SphericalCow

In addition to drives being safer to replace and sell, encryption at rest should also protect against theft. So the scenario being someone taking the server or its drives. At least for me encrypting the drives gives a bit more peace of mind seeing as credentials for various accounts aren’t easily retrieved from the disks.

But yeah, this does not protect from data being read at runtime

If you run a system that uses dracut to manage its initramfs, then https://github.com/gsauthof/dracut-sshd might be of use to you.

I have it setup on a server running Fedora and can’t complain. When the system reboots and plymouth shows the LUKS password prompt a ssh server is started in the background as well - so I can unlock the server either using keyboard or connect via SSH. When rebuilding the initramfs (eg. for a new kernel version) the ssh server is installed and setup automatically so I don’t really have to worry about anything after the initial setup.

The hardware is good enough to to run TrueNAS with RAID yeah 😄 I have mine using raidz2 and it doesn’t break a sweat. Though I forgot to mention that I also upgraded the RAM to 32GB. The 8GB it comes with are on the lower end of TrueNASs recommendations.

Guess I need to write my first ever comment now as well haha

Can second this! Recently got a DXP6800 Plus and the hardware is great. Though I didn’t really bother with the UGREEN OS and installed TrueNAS on it fresh out of the box.

In comparison to my old 6-bay QNAP the only downside is IMO that it’s a fair bit bulkier. But it still fits nicely under a desk.