 {
@@ -57,12 +59,6 @@ in
     settings.client.videos = {
       resumable_upload.max_chunk_size = "90MB";
     };
-    settings.storage = {
-      storyboards = "/var/lib/peertube/storage/storyboards/";
-      tmp = "/mnt/data/peertube/tmp/";
-      tmp_persistent = "/mnt/data/peertube/tmp_persistent/";
-      web_videos = "/mnt/data/peertube/web-videos/";
-    };
 
     # Trust proxy
     settings.trust_proxy = [ "loopback" ] ++ config.services.traefik.staticConfigOptions.entrypoints.https.forwardedHeaders.trustedIPs;
@@ -80,6 +76,18 @@ in
   systemd.services.peertube = {
     requires = [ "arion-authentik.service" ];
     after = [ "arion-authentik.service" ];
+    unitConfig.RequiresMountsFor = [ dataFolder ];
+  };
+  systemd.tmpfiles.settings."10-peertube" = {
+    # The service hard-codes a lot of paths here, so it's nicer if we just symlink
+    "/var/lib/peertube"."L+" = {
+      argument = dataFolder;
+    };
+    ${dataFolder}."d" = {
+      user = user;
+      group = user;
+      mode = "0700";
+    };
   };
 }