diff --git a/decnet/services/ssh.py b/decnet/services/ssh.py
index f721f820..c5fd8078 100644
--- a/decnet/services/ssh.py
+++ b/decnet/services/ssh.py
@@ -1,8 +1,10 @@
+import os
 from pathlib import Path
 
 from decnet.services.base import BaseService
 
 TEMPLATES_DIR = Path(__file__).parent.parent / "templates" / "ssh"
+ARTIFACTS_ROOT = os.environ.get("DECNET_ARTIFACTS_ROOT", "/var/lib/decnet/artifacts")
 
 
 class SSHService(BaseService):
@@ -46,7 +48,7 @@ class SSHService(BaseService):
         # drops (scp/sftp/wget) are mirrored out-of-band for forensic analysis.
         # The in-container path masquerades as systemd-coredump so `mount`/`df`
         # from inside the container looks benign.
-        quarantine_host = f"/var/lib/decnet/artifacts/{decky_name}/ssh"
+        quarantine_host = f"{ARTIFACTS_ROOT}/{decky_name}/ssh"
         return {
             "build": {"context": str(TEMPLATES_DIR)},
             "container_name": f"{decky_name}-ssh",
diff --git a/decnet/services/telnet.py b/decnet/services/telnet.py
index 8ff99f39..6bb03a2d 100644
--- a/decnet/services/telnet.py
+++ b/decnet/services/telnet.py
@@ -1,8 +1,10 @@
+import os
 from pathlib import Path
 
 from decnet.services.base import BaseService
 
 TEMPLATES_DIR = Path(__file__).parent.parent / "templates" / "telnet"
+ARTIFACTS_ROOT = os.environ.get("DECNET_ARTIFACTS_ROOT", "/var/lib/decnet/artifacts")
 
 
 class TelnetService(BaseService):
@@ -42,7 +44,7 @@ class TelnetService(BaseService):
         # Quarantine mount symmetric to the SSH service — sessrec appends
         # pty transcripts to /var/lib/systemd/coredump/transcripts/ inside
         # the container, which the host sees under artifacts/<decky>/telnet/.
-        quarantine_host = f"/var/lib/decnet/artifacts/{decky_name}/telnet"
+        quarantine_host = f"{ARTIFACTS_ROOT}/{decky_name}/telnet"
         return {
             "build": {"context": str(TEMPLATES_DIR)},
             "container_name": f"{decky_name}-telnet",