diff --git a/hosts/ward/fs.nix b/hosts/ward/fs.nix
index c9c8c68..c760c6d 100644
--- a/hosts/ward/fs.nix
+++ b/hosts/ward/fs.nix
@@ -16,7 +16,7 @@
           partitions = [
             (partEfi "efi" "0%" "1GiB")
             (partSwap "swap" "1GiB" "17GiB")
-            (partZfs "rpool" "17GiB" "100%")
+            (partLuksZfs "rpool" "17GiB" "100%")
           ];
         };
       };
diff --git a/nix/lib.nix b/nix/lib.nix
index 391eb01..0987c94 100644
--- a/nix/lib.nix
+++ b/nix/lib.nix
@@ -69,11 +69,17 @@ in rec {
           randomEncryption = true;
         };
       };
-      partZfs = name: start: end: {
-        inherit name start end;
+      partLuksZfs = name: start: end: {
+        inherit start end;
+        name = "enc-${name}";
         content = {
-          type = "zfs";
-          pool = name;
+          type = "luks";
+          name = "enc-${name}";
+          extraOpenArgs = ["--allow-discards"];
+          content = {
+            type = "zfs";
+            pool = name;
+          };
         };
       };
     };
@@ -90,9 +96,6 @@ in rec {
           mountpoint = "none";
           canmount = "off";
           devices = "off";
-          encryption = "aes-256-gcm";
-          keyformat = "passphrase";
-          keylocation = "prompt";
         };
         options.ashift = "12";
       };