docs

template/README.md

@@ -29,7 +29,7 @@ nixos-generate-config --no-filesystems --root /mnt
 cat /mnt/etc/nixos/hardware-configuration.nix
 ```
 
-Save the output to a new file in [./hardware-configs/](./hardware-configs/). In [./flake.nix](./flake.nix) replace `./hardware-configs/yodaHP.nix` with it.
+Save the output to a new file in [./hardware-configs](./hardware-configs). In [./flake.nix](./flake.nix) replace `./hardware-configs/yodaHP.nix` with it.
 
 Note: The hardware configuration should not contain any `fileSystems.<name>` options as these are generated based on your disko configuration.
 
@@ -79,3 +79,11 @@ nix --extra-experimental-features nix-command --extra-experimental-features flak
 ## TODOs
 
 - Hetzner Cloud example: https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix
+
+## Appendix - LUKS Parameters
+
+**Warning**: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose `--iter-time` <= `7500`.
+
+* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L498
+* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L30
+* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L36C7-L36C7

template/disk-configs/luks-btrfs.nix

@@ -40,7 +40,7 @@
               # - 5 seconds to open
               extraFormatArgs = [
                "--cipher" "aes-xts-plain64" "--key-size" "512" "--hash" "sha512"
-               "--pbkdf-memory" pbkdf-memory "--iter-time" "5000" "--use-random"
+               "--pbkdf-memory" pbkdf-memory "--iter-time" "7500" "--use-random"
               ];
               extraOpenArgs = [ "--allow-discards" ];
               # If you want to use the key for interactive login be sure there is no trailing newline.