3 files changed, 20 insertions, 6 deletions

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index fc5bd8f6..24cc86ac 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -27,8 +27,8 @@ in {
     boot = {
       initrd = {
         luks.devices = {
-          nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
-          nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
+          nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; };
+          nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; };
         };
         availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
         kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index b63520c8..3d81b221 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -37,8 +37,8 @@
         kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
 
         luks.devices = {
-          nvm0.device = "/dev/disk/by-label/${hostName}-nvm0";
-          nvm1.device = "/dev/disk/by-label/${hostName}-nvm1";
+          nvm0 = { device = "/dev/disk/by-label/${hostName}-nvm0"; bypassWorkqueues = true; };
+          nvm1 = { device = "/dev/disk/by-label/${hostName}-nvm1"; bypassWorkqueues = true; };
           
           hdd0.device = "/dev/disk/by-label/${hostName}-hdd0";
           hdd1.device = "/dev/disk/by-label/${hostName}-hdd1";
diff --git a/modules/luksroot.nix b/modules/luksroot.nix
index abaee692..52de2c40 100644
--- a/modules/luksroot.nix
+++ b/modules/luksroot.nix
@@ -140,9 +140,12 @@ let
     umount /crypt-ramfs 2>/dev/null
   '';
 
-  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name;
+  openCommand = name': { name, device, header, keyFile, keyFileSize, keyFileOffset, allowDiscards, bypassWorkqueues, yubikey, gpgCard, fido2, clevis, dmi, fallbackToPassword, preOpenCommands, postOpenCommands, ... }: assert name' == name;
   let
-    csopen   = "cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} ${optionalString (header != null) "--header=${header}"}";
+    csopen   = "cryptsetup luksOpen ${device} ${name}"
+             + optionalString allowDiscards " --allow-discards"
+             + optionalString bypassWorkqueues " --perf-no_read_workqueue --perf-no_write_workqueue"
+             + optionalString (header != null) " --header=${header}";
     cschange = "cryptsetup luksChangeKey ${device} ${optionalString (header != null) "--header=${header}"}";
   in ''
     # Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g.
@@ -658,6 +661,17 @@ in
             '';
           };
 
+          bypassWorkqueues = mkOption {
+            default = false;
+            type = types.bool;
+            description = ''
+              Whether to bypass dm-crypt's internal read and write workqueues.
+              Enabling this should improve performance on SSDs; see
+              <link xlink:href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance">here</link>
+              for more information. Needs Linux 5.9 or later.
+            '';
+          };
+
           fallbackToPassword = mkOption {
             default = false;
             type = types.bool;