diff options
| -rw-r--r-- | hosts/sif/default.nix | 4 | ||||
| -rw-r--r-- | hosts/vidhar/default.nix | 4 | ||||
| -rw-r--r-- | modules/luksroot.nix | 18 | 
3 files changed, 20 insertions, 6 deletions
| diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index fc5bd8f6..24cc86ac 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -27,8 +27,8 @@ in { | |||
| 27 | boot = { | 27 | boot = { | 
| 28 | initrd = { | 28 | initrd = { | 
| 29 | luks.devices = { | 29 | luks.devices = { | 
| 30 | nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; | 30 | nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; }; | 
| 31 | nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; | 31 | nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; }; | 
| 32 | }; | 32 | }; | 
| 33 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; | 33 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; | 
| 34 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; | 34 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; | 
| diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index b63520c8..3d81b221 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
| @@ -37,8 +37,8 @@ | |||
| 37 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; | 37 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; | 
| 38 | 38 | ||
| 39 | luks.devices = { | 39 | luks.devices = { | 
| 40 | nvm0.device = "/dev/disk/by-label/${hostName}-nvm0"; | 40 | nvm0 = { device = "/dev/disk/by-label/${hostName}-nvm0"; bypassWorkqueues = true; }; | 
| 41 | nvm1.device = "/dev/disk/by-label/${hostName}-nvm1"; | 41 | nvm1 = { device = "/dev/disk/by-label/${hostName}-nvm1"; bypassWorkqueues = true; }; | 
| 42 | 42 | ||
| 43 | hdd0.device = "/dev/disk/by-label/${hostName}-hdd0"; | 43 | hdd0.device = "/dev/disk/by-label/${hostName}-hdd0"; | 
| 44 | hdd1.device = "/dev/disk/by-label/${hostName}-hdd1"; | 44 | hdd1.device = "/dev/disk/by-label/${hostName}-hdd1"; | 
| diff --git a/modules/luksroot.nix b/modules/luksroot.nix index abaee692..52de2c40 100644 --- a/modules/luksroot.nix +++ b/modules/luksroot.nix | |||
| @@ -140,9 +140,12 @@ let | |||
| 140 | umount /crypt-ramfs 2>/dev/null | 140 | umount /crypt-ramfs 2>/dev/null | 
| 141 | ''; | 141 | ''; | 
| 142 | 142 | ||
| 143 | openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name; | 143 | openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, bypassWorkqueues, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name; | 
| 144 | let | 144 | let | 
| 145 | csopen = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}"; | 145 | csopen = "cryptsetup luksOpen ${device} ${name}" | 
| 146 | + optionalString allowDiscards " --allow-discards" | ||
| 147 | + optionalString bypassWorkqueues " --perf-no_read_workqueue --perf-no_write_workqueue" | ||
| 148 | + optionalString (header != null) " --header=${header}"; | ||
| 146 | cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}"; | 149 | cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}"; | 
| 147 | in '' | 150 | in '' | 
| 148 | # Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g. | 151 | # Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g. | 
| @@ -658,6 +661,17 @@ in | |||
| 658 | ''; | 661 | ''; | 
| 659 | }; | 662 | }; | 
| 660 | 663 | ||
| 664 | bypassWorkqueues = mkOption { | ||
| 665 | default = false; | ||
| 666 | type = types.bool; | ||
| 667 | description = '' | ||
| 668 | Whether to bypass dm-crypt's internal read and write workqueues. | ||
| 669 | Enabling this should improve performance on SSDs; see | ||
| 670 | <link xlink:href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance">here</link> | ||
| 671 | for more information. Needs Linux 5.9 or later. | ||
| 672 | ''; | ||
| 673 | }; | ||
| 674 | |||
| 661 | fallbackToPassword = mkOption { | 675 | fallbackToPassword = mkOption { | 
| 662 | default = false; | 676 | default = false; | 
| 663 | type = types.bool; | 677 | type = types.bool; | 
