Verschlüsseltes Home

Ausgangslage: Systempartition, plus leere Partition, die das verschlüsselte Home aufnehmen kann.

apt install libpam-mount
cryptsetup -y -v luksFormat /dev/xvdc
cryptsetup luksOpen /dev/xvdc myhome
mkfs.ext4 /dev/mapper/myhome
mount /dev/mapper/myhome /mnt
# Copy already existing user data
cp -varu /home/user/. /mnt/.
# May be erase existing home
umount /mnt
cryptsetup luksClose myhome

In /etc/security/pam_mount.conf.xml

        <volume user="user" fstype="crypt" path="/dev/nvme0n1p7" mountpoint="/home/user" />