From 6e84bda08f3d6dfce58185a7fc52be94576bb90c Mon Sep 17 00:00:00 2001
From: Aleksandr Lebedev <alex.lebedev2003@icloud.com>
Date: Fri, 26 Sep 2025 21:19:19 +0200
Subject: [PATCH] final luks fix

---
 modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
index 2100bce..b0461d0 100644
--- a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
+++ b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
@@ -62,12 +62,13 @@ in {
                   ];
                   # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
                   settings = {
-                    keyFile = "/tmp/secret.key";
+                    allowDiscards = true;
                     crypttabExtraOpts = [
                       "fido2-device=auto"
                       "token-timeout=10"
                     ];
                   };
+                  passwordFile = "/tmp/secret.key";
                   content = {
                     type = "btrfs";
                     extraArgs = ["-L" "nixos" "-f"];