diff --git a/modules/functionality/ensure.nix b/modules/functionality/ensure.nix
new file mode 100644
index 0000000..47d5eb5
--- /dev/null
+++ b/modules/functionality/ensure.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+with lib;
+with lib.hlissner;
+let
+  cfg = config.services.ensure;
+in
+{
+  options.services.ensure = with types; {
+    enable = mkBoolOpt true;
+    directories = mkOpt (listOf string) [ ];
+  };
+
+  config.systemd.services = {
+    "ensure-directories" = mkIf (cfg.enable && (length cfg.directories > 0)) {
+      description = "Ensures certain directories exist (${concatStringsSep "," cfg.directories})";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.Type = "oneshot";
+      script = "mkdir -p ${concatStringsSep " " cfg.directories}";
+    };
+  };
+}
diff --git a/modules/modules/security.nix b/modules/modules/global.nix
similarity index 84%
rename from modules/modules/security.nix
rename to modules/modules/global.nix
index d078be9..3679858 100644
--- a/modules/modules/security.nix
+++ b/modules/modules/global.nix
@@ -18,4 +18,7 @@ with lib.hlissner;
 
   # Allow non-root users to allow other users to access mount point
   programs.fuse.userAllowOther = mkDefault true;
+
+  # Ensure certain necessary directories always exist
+  services.ensure.directories = [ "/mnt" ];
 }