this post was submitted on 29 Jun 2023
0 points (50.0% liked)

Selfhosted

40246 readers
858 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I would like to run Paperless in my homeserver. While this server is not running sensitive data, this would change once paperless gets to manage all my invoices, bank statements, health docs and so on. So while running my Proxmox VMs and LXCs unencrypted, in this case I'd like to encrypt paperless-ngx data so that if someone steals the machine, manual decryption would be necessary. Does anyone have an idea how to achieve that?

top 2 comments
sorted by: hot top controversial new old
[–] vegetaaaaaaa@lemmy.world 5 points 1 year ago

Full disk encryption of the underlying disk (cryptsetup/LUKS)

[–] TheHolm@aussie.zone 3 points 1 year ago

Put docker to ZFS ( you should do it anyway regardless of encryption) and use ZFS native encryption. Benefits over other filesytems that you can load/unload decryption keys to sensitive data only when need to access it. And you can backup it in encrypted form, so you backup software will never see plain text. You can do similar stuff with VeraCrypt or other encrypted volumes and bind mount.