Encrypting existing nixos installation

I installed nixos on a new laptop a while ago but now i feel the need to make the
whole installation encrypted.
Is there a way to do this without having to reinstall nixos from scratch or
Any other ideas that will make the process easier.

Since in-place encryption is impossible, one way or another you’ll have to reinstall.

You can use your existing configuration.nix to save some time during configuration, but at the end of the day, you’d have to re-write the filesystem through crypt-dm in order to encrypt the installation.

You can technically restore a backup unto an encrypted disk, but you’d then have the complication of booting off a NixOS USB/DVD to reconfigure and rebuild the system to boot off the encrypted drive, since a restored backup won’t be able to boot as-is.

1 Like

It’s quite easy if you’ve got an second hard drive at hand or enough space on your current one for a copy of your system. In either case you need to create a new partition format it with luks and a filesystem of your choice. After which you can copy over your entire system, keep in mind to set the appropriate flags when coping to preserve permissions and ownership.

Once that is done you can update your config by adding your newly created partition luks.{enable,devices} and by updating your fileSytems to use the new partition.