Fedora Kinoite: use encrypted user home and login decryption

Hi,
this is my first post on Fedora Discussion :grinning: I’ve decided to replace on my six years old laptop Arch Linux with Fedora Kinoite, to benefit of the stability that immutability gives to an aging pc.
From my previous Arch Linux setup I would replicate the following: my personal home folder (/home/username) mounted on a dedicated encrypted partition that unlocks/decrypt during user login.

On Arch Linux I used dm-crypt [1] and steps where very easy:

  1. Creating luks partition
  2. Creating a script called from pam during login [2]
  3. add a line to /etc/fstab

Now I have problems achieving the same. I tried to search for a tutorial tailored to Fedora, with not much luck.

I’m not interested in full disk encryption since the laptop is occasionally used by my girlfriend, and I don’t want to cause her any annoyance.

Did anyone have a tutorial to share? I’m opened to others solutions, like systemd-homed, important is having my home in dedicated partition and decrypt at login (insert passphrase just once).

Very thanks.

[1] https://wiki.archlinux.org/title/Dm-crypt/Encrypting_a_non-root_file_system
[2] https://wiki.archlinux.org/title/Dm-crypt/Mounting_at_login

You should be able to replicate the instructions from the Arch Wiki but I’ve not tried it.

As you correctly note, systemd-homed is ideally the best solution here but I don’t know well it works in Fedora yet. There were folks looking at it on this forum so you might find some notes there.