Nixos container private/encrypted filesystem

mackenzie · February 25, 2022, 9:43pm

When using a nixos container, there is shared filesystem by guest and host:
/var/lib/containers/<container-name>/
Is it possible to make all filesystem only accessible by the guest. Or do you need a vm for such connections.

I would manually start and unencrypt/login the container.

I’ve used vm’s but I don’t have container experience.

kamadorueda · February 26, 2022, 3:10am

There is not an option to enable and get /var/lib (or /run if ephemeral) encrypted as a separate fs, but I suppose one could make a partition in the host, encrypt it with LUKS, and then mount it into /var/lib or /run so the container start from there