Protect/Encrypt Nextcloud "Code"

Running nextcloud on Ubuntu 20.04.1 LTS

Two questions:

  1. Is it possible to encrypt the /var/www/nextcloud/ folder using OS encryption, or does that break nextcloud?

  2. If I am trying to protect the “nextcloud code” from being modified (data is already encrypted using nextcloud server side encryption), is this the correct way to do it?

I am trying to protect my nextcloud VM guest incase my VM host is compromised.

Oh, I am trying to avoid full drive/OS encryption which requires the encryption key on boot up… that is a pain for automation, etc.