diff --git a/modules/impermanence.nix b/modules/impermanence.nix
index 9fd5fde..6d78b55 100644
--- a/modules/impermanence.nix
+++ b/modules/impermanence.nix
@@ -23,12 +23,6 @@
     ];
 
     files = [
-      # SSH host keys
-      "/etc/ssh/ssh_host_ed25519_key"
-      "/etc/ssh/ssh_host_ed25519_key.pub"
-      "/etc/ssh/ssh_host_rsa_key"
-      "/etc/ssh/ssh_host_rsa_key.pub"
-
       # Machine ID
       "/etc/machine-id"
 
@@ -49,6 +43,20 @@
     };
   };
 
+  # Store SSH host keys directly in /persistent to survive tmpfs root wipes.
+  # This is more reliable than bind mounts for service-generated files.
+  services.openssh.hostKeys = [
+    {
+      path = "/persistent/etc/ssh/ssh_host_ed25519_key";
+      type = "ed25519";
+    }
+    {
+      path = "/persistent/etc/ssh/ssh_host_rsa_key";
+      type = "rsa";
+      bits = 4096;
+    }
+  ];
+
   systemd.tmpfiles.rules = [
     "d /etc 755 root"
   ];