ECryptfs: Difference between revisions
imported>Nobodyinperson Remove hint on ecryptfs-helper (pulls in insecure Python2 and is not needed for home directory migration) and update home migration instructions |
m Add ecryptfs deprecation notice |
||
| Line 1: | Line 1: | ||
{{Note|ecrpytfs was removed from nixpkgs and won't be available from NixOS 26.05 onwards: https://github.com/NixOS/nixpkgs/pull/479934}} | |||
<syntaxhighlight lang="nix">{ pkgs, ... }: { | [http://ecryptfs.org/ eCryptfs] is a cryptographic filesystem encrypting each file individually. To install <code>ecryptfs</code> add the following to <code>environment.systemPackages</code>:<syntaxhighlight lang="nix">{ pkgs, ... }: { | ||
environment.systemPackages = with pkgs; [ | environment.systemPackages = with pkgs; [ | ||
ecryptfs | ecryptfs | ||
Latest revision as of 12:27, 16 January 2026
Note: ecrpytfs was removed from nixpkgs and won't be available from NixOS 26.05 onwards: https://github.com/NixOS/nixpkgs/pull/479934
eCryptfs is a cryptographic filesystem encrypting each file individually. To install ecryptfs add the following to environment.systemPackages:
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
ecryptfs
];
}
man ecryptfs-migrate-home describes how to encrypt your home folder. The TL;DR is that you need to: log out, log in as root, modprobe ecryptfs if needed, kill all processes that still access the home folder you want to migrate (check with lsof /home/YOURUSERNAME), wait for it to finish, then run ecryptfs-migrate-home -u YOURUSERNAME, then log in as your migrated user before rebooting.
To automatically mount your private folder on login with PAM, add this to your config:
{
security.pam.enableEcryptfs = true;
}
Don't forget to also load the ecryptfs kernel module on boot as well in this case:
{
boot.kernelModules = ["ecryptfs"];
}