When using a nixos container, there is shared filesystem by guest and host:
Is it possible to make all filesystem only accessible by the guest. Or do you need a vm for such connections.
I would manually start and unencrypt/login the container.
I’ve used vm’s but I don’t have container experience.