If I have a home server connected to Proton Drive for example, would that be sufficient to back up my data?

  • thayer
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    5 months ago

    And I would argue that all data should be encrypted now, even the working copy. If you have data that’s worth backing up, you probably don’t want it in the hands of criminals or weirdos either.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      It’s so easy to set up, just tick a box during os install most times. Then if you do rcline just use an encrypt on top of your remote, make sure your conf is backed up, and you’re golden

      • peregus@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        If you tick the encryption box during install, you will have to enter the decrypt password at every boot and that means that if the power goes out for long enough (UPS doesn’t keep the server up for hours), I (and my family) will not have access to the self hosted stuff until I’ll be home and this is why I encrypt only the data partition and not the boot one.

          • peregus@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            That’s interesting, but that won’t help if I’m away or on vacation on the other side of the world

            • bluespin@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              I may be missing something in your use case. As long as you have the port forwarded you can decrypt from anywhere. Use pub key auth and you’re good to go

              • peregus@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                edit-2
                5 months ago

                You’re just missing the part where I want to be on vacation without the need to find a decent Internet connection to boot my server because the power went off. What’s the plus of encrypting the OS partition too?

                • bluespin@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  5 months ago

                  Fair enough. Every service I run depends on encrypted data, so starting the machine without decrypting isn’t worthwhile in my case. I have to decrypt to get everything back up after power loss anyway.

                  Main advantages I’m aware of for full disc encryption are encrypted swap and system config. Overkill for some use cases so YMMV, but wanting to point out that decrypting at boot can be done.

                  • peregus@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    5 months ago

                    Thanks for your point of view. All of my services are containers that have config and data folder bind mounted from an encrypted partition. After power on, a script download from a website half of the key needed to decrypt data, the other half is in the boot partition. In this way if my server gets stolen I can delete the half key stored on the website and the data disk can’t be decrypted. About swap, you’re right, but that doesn’t worry me at all since I don’t think that there’s anybody that would goes into that trouble just for my data. If someone is able enough and takes the trouble to read it, I guess that’s going to be the last of my problem: it would mean that I’m already in biiiiig troubles! 😆

    • satanmat@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Agreed… Yes, and… specific to backups all the encryption….

      Your production stuff, yes should be as well