[colinsane]

the Arch Wiki is gonna be your best bet here: https://wiki.archlinux.org/title/ECryptfs

if you can make a /etc/fstab entry for your filesystem, then you can configure pam_mount using the same options as the fstab entry and it should work.

for the actual encrypted filestore, i’m using gocryptfs. it’s a more actively developed alternative to eCryptfs: mostly a drop-in replacement. there’s a lot of options here: dm-crypt over a dedicated partition is probably what a cryptographer would recommend, everything else is making tradeoffs (e.g. leaking metadata like file size/directory entry count) for better UX elsewhere. read the wiki to pick the best for your needs :)

on the off-chance you’re using NixOS, i configure these parts here:

- https://git.uninsane.org/colin/nix-files/src/commit/bcfd8e17... - https://git.uninsane.org/colin/nix-files/src/commit/bcfd8e17...