On Sat, Oct 4, 2025 at 5:18 PM <[email protected]> wrote: > > I've started building my home lab and currently I'm going to host stuff like > nginx, jabber server, mail, git hosting. > > The stuff I want to specially protect will likely be in e-mail and jabber > conversations contents, and situations when someone is forgetting to encrypt > them are not rare. I mean mostly received e-mails or friends who misconfigure > their Jabber clients.
Even encrypted chats can be pierced. Chelsea Manning used Off-the-record Messaging (OTR) with Adrian Lamo. Plausible deniability did not help Manning. > I want to protect against burglary and (most probable) against unwanted > access to disk contents when I give my hardware to the service to repair it. > I'm also doing torrenting (I personally don't like copyright law and support > copyleft related movements) and want to protect also against seizing hardware > by police (never happened in my home but not impossible). For Tor, you should _not_ run an exit node. From <https://blog.torproject.org/tips-running-exit-node/>: "In general, running an exit node from your home Internet connection is not recommended...". If you do run an exit node, then you are putting yourself in jeopardy of having a law enforcement visit and your equipment seized, which is directly opposed to your goals. > Do you think that it's good idea to do full disk encryption on my server? Is > remote unlocking server by supplying password through dropbear-based ssh in > initramfs secure? Others are providing input on this topic, but I will make one comment. The unattended key storage problem is a wicked hard problem in computer science. It is a problem without a solution. About the best you can do is, you are the operator to enter the key or password during boot. See Peter Gutmann's Engineering Security book, <https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>. Jeff
