Easy systemd-homed support during installation

Dear Devs,

Since Manjaro is mainly used as a desktop OS, having systemd-homed LUKS encrypted home directory as an option during install would be a really good security feature!

Having a lock-screen encryption is something that is needed 2021.

Thanks!

PS - The Arch wiki way of doing this goes over my head, lol.

If you read the Arch wiki article - you will find there is no easy setup.

1 Like

@linux-aarhus

Yes I understand its difficult, even Arch’s basic installation is difficult and yet Manjaro made it accessible for everyone. I assumed that a similar process could be applied.

Am not a developer so I have no idea how big or small such a task would be but thanks anyway for noticing the suggestion.

If the Arch wiki article is big and complex, it’s big and complex for our devs too, so I’ve marked this answer as the solution to your question as it is by far the best answer you’ll get.

However, if you disagree with my choice, please feel free to take any other answer as the solution to your question or even remove the solution altogether: You are in control! (If you disagree with my choice, just send me a personal message and explain why I shouldn’t have done this or :heart: or :+1: if you agree)

:innocent:
P.S. In the future, please don’t forget to come back and click the 3 dots below the answer to mark a solution like this below the answer that helped you most:
Solution
so that the next person that has the exact same problem you just had will benefit from your post as well as your question will now be in the “solved” status.

1 Like

I transitioned my account to systemd-homed, and it was pretty simple. I used fscrypt, though using LUKS is just as easy. It was as simple as backing up my home directory (which I already do via deja-dup), then running homectl create username --storage=fscrypt

I was a relatively early adopter so I had to do some work in PAM, but now that work is already done, and login and unlocking works perfectly.

Of course the initial setup would be only part of the story for full systemd-homed support. Support for it in the respective desktop environments is needed as well, so that when passwords are changed, its changed via homectl, and any further user accounts are created via homectl as well.