From 548962c50b8afad7b8c820c1d6e21dc8394d6e65 Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Sat, 4 Nov 2023 12:54:07 +0100
Subject: [PATCH] luks: use allowDiscards option

---
 example/luks-btrfs-subvolumes.nix  | 12 +++++++-----
 example/luks-interactive-login.nix |  2 +-
 example/luks-lvm.nix               | 11 +++++++----
 lib/types/luks.nix                 |  3 ++-
 4 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/example/luks-btrfs-subvolumes.nix b/example/luks-btrfs-subvolumes.nix
index aeab984..214d55a 100644
--- a/example/luks-btrfs-subvolumes.nix
+++ b/example/luks-btrfs-subvolumes.nix
@@ -24,11 +24,13 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [ "--allow-discards" ];
-                # if you want to use the key for interactive login be sure there is no trailing newline
-                # for example use `echo -n "password" > /tmp/secret.key`
-                #passwordFile = "/tmp/secret.key"; # Interactive
-                settings.keyFile = "/tmp/secret.key";
+                settings = {
+                  allowDiscards = true;
+                  # if you want to use the key for interactive login be sure there is no trailing newline
+                  # for example use `echo -n "password" > /tmp/secret.key`
+                  #passwordFile = "/tmp/secret.key"; # Interactive
+                  keyFile = "/tmp/secret.key";
+                };
                 additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                 content = {
                   type = "btrfs";
diff --git a/example/luks-interactive-login.nix b/example/luks-interactive-login.nix
index 2622696..2317b80 100644
--- a/example/luks-interactive-login.nix
+++ b/example/luks-interactive-login.nix
@@ -21,7 +21,7 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [ "--allow-discards" ];
+                settings.allowDiscards = true;
                 passwordFile = "/tmp/secret.key";
                 content = {
                   type = "filesystem";
diff --git a/example/luks-lvm.nix b/example/luks-lvm.nix
index f15fb6d..154e599 100644
--- a/example/luks-lvm.nix
+++ b/example/luks-lvm.nix
@@ -24,10 +24,13 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                extraOpenArgs = [ "--allow-discards" ];
-                # if you want to use the key for interactive login be sure there is no trailing newline
-                # for example use `echo -n "password" > /tmp/secret.key`
-                settings.keyFile = "/tmp/secret.key";
+                extraOpenArgs = [ ];
+                settings = {
+                  # if you want to use the key for interactive login be sure there is no trailing newline
+                  # for example use `echo -n "password" > /tmp/secret.key`
+                  keyFile = "/tmp/secret.key";
+                  allowDiscards = true;
+                };
                 additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                 content = {
                   type = "lvm_pv";
diff --git a/lib/types/luks.nix b/lib/types/luks.nix
index 69df88d..6540845 100644
--- a/lib/types/luks.nix
+++ b/lib/types/luks.nix
@@ -62,6 +62,7 @@ in
           keyFileSize = 2048;
           keyFileOffset = 1024;
           fallbackToPassword = true;
+          allowDiscards = true;
         };
       '';
     };
@@ -86,7 +87,7 @@ in
       type = lib.types.listOf lib.types.str;
       default = [ ];
       description = "Extra arguments to pass to `cryptsetup luksOpen` when opening";
-      example = [ "--allow-discards" ];
+      example = [ "--timeout 10" ];
     };
     content = diskoLib.deviceType { parent = config; device = "/dev/mapper/${config.name}"; };
     _parent = lib.mkOption {