diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix
index 9b8d16c5..899e3747 100644
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@@ -82,23 +82,21 @@ in
                         type = types.bool;
                         default = false;
                       };
-                      apply = mkOption {
-                        type = with types; functionTo raw; # TODO: splice out the user type from NixOS
-                        default =
-                          requests:
-                          let
-                            # Filter out requests that need wheel if policy doesn't allow it
-                            validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests;
-                          in
-                          lib.optionalAttrs (validRequests != { }) {
-                            ${config.username} = {
-                              isNormalUser = true;
-                              packages = with lib; concatMapAttrs (_name: request: attrValues request.packages) validRequests;
-                              extraGroups = lib.optional config.wheel "wheel";
-                            };
-                          };
-                      };
                     };
+                    config.resource-type = types.any; # TODO: splice out the user type from NixOS
+                    config.apply =
+                      requests:
+                      let
+                        # Filter out requests that need wheel if policy doesn't allow it
+                        validRequests = lib.filterAttrs (_name: req: !req.wheel || config.wheel) requests;
+                      in
+                      lib.optionalAttrs (validRequests != { }) {
+                        ${config.username} = {
+                          isNormalUser = true;
+                          packages = with lib; concatMapAttrs (_name: request: attrValues request.packages) validRequests;
+                          extraGroups = lib.optional config.wheel "wheel";
+                        };
+                      };
                   };
               };
               applications.hello =
@@ -164,8 +162,7 @@ in
       {
         inherit (fediversity) example-deployment;
       };
-    expected =
-      {
-      };
+    expected = {
+    };
   };
 }
diff --git a/deployment/data-model.nix b/deployment/data-model.nix
index 39bd193f..d46fdf75 100644
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@@ -53,12 +53,23 @@ in
                 description = "Options for configuring the resource policy for the hosting provider, a description of how the resource is made available";
                 type = deferredModuleWith {
                   staticModules = [
-                    {
+                    (policy: {
                       _class = "fediversity-resource-policy";
+                      # TODO(@fricklerhandwerk): not sure it can be made
+                      # sensible syntactically, but essentially we want to
+                      # ensure that `apply` is defined, but since its output
+                      # depends on the specific policy we also need to
+                      # determine that somehow.
+                      # hopefully this also helps with correct composition down the line.
+                      options.resource-type = mkOption {
+                        description = "The type of resource this policy configures";
+                        type = types.optionType;
+                      };
                       options.apply = mkOption {
                         description = "Apply the policy to a request";
+                        type = with types; functionTo policy.config.resource-type;
                       };
-                    }
+                    })
                   ];
                 };
               };