I am thinking about using it. Especially when locking the laptop it would be really good to have data at rest again.
I heard that it might interfere with home-manager (as homed also does some management stuff?).
There is an option for it, have you tried it, how did it go? When using home-manager or when not?
Not exactly. systemd-homed’s fundamental concept revolves around sharing your home directory between hosts; the fact that it can also encrypt it is kind of incidental. That’s of course really weird when home-manager comes into play.
Since home-manager deploys actual software into the home directory (or rather, symlinks to binaries in /nix/store), it will not actually be portable, which goes against systemd-homed’s design. So the two are a little at odds, but if you use your home directory only on one system, you probably will not run into any issues with this.
home-manager in turn is generally not designed around systemd-homed, you may find user services - and in fact just every day applications - don’t like having their filesystem suddenly unmounted. In fact, if you install your lock screen with home-manager, that may be catastrophic, so your usual WM setups might not entirely work as expected.
I’ve experimented a bit with it. It’s practically impossible to switch an existing host to it, since it requires partitioning considerations (even if you’re using btrfs, while you can use systemd-homed, you can’t get an encrypted home directory). On new hosts I found it a bit cumbersome to adapt my current desktop setup to it, and I didn’t like having a weird floaty UID. Personally I’ve decided to just stick with full-disk encryption at least until the full trusted boot story becomes feasible, without that the use case for it is a little too narrow IMO.
I use security.pam.enableFscrypt = true; to encrypt homedirectories when the user is not logged in (anymore). Especially handy for always-on systems.
mkfs the filesystem that has /home with the encrypt option.
Then:
sudo fscrypt setup --all-users
sudo mv /home/<user> /home/old<user>
sudo mkdir /home/<user>
sudo chown <user>:users /home/<user>
sudo fscrypt encrypt --source pam_passphrase --user <user> --skip-unlock /home/<user>/Damn this is cool! Will look into it!