this post was submitted on 07 Jul 2024
46 points (97.9% liked)

Selfhosted

40573 readers
175 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

If I have a home server connected to Proton Drive for example, would that be sufficient to back up my data?

you are viewing a single comment's thread
view the rest of the comments
[–] bluespin 1 points 5 months ago (3 children)

I may be missing something in your use case. As long as you have the port forwarded you can decrypt from anywhere. Use pub key auth and you're good to go

[–] peregus 3 points 5 months ago* (last edited 5 months ago) (2 children)

You're just missing the part where I want to be on vacation without the need to find a decent Internet connection to boot my server because the power went off. What's the plus of encrypting the OS partition too?

[–] bluespin 2 points 5 months ago (1 children)

Fair enough. Every service I run depends on encrypted data, so starting the machine without decrypting isn't worthwhile in my case. I have to decrypt to get everything back up after power loss anyway.

Main advantages I'm aware of for full disc encryption are encrypted swap and system config. Overkill for some use cases so YMMV, but wanting to point out that decrypting at boot can be done.

[–] peregus 1 points 5 months ago

Thanks for your point of view. All of my services are containers that have config and data folder bind mounted from an encrypted partition. After power on, a script download from a website half of the key needed to decrypt data, the other half is in the boot partition. In this way if my server gets stolen I can delete the half key stored on the website and the data disk can't be decrypted. About swap, you're right, but that doesn't worry me at all since I don't think that there's anybody that would goes into that trouble just for my data. If someone is able enough and takes the trouble to read it, I guess that's going to be the last of my problem: it would mean that I'm already in biiiiig troubles! 😆