Is there a way to automate ecryptfs setup?

bratfizyk · January 1, 2024, 11:35pm

I’ve been using ecryptfs to encrypt my home directory for quite a while.
These days I decided to migrate to NixOS and make it my primary OS and I’ve been working on config files.
Regarding ecryptfs I found this: ECryptfs - NixOS Wiki

I understand that according to the manual this requires a one-off manual step ecryptfs-migrate-home -u YOURUSERNAME. However, I’ve been wondering if there something I could do to have this step done - and therefore have my home dir encrypted - automatically during the installation?

Fine if not. It might be actually the case that I got overzealous with the idea of having a purely declarative OS config.

Solene · January 1, 2024, 11:57pm

I guess a systemd service running a script that would check if the encrypted directory exists, and if not, run ecryptfs-migrate-home could work.

bratfizyk · January 4, 2024, 11:13pm

OK, thanks. I just wanted to make sure there’s nothing better than this that works out of the box.