Is there any way on Nixos to encrypt certain directories behind a password?
-
@adronia it's not really nixos related but https://github.com/rfjakob/gocryptfs is good
-
@adronia@tiggi.es it is better to do full-disk encryption and make sure your laptop auto-locks after a few minutes of inactivity. If you don’t already have full-disk encryption setup, you will have to reinstall the operating system.
If you only want to keep the directory encrypted and not change it often, I recommend you archive the directory and then encrypt the archive using GPG.
If you want an encrypted directory that you can update regularly, I would instead create a virtual disk with full disk encryptpion.
-
@adronia@tiggi.es it is better to do full-disk encryption and make sure your laptop auto-locks after a few minutes of inactivity. If you don’t already have full-disk encryption setup, you will have to reinstall the operating system.
If you only want to keep the directory encrypted and not change it often, I recommend you archive the directory and then encrypt the archive using GPG.
If you want an encrypted directory that you can update regularly, I would instead create a virtual disk with full disk encryptpion.
It is at least technically possible to add LUKS full-disk encryption after the fact, but it's somewhat complex. (Basically, the process would be to shrink the file system, set up an unencrypted LUKS container for the key management, set up the system to use the LUKS container as the backing storage for the file system, and then re-encrypt the LUKS container to actually make use of encryption. Lots of things that can go wrong.)
I do agree though FDE seems a better fit.
-
R ActivityRelay shared this topic
-
@adronia it's not really nixos related but https://github.com/rfjakob/gocryptfs is good
