3 files changed, 20 insertions, 6 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index fc5bd8f6..24cc86ac 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -27,8 +27,8 @@ in {
    boot = {
      initrd = {
        luks.devices = {
-          nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
+          nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; };
-          nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
+          nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; };
        };
        availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
        kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index b63520c8..3d81b221 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -37,8 +37,8 @@
        kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
        luks.devices = {
-          nvm0.device = "/dev/disk/by-label/${hostName}-nvm0";
+          nvm0 = { device = "/dev/disk/by-label/${hostName}-nvm0"; bypassWorkqueues = true; };
-          nvm1.device = "/dev/disk/by-label/${hostName}-nvm1";
+          nvm1 = { device = "/dev/disk/by-label/${hostName}-nvm1"; bypassWorkqueues = true; };
          
          hdd0.device = "/dev/disk/by-label/${hostName}-hdd0";
          hdd1.device = "/dev/disk/by-label/${hostName}-hdd1";
diff --git a/modules/luksroot.nix b/modules/luksroot.nix
index abaee692..52de2c40 100644
--- a/modules/luksroot.nix
+++ b/modules/luksroot.nix
@@ -140,9 +140,12 @@ let
    umount /crypt-ramfs 2>/dev/null
  '';
-  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name;
+  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, bypassWorkqueues, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name;
  let
-    csopen   = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
+    csopen   = "cryptsetup luksOpen ${device} ${name}"
+             + optionalString allowDiscards " --allow-discards"
+             + optionalString bypassWorkqueues " --perf-no_read_workqueue --perf-no_write_workqueue"
+             + optionalString (header != null) " --header=${header}";
    cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
  in ''
    # Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g.
@@ -658,6 +661,17 @@ in
            '';
          };
+          bypassWorkqueues = mkOption {
+            default = false;
+            type = types.bool;
+            description = ''
+              Whether to bypass dm-crypt's internal read and write workqueues.
+              Enabling this should improve performance on SSDs; see
+              <link xlink:href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance">here</link>
+              for more information. Needs Linux 5.9 or later.
+            '';
+          };
          fallbackToPassword = mkOption {
            default = false;
            type = types.bool;