diff --git a/systems/x86_64-linux/stargate/disko.nix b/systems/x86_64-linux/stargate/disko.nix
index 480d9c5..61117bb 100644
--- a/systems/x86_64-linux/stargate/disko.nix
+++ b/systems/x86_64-linux/stargate/disko.nix
@@ -16,16 +16,15 @@
               "--perf-no_read_workqueue"
               "--perf-no_write_workqueue"
             ];
-            format = {
-              keyFile = "/tmp/secret.key";
-            };
             # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
             settings = {
+              allowDiscards = true;
               crypttabExtraOpts = [
                 "fido2-device=auto"
                 "token-timeout=10"
               ];
             };
+            passwordFile = "/tmp/secret.key";
             content = {
               type = "zfs";
               pool = "zstorage";