this post was submitted on 25 Nov 2025
30 points (96.9% liked)

Selfhosted

53139 readers
895 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
30
How do you deal with LUKS? (lemmy.world)
submitted 6 hours ago by InternetCitizen2@lemmy.world to c/selfhosted@lemmy.world
11 comments fedilink hide all child comments
 

So I was reading this. And it seems pretty good. In my current set up if my server ever just restarts or something I just kind of don't have it until I get home. Which is no issue because my set up is just local anyway hehe. Still I am thinking of changing my set up to be more of a real server. I don't really need the encryption, but I have it and feel I should use it out of some principle of the matter.

So what is the workflow that people use if they need to restart or there is a power outage and want the server to turn itself back on, but no one would be around to unlock the LUKS?

top 11 comments
sorted by: hot top controversial new old
[–] gabmus@retrolemmy.com 1 points 21 minutes ago

I literally set up encryption on a server with a usb drive a couple weekends ago, I did a writeup on my blog if you're interested

[–] imnotroot@lemmy.ml 1 points 1 hour ago (1 children)

I use Clevis and Tang setup. I installed tang on RPi which also my NUT server. I installed clevis on all my Linux servers for the network-bound disk encryption.

[–] lazynooblet@lazysoci.al 1 points 21 minutes ago

NUT server

[–] glizzyguzzler@piefed.blahaj.zone 9 points 6 hours ago (1 children)

I have a USB drive with the key on it. The primary purpose for LUKS for me is so that drives I replace don’t need to be wiped, so I just leave the USB drive in all the time. Makes it so it boots automatically.

If I lived in a place I owned, I’d stash a rpi somewhere deep and have it do network dropbear automatic unlock to protect the data if the server is nicked. Till then it’s yolo

[–] InternetCitizen2@lemmy.world 3 points 6 hours ago

The top paragraph is something I was curious about, the second reminded me that I have an RPI 3B that is not doing anything...

[–] ryokimball@infosec.pub 12 points 6 hours ago (2 children)

You can configure Dropbear to allow SSH unlocking. I have also heard of some key management software over network that can perform this role for you as well.

[–] vhstape@lemmy.sdf.org 7 points 5 hours ago

This is how I do it. I followed this guide to get it set up, and this one to make it work behind a VPN (Tailscale)

[–] InternetCitizen2@lemmy.world 3 points 6 hours ago

I've never heard of Dropbear. Seems like a handy thing

[–] Neptr@lemmy.blahaj.zone 4 points 6 hours ago (1 children)

You could setup LUKS TPM unlocking.

[–] InternetCitizen2@lemmy.world 2 points 6 hours ago (1 children)

I actually looked into that, but my server is a very old optiplex that dos not have one.

[–] Neptr@lemmy.blahaj.zone 3 points 6 hours ago

Maybe a setup FIDO2 LUKS unlocking, but that requires a security key: https://www.privacyguides.org/en/security-keys/