While setting up a new NixOS server VM, I’d like to take that as an opportunity to finally encrypt my data with LUKS/ dm-crypt.
As I don’t have physical access to its host machine, probably asking for the password at each boot is the way to go.
Is anyone already using such a setup? To avoid downtime in case of an unattended reboot, I’d like to be notified about the need of entering a password.
For both security and simplicity reasons, it’d be nice to put the disk unlock process as early into the boot process as possible. One popular approach seems to be including dropbear as a light-weight SSH server into the initramfs and then unlock via that. Does anyone have a configuration for that?
Curious about your approaches!