Fellow selfhoster, do you encrypt your drives where you put data to avoid privacy problems in case of theft? If yes, how? How much does that impact performances? I selfhost (amongst other services) NextCloud where I keep my pictures, medical staff, …in short, private stuff and I know that it’s pretty difficult that a thief would steal my server, buuut, you never know! 🤷🏻‍♂️

  • onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    7 months ago

    I want to, but haven’t found the time to make a strategy on how to move over the data. It would take a bunch of shuffling as all drives are in use. The next problem is decrypting at boot and securely storing the decryption key - if I choose to use a decryption key at all. Maybe it’ll be a usb key that I have to plug into the server when starting it, or I have to setup decryption of the system over SSH, but that means automated restarts are… difficult.

    Not sure how to tackle the problem yet…

    • rockstarmode@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      I use separate disks for data storage and my OS. That way a headless system can boot and all the services like SSH can become available, and I can decrypt the data drives remotely.

      When there’s an unexpected reboot I can still get into my system and decrypt remotely which is nice. I can also move the data storage disks to another system without too much hassle.

      I did have to make sure some services were fault tolerant if an encrypted volume was unavailable when the OS booted. An example of this might be torrenting software, I needed to make sure the temporary storage was on an encrypted volume. The software had a sane fault mode when the final storage location was unavailable, but freaked out for some reason when the temp storage was missing.

      Once set up the whole thing is pretty easy to manage.