I did have LUKS and a USB flash drive with a key to be inserted on boot. It was definitely difficult and caused performance issues. It was particularly difficult to add/remove drives from the array. These days I only encrypt my off-site backups that sit at the office where my coworkers potentially have physical access.
There have been recent advancements in TPM so disk encryption is easier to maintain and doesn’t affect performance. I’ll need to investigate this one day. My server/NAS is a 4th-gen i5, so it may not support the functions I would need. Full disk encryption will land in Ubuntu soon. I’m hanging out for that.
My backup solution is hard to setup and maintain, but shouldn’t be terrible for someone else to recover from.
All the phones sync to nextcloud when on wifi and charging. My server has alternating encrypted backups, and one is always off-site.
If I go, my wife can plug it in and punch in the password. Hopefully that’s enough.
OK, here’s how it happened.
I was hungry, and I wanted to see the menu for my local pizza joint. I couldn’t find it anywhere.
I discovered that all their socials linked to a website that wouldn’t load. When I checked, the domain had lapsed.
Out of frustration, I purchased the domain and pulled the last snapshot of their website off archive.org. It had their full menu as a PDF.
6 months later and it’s still getting visitors from their facebook page, who are viewing the menu. They haven’t even realised.
Public-facing: Password generator, stored in a password manager.
Internal LAN: Everything gets the same re-used, low-effort password.
Nobody is going to hack my CUPS server.