While you're here, please consider supporting GamingOnLinux on:
Reward Tiers:
Patreon. Plain Donations: 
PayPal.
This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!
You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Reward Tiers:
Patreon. Plain Donations: PayPal.This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!
You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register
- Nexus Mods retire their in-development cross-platform app to focus back on Vortex
- Canonical call for testing their Steam gaming Snap for Arm Linux
- Windows compatibility layer Wine 11 arrives bringing masses of improvements to Linux
- European Commission gathering feedback on the importance of open source
- GOG plan to look a bit closer at Linux through 2026
- > See more over 30 days here
How to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
How to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck- Weekend Players' Club 2026-01-16
- CatKiller - Welcome back to the GamingOnLinux Forum
- simplyseven - A New Game Screenshots Thread
- JohnLambrechts - Will you buy the new Steam Machine?
- mr-victory - Game recommendation?
- JSVRamirez - See more posts
Here's a plan:
1) Nextcloud server on Ubuntu 20.04, LUKS disk encryption + ZFS
2) weekly backup to home PC
3) once a year backup to HDD that I would keep in a storage room, not at home
4) once a year take a snapshot, pipe to gzip, encrypt and backup to S3 Glacier storage (which is pretty cheap)
- Are there any improvements you can propose?
- I would like my home server to be able to boot automatically if power goes down briefly, I tried to save a decryption key into initrams to achieve that and it works, but that renders encryption pretty useless. Is there a way to only decrypt and boot when some kind of USB key is present?
Maybe I should encrypt only data partition and write some bash to read USB, mount data partition, then start nginx, php, etc.?
Thanks!
https://puri.sm/products/librem-key/
I have Nextcloud in a VM on Proxmox. If I need to start/restart it remotely, I connect with OpenVPN and then SSH into the VM or use Proxmox's web gui.
View PC info
Actually, this gave me a simpler and cheaper idea: USB drive with a boot partition and grub.
The steps would look like:
1) Install Ubuntu with separate unencrypted /boot (default when you select full disk encryption)
2) Create a decryption key for LUKS partition and keep it on that LUKS partition, generate initramfs with that key
3) Copy grub and boot to a USB drive
4) Test booting from USB drive
5) Delete grub and boot from server, overwrite free space with zeroes
In case you break or loose the key, you still have the passphrase to unlock the disk.
What is the purpose of the encryption? Like what are you wanting to do?
Either you need manual intervention to unlock the encryption on boot, or you'd need the keys initramfs usb to boot, etc.
Maybe instead of full disk encryption run by the root, perhaps move the encryption toward user space?
I know NextCloud has an encryption module built in. Would something like that work?
So far 3 use cases for that kind of encryption (USB key always in):
1) The disk is bad, I want to replace it. No need to worry about data on a bad disk.
2) Police comes in without any good reason and wants to seize all my digital devices.
Take out and lose the USB key and shutdown the server.
3) I'm moving and want to leave my server with a 3rd party for a while
I looked into that, and they only have a manual for enabling server-side encryption, zero-access encryption is also declared but I did not find any manual on that.
A thief might leave the usb key, or break it as they're running off with your hardware.
I still think just typing in a password on boot is most sensible. Unless you're treating this as a learning exercise, in which case go right ahead and describe your experiences somewhere online for posterity. :-)
As for the backups, I run NC in docker in a PC with RAID 10 and drive encryption at home. With rsync I upload incrementally the content each night to Backblaze -cheaper than Glacier- when the network is pretty much unused.
So far has been a quite solid solution.
Thanks, it's great to know of an alternative. Although just now I found even cheaper Amazon storage class - S3 Glacier Deep Archive.
It would cost me crazy 0.36 + taxes per month to store 200 GB of data, and about 6 USD to retrieve it (which hopefully never happens, as it would mean 2 of my HDDs are dead or lost).
It takes up to 12h to access data, but that's not a problem for me.
View PC info
Slightly more on topic, my S3 Glacier-Tier $.0002 on Nextcloud: Upgrade woes & half-baked features that keep getting added left me pretty disappointed with NC; though I was a very enthusiastic user in the beginning. I'm sure using it for storage only would be less of a hassle compared to crash-prone Collabora & Only Office; though in that case I suspect just using native ZFS encryption with standard unix tools for moving data in & out would be a better choice.