So I was reading this. And it seems pretty good. In my current set up if my server ever just restarts or something I just kind of don’t have it until I get home. Which is no issue because my set up is just local anyway hehe. Still I am thinking of changing my set up to be more of a real server. I don’t really need the encryption, but I have it and feel I should use it out of some principle of the matter.
So what is the workflow that people use if they need to restart or there is a power outage and want the server to turn itself back on, but no one would be around to unlock the LUKS?
In this case I’d say, LUKS is an overkill and just complicates your life. Try to think of a worst case scenario and what you are trying to protect against. Full disk encryption protects you against someone physically and clandestinely tampering with your server to compromise you by altering your OS, I’d say most selfhosters aren’t at risk of this (I do use LUKS on my laptop, because if I’m not available to decrypt the drive then there’s no reason for it to get decrypted). My approach to the server is to have encrypted directories as needed. For example the SFTP directory, the logic being that some of what’s there may be sensitive, so encryption at rest prevents leakage after the drive is eventually disposed of. But my Git repos (including private ones) and calendar aren’t encrypted at rest. Other services (e.g. Matrix, Borg, Vaultwarden) provide E2E so don’t really need further encryption.