From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 2IQTDQlGPGAaWAAA0tVLHw (envelope-from ) for ; Mon, 01 Mar 2021 01:40:25 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id ICL7CAlGPGDsTgAA1q6Kng (envelope-from ) for ; Mon, 01 Mar 2021 01:40:25 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8EB1D17815 for ; Mon, 1 Mar 2021 02:40:24 +0100 (CET) Received: from localhost ([::1]:43294 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lGXXq-0002Wh-6b for larch@yhetil.org; Sun, 28 Feb 2021 20:40:22 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36434) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGXWj-0002Hx-52 for help-guix@gnu.org; Sun, 28 Feb 2021 20:39:14 -0500 Received: from mout.web.de ([212.227.15.3]:56597) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lGXWh-0007Pm-7t for help-guix@gnu.org; Sun, 28 Feb 2021 20:39:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1614562748; bh=f1D8mTADzplu2M9SlYOZR3aaS7BHQCPJjcdTflHi6Zw=; h=X-UI-Sender-Class:From:To:Subject:Date; b=M4uTtmpGpGGuKtJ0bKuHc9iEHRlz9vFr/yBM6yhFyCKuVhrRqnspvGj7axSwmrmZY EYigk2i6dbc1rZH4Yc8EomusLmC3PwXTVnNDQFHF6/IDN9ShXCZz4JMZny+3sZ9Oah Nd5mXiSwXUQK06FMSBoriENMnNDt+fXVSlX6IGWg= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from fluss ([84.149.81.26]) by smtp.web.de (mrweb003 [213.165.67.108]) with ESMTPSA (Nemesis) id 0MRlJB-1lNO5a3d7p-00Svvd; Mon, 01 Mar 2021 02:39:07 +0100 User-agent: mu4e 1.4.15; emacs 27.1 From: "Dr. Arne Babenhauserheide" To: help-guix Subject: How to create /home/user backed by LUKS device decrypted on login Date: Mon, 01 Mar 2021 02:39:06 +0100 Message-ID: <87zgznk5z9.fsf@web.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Provags-ID: V03:K1:Uby7jV0E7w02zG+nb4zGRiVx5o3p1MDWrYBYljwa0Rcl0NOzYCS N95/Yg7qYMCFybWZR0+DNd5M8V6kXbm22PEjXZPyvQSbKOLtmwUE858VUR4ZsZr8beQJeil EW0dSkzxAnRw3XZawMEwz3glu2VFWHkx/1PzJVIYX6zlbXngHdXi0uWJvy15EQV5xVOQB/O zCQW4+2ALpJcphh63XbOA== X-UI-Out-Filterresults: notjunk:1;V03:K0:/U2bARHT7w8=:GLHtEvaFOM73nPftnxuoTW qqCYCvduw5ADC3cEebwienFZB3a/z5C3G0lozAkMGczAxUvqEoow9FJ136u9vkIKftv2zJgib mWznyD4aEom5AsNPuVbdEhPw8WRSHaHJlfMQre61op8jBT3txbhJzk2ypc5r63R5Ngscsrrax iKGbImpTzAcDlup1AKSIX6RHBxIkWGoYIujsEGK2UnprviyPwR/7so2pz9n5Mrgld+RZCuMe3 Gwk+CGamk+1X7WU1N2TCc/AF8Z9PDAANG/oS/TZb/XZ9bLQI1ySW64rPjpNPADdfUwBd3LAKS EhUbZBsuq0OsIC17RnWAS93qCFr88qjvuPkmPChET0rNVAAu4ZSAESN5i+04bDW69sOxx+RvX 5dd9GlxNTn3+9ZsxhkI2rDHasyO1ev9PlFSt2+XvDD9K52H1ZK3GMzfS8TwdR8WTKVxL51nDN 49gGxEwe+sA/KkjSg90OJ0vWetLOTnaEDrIikh8ThpCW2evwZwlvgLfG/N92lmhf3uch97Jyg xGwvfWNQYBNiMfputC9k8rB4IRHblwod5PnGj6BcJANA9F4QtPei8pdMwhtxtyVfHsPlPd8e6 E+tM9w1VjSmRMBqbnNjSs4rcgfKfic7UF/200dT9ie8iDeNwfVNfSU379er+htKy4xY+ShGwn oZhgUX1ShvE1usFaBimvDWkErGaOrjVDEd7yyL0q0z3gnoIY/Fz3c4i9WCj22eBFcx0VfDZts lWFxjj4vE55Pxj+QA+Iw4qTQyHHM5X6p8DImA9MZkzNOnaH4yfhNqsVWJjS3KqvLMVuhqlJYX 8YQq7gGMVkNopkdTDoL9kCLHlhStMuQDzPdip7Ad3RnljKcZKDFzL8tQ8EWPSPPyBWZe9cmct 1KO1FLQOuu/fYjAxmnng== Received-SPF: pass client-ip=212.227.15.3; envelope-from=arne_bab@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1614562825; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=JaL7fSm3pyYB6OBLRwQyYt6vZaMjJBCY00TJr1OsWSc=; b=qgKDJfABKKeLcO/IFaF97oM96U95tK/AxRkMNSaIPMFxuP3ZUNPds12ihxW/3WLGwiwgGb yKT3k4vb8pkIbalcqNP5URm2TmC1VYY+TtWUJ4qe7H8sMb6S6vviW65zyfsUZ1lPLy9X44 yP+oZ/7UzLMEOEHepI1yEaXaFvvzn6wxlPr6EoQzCVO4NMOOZJZqiT0RqbkkUm13VaBXMP 6/sCupPIpv+lepO82reKfdxuLRp9e48mswbPW+1Vdw9TOY78IyEekN+UicWBbMomcFvqJU VVxvd1J1O5zucBFPLDjRO4IpV/a+euJAcRqFvyVSqRFsIyIabQrTpUtK0E4MSw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1614562825; a=rsa-sha256; cv=none; b=mu/PxLFnGoXMtXeCIWaiwlVQEfQpGhCgfxGVOEm4s5w5z2PQf9PF7ZW+t8l0EnaLiR+Pza RJOVSVpRUNwJR4a+gcQ/OtCGbDdMVB9qwbuisg6p+mcJuiHrkqVdqrYXgmn125Z6svki8Z 6mh7fEKNHv226zUvX4LmoBjVmaUw0ofOiPrdF6K6UiElPowxsMl3jvVWDOY/JW5alN5GGQ M3GCIzh47Vx+rPMQpbxy8pOoKUpheYM62FuJrTWLhy8e0JdcHbjGnL4P04Fe8cblmtmY+D FbB3R26YiVAEpnql+GvtDYseVTXKlEtwN43lP4RAo8YDTWCCB1DnT6g4Sq6HgA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=web.de header.s=dbaedf251592 header.b=M4uTtmpG; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -2.66 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=web.de header.s=dbaedf251592 header.b=M4uTtmpG; dmarc=pass (policy=none) header.from=web.de; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 8EB1D17815 X-Spam-Score: -2.66 X-Migadu-Scanner: scn1.migadu.com X-TUID: K1hYS/yPcmsZ --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, The manual describes how to setup an encrypted root[1], but I got lost trying to find out how to setup a user such that the device is opened at login (with a prompt for the password) and closed at logout. I need the --allow-discards option to cryptsetup open, to be equivalent to the following: sudo cryptsetup open --allow-discards --type luks /dev/nvmeXnXp1 my-user I need the user-home to be encrypted, i.e. =20=20=20=20 mount LABEL=3Dmy-user /home/my-user I=E2=80=99d like to set this in my /etc/config.scm but currently I have to decrypt before logging in. [1]: https://guix.gnu.org/manual/en/html_node/Keyboard-Layout-and-Networkin= g-and-Partitioning.html https://guix.gnu.org/manual/en/html_node/Mapped-Devices.html Best wishes, Arne =2D-=20 Unpolitisch sein hei=C3=9Ft politisch sein ohne es zu merken --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAmA8RbsQHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD6+wREADN1d3S9VIlcFTFhnBxBRKk2lUx/1wWMHrO b+2ecWMpOPPUQK6cVcflpkfvcB1QK2+dz5CbvP5f2seLTUCzx+fihU77p0qgdZ1d OHvB8wGuwTANmlNqE4bbUcH6AmNI9piXgzHgu/02EwFORmwtROFH2hqM3+smve/s ov7XC9F4UO51EXZ4HsM1BxsO4qTRIITMEC9OGWr+sGiocu0IQGbNla7H0RDyd2tY mkqxeVzB+1T3b2xlBqJXF0grQ/4sFa02JxXyrGvjwF4vJ/PMldOObLNMblYtkHS/ q7Amo6pKyVwxJR3tHjNu/3ncf6mf+fCin+6JrjEymNXphvrPTjhFwT6fnYY0/z4K d/DKGlXPdPls8pQ/MBogFu8SzRLRQzNQHKHuIrdVUbLjbhHSFsVo92LtILkbu6zG d9P13+qGhYVDaMWEeliGMOK6S0X8dfbLgD8Z11wcUyxpOQmOeh+Yt4GYtXMPrIt2 iH45/5Acsz4j8Fh8BmRUrGS4WA6BowdDAtSNs68Jp7/1x+DMgQu+bW6+ube4qkQ+ PguLt7u5WdGu/Dnrgrblks+1q7rDxFlyAaaNHN3/OifXJ3TeHxiFytNM7ZrEw3oS WtQzrctfZmNDo/Qv1csRQceV3axRVPR0+EVI7GXx3BL/FNq4KH41B5e9mZP3j8H4 NPLbrU2M/ojEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAmA8RbsQHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSCnHA/953igxxXLuv+GsbA/UhsUWqByc DdNNqMOFmZumfWuJ4oMC0GabcTylJvsJ4fYqYhqKpxb4w8gIL8L0yKkVylPqcovM cIU7rBetbVk3dzima4FZnkiK57w03mcVYJQVtqQDAuQfLcvdZVrmyS2af5mJ8qWX PpFtULuj+dTZcj2XTg== =huqx -----END PGP SIGNATURE----- --=-=-=--