diff --git a/global/fs/zfs/default.nix b/global/fs/zfs/default.nix
index a36916f2..095f39d8 100644
--- a/global/fs/zfs/default.nix
+++ b/global/fs/zfs/default.nix
@@ -37,6 +37,10 @@ in {
         type = with types; str;
         description = "UUID of secret filesystem";
       };
+      store = mkOption {
+        type = with types; str;
+        description = "UUID of store filesystem";
+      };
     };
   };
 
diff --git a/global/fs/zfs/split.nix b/global/fs/zfs/split.nix
index ea0dd93b..f49c2c09 100644
--- a/global/fs/zfs/split.nix
+++ b/global/fs/zfs/split.nix
@@ -13,7 +13,7 @@ in mkIf cfg.enable {
     PROGRAM ${cfg.mdProg}
   '';
 
-  # secret filesystem backed by LUKS on swraid
+  # secret filesystem backed by swraid
   fileSystems."/nix/var/secret" =
   { device = "/dev/disk/by-uuid/${cfg.secret}";
     fsType = "ext4";
@@ -22,6 +22,14 @@ in mkIf cfg.enable {
     depends = [ "/nix/var" ];
   };
 
+  # external store backed by swraid
+  global.fs = {
+    zfs.externalStore = mkDefault true;
+    external.device = "/dev/disk/by-uuid/${cfg.store}";
+    external.fsType = "xfs";
+    external.options = [ "noatime" ];
+  };
+
   # import system state pool after encrypted filesystems become available for key loading
   boot.initrd.systemd.services."zfs-import-${config.global.fs.store}".after = [ "cryptsetup.target" ];
 }