I would like to know if I have to set any special options for systemd-homed support, as there doesn’t seem to be a specific setting supporting it.
I know I’d have to enable the services.homed.enable setting, the services.nscd.enable, but don’t know which more I have to add.
Could I get a snippet on what to set to enable the systemd-homed use, and creating a user, let’s say john using homed from the nix config?
I’m also interested on homed support, but I have several doubts regarding integrating it with things like home-manager or impermanence.
You could try setting it up on a VM and see how hard it explodes.
So I might be better off just encrypting my entire /home partition using luks right? (I am going to be a single user so it won’t probably matter anyways if I use systemd-homed or luks
Why not FDE at that point? From a security point of view is even better.
In this case I think encrypting the partition with LUKS is just simpler.
My idea was to FDE, but as I plan on having multiple partitions, and I’d also like to be able to do some verifying trough the TPM (I’m not sure if I will do that), I would of course do a FDE on the main disk, and then a second encryption on /home
Ohhh, I see.
I would be cautious regarding systemd-homed since the NixOS module only provides one option. I don’t know if things would break. Although there are other solutions for encrypting your home partition. I just can’t recall the names right now.
1 Like