luks: use allowDiscards option

2024-11-10 06:14:14 +00:00 · 2023-11-04 12:54:07 +01:00 · 2023-11-04 12:54:07 +01:00 · 548962c50b
commit 548962c50b
parent 944d338d24
4 changed files with 17 additions and 11 deletions
--- a/example/luks-btrfs-subvolumes.nix
+++ b/example/luks-btrfs-subvolumes.nix
@ -24,11 +24,13 @@
              content = {
                type = "luks";
                name = "crypted";
-                extraOpenArgs = [ "--allow-discards" ];
-                # if you want to use the key for interactive login be sure there is no trailing newline
-                # for example use `echo -n "password" > /tmp/secret.key`
-                #passwordFile = "/tmp/secret.key"; # Interactive
-                settings.keyFile = "/tmp/secret.key";
+                settings = {
+                  allowDiscards = true;
+                  # if you want to use the key for interactive login be sure there is no trailing newline
+                  # for example use `echo -n "password" > /tmp/secret.key`
+                  #passwordFile = "/tmp/secret.key"; # Interactive
+                  keyFile = "/tmp/secret.key";
+                };
                additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                content = {
                  type = "btrfs";
--- a/example/luks-interactive-login.nix
+++ b/example/luks-interactive-login.nix
@ -21,7 +21,7 @@
              content = {
                type = "luks";
                name = "crypted";
-                extraOpenArgs = [ "--allow-discards" ];
+                settings.allowDiscards = true;
                passwordFile = "/tmp/secret.key";
                content = {
                  type = "filesystem";
--- a/example/luks-lvm.nix
+++ b/example/luks-lvm.nix
@ -24,10 +24,13 @@
              content = {
                type = "luks";
                name = "crypted";
-                extraOpenArgs = [ "--allow-discards" ];
-                # if you want to use the key for interactive login be sure there is no trailing newline
-                # for example use `echo -n "password" > /tmp/secret.key`
-                settings.keyFile = "/tmp/secret.key";
+                extraOpenArgs = [ ];
+                settings = {
+                  # if you want to use the key for interactive login be sure there is no trailing newline
+                  # for example use `echo -n "password" > /tmp/secret.key`
+                  keyFile = "/tmp/secret.key";
+                  allowDiscards = true;
+                };
                additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                content = {
                  type = "lvm_pv";
--- a/lib/types/luks.nix
+++ b/lib/types/luks.nix
@ -62,6 +62,7 @@ in
          keyFileSize = 2048;
          keyFileOffset = 1024;
          fallbackToPassword = true;
+          allowDiscards = true;
        };
      '';
    };
@ -86,7 +87,7 @@ in
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = "Extra arguments to pass to `cryptsetup luksOpen` when opening";
-      example = [ "--allow-discards" ];
+      example = [ "--timeout 10" ];
    };
    content = diskoLib.deviceType { parent = config; device = "/dev/mapper/${config.name}"; };
    _parent = lib.mkOption {