Difference between revisions of "ECryptfs"

Latest revision as of 10:54, 6 April 2024

eCryptfs is a cryptographic filesystem encrypting each file individually. To install ecryptfs add the following to environment.systemPackages:

{ pkgs, ... }: {
  environment.systemPackages = with pkgs; [
    ecryptfs
  ];
}

man ecryptfs-migrate-home describes how to encrypt your home folder. The TL;DR is that you need to: log out, log in as root, modprobe ecryptfs if needed, kill all processes that still access the home folder you want to migrate (check with lsof /home/YOURUSERNAME), wait for it to finish, then run ecryptfs-migrate-home -u YOURUSERNAME, then log in as your migrated user before rebooting.

To automatically mount your private folder on login with PAM, add this to your config:

{
  security.pam.enableEcryptfs = true;
}

Don't forget to also load the ecryptfs kernel module on boot as well in this case:

{
  boot.kernelModules = ["ecryptfs"];
}

Revision as of 16:28, 4 April 2024 (view source) MikiBot (talk \| contribs) (Add warning about the new wiki) ← Older edit		Latest revision as of 10:54, 6 April 2024 (view source) Maintenance script (talk \| contribs) m (rollback unauthorized mass edits) Tag: Rollback
Line 1:		Line 1:
−	~~{{warning\|1=You are reading an article on the deprecated unofficial wiki. For the up to date version of this article, see https://wiki.nixos.org/wiki/ECryptfs.}}~~
−
	[http://ecryptfs.org/ eCryptfs] is a cryptographic filesystem encrypting each file individually. To install <code>ecryptfs</code> add the following to <code>environment.systemPackages</code>:		[http://ecryptfs.org/ eCryptfs] is a cryptographic filesystem encrypting each file individually. To install <code>ecryptfs</code> add the following to <code>environment.systemPackages</code>: