Nope. This isn’t part of my threat model.

I don’t have sensitive data and stealing a drive would be inconvenient for a thief.

I used to until I realized that I’ve got bigger threats to worry about.

And like someone else mentioned, if I have to do data recovery for some unknown reason I want to make sure the data’s not encrypted.

I keep my drives encrypted with a key currently hosted in my router hoping they wouldn’t steal that. I’m thinking of actually putting it to cloud so I can disable it remotely.

It was quite a ride to make everything work and I made a blog post explaining it so I remember what I did.

https://nowicki.io/self-hosting-lvm-raid1-with-key-over-ftp/

I use full disk encryption for every server (and other computers).

Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷‍♂️

How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?

In addition to “encryption at rest”, also consider that your devices might be exploited over the internet, so attackers may be able to access the decrypted state that way. To guard against that, you may wish to encrypt certain documents with an additional password, even if they are sitting on an encrypted file system.

Recall that within a month, the widely SSH was exploited and a backdoor added to every machine. I had upgraded to that SSH version. I didn’t run an SSH server on that box, but it goes to show that even those who take precautions can end up exploited!

On laptops yes, on my server no. Most of the data is photo backups and linux ISOs form over the years.

Yes.

My home server has dropbear-initramfs installed so that after reboot I can access the LUKS decryption prompt over SSH. The one LUKS partition contains a btrfs filesystem with both rootfs and home as subvolumes. For all the other drives attached to that system, I use ZFS native encryption with a dataset that decrypts with a keyfile from that rootfs and I have backups of an encrypted copy of that keyfile.

I don’t think there’s a substantial performance impact but I’ve never bothered benchmarking.

I did have LUKS and a USB flash drive with a key to be inserted on boot. It was definitely difficult and caused performance issues. It was particularly difficult to add/remove drives from the array. These days I only encrypt my off-site backups that sit at the office where my coworkers potentially have physical access.

There have been recent advancements in TPM so disk encryption is easier to maintain and doesn’t affect performance. I’ll need to investigate this one day. My server/NAS is a 4th-gen i5, so it may not support the functions I would need. Full disk encryption will land in Ubuntu soon. I’m hanging out for that.

No. I run my servers on low quality shit and I expect them to break any time. Never had to perform a data recovery but if I need, I’ll thank myself I didn’t encrypt my pics

I have two WebDAV shares, one unencrypted and one encrypted. The unencrypted one is for things that need to be read by other services, like legally obtained movies and tv shows. The encrypted one is for porn, mostly (also stuff like tax documents, legal contracts, etc).

This is the server I use

https://hub.docker.com/r/sciactive/nephele

It’s really easy to set it up for encryption. Also, I wrote it. :)

Yup and negligible. If I’m forced to contend with a windows environment bitlocker is utilized.

I also utilize a ram disk in a windows os. Imdisk in windows. I migrate temp files and logs into the ram disk. It saves on disk writes and increases privacy.

If pretty straightforward to encrypt if utilizing Linux right from install time.

As for my server I too utilize nextcloud. However, the nextcloud data is on a zfs dataset. This dataset is encrypted.

I did this by installing nextcloud from docker running within a proxmox container. That proxmox lxc container has the nextcloud dataset passed into it.

on my NAS i do and work data as well.

Anyone who says yes is either a professional in a field already requiring it (is aware of how to do it and what it means), retired (has unlimited time to tinker), or is Edward Snowden. For the average person, you don’t need to encrypt your disks.