Hello,
I have a small home server with an Intel CPU (i7-1260P), 64 GB DDR4 RAM and 3x M.2 SSDs. So far, I have not used Proxmox because I do not want to run my server without encryption, and unfortunately, Proxmox does not offer encryption. However, I only want to encrypt certain VMs. Specifically, those that contain sensitive data, to protect myself from a physical attack. Now, I have devised a solution with Proxmox and would like to present it to you and ask if this is possible with Proxmox.
Initially, I am planning to operate only 2 VMs. One VM with Pi Hole and another VM with my Nextcloud. I do not want to encrypt Proxmox itself, so that Proxmox can restart by itself after a crash or reboot without me having to enter a password. The Pi Hole VM should also be able to restart without my intervention. The Nextcloud VM should be completely encrypted, and it is okay if I need to remotely access the system to decrypt this VM.
My plan is as follows: I install Proxmox on SSD 1. Then I create two partitions on SSD 2. One partition is unencrypted and will be used for all VMs that do not require encryption. The other partition is encrypted with LUKS and is where all VMs that need to be encrypted will be stored. Is this easily doable, or will Proxmox not be able to handle an encrypted partition? Then I would start my server, Proxmox starts automatically, and the Pi Hole VM as well. After that, I remote into the system and enter the password for the LUKS encrypted partition. Then I log into Proxmox and start the Nextcloud VM.
Backup: I also want to create backups. These should then be stored on SSD 3. But of course, there also need to be two partitions there. An unencrypted and an encrypted one. I can choose where the backups are stored when setting up the backup jobs. For the Pi Hole VM, I would then select the unencrypted partition through Proxmox, and for the Nextcloud VM, I would choose the encrypted partition.
Somehow, this seems too simple to me. Have I made any logical errors?
Thank you in advance and best regards
I have a small home server with an Intel CPU (i7-1260P), 64 GB DDR4 RAM and 3x M.2 SSDs. So far, I have not used Proxmox because I do not want to run my server without encryption, and unfortunately, Proxmox does not offer encryption. However, I only want to encrypt certain VMs. Specifically, those that contain sensitive data, to protect myself from a physical attack. Now, I have devised a solution with Proxmox and would like to present it to you and ask if this is possible with Proxmox.
Initially, I am planning to operate only 2 VMs. One VM with Pi Hole and another VM with my Nextcloud. I do not want to encrypt Proxmox itself, so that Proxmox can restart by itself after a crash or reboot without me having to enter a password. The Pi Hole VM should also be able to restart without my intervention. The Nextcloud VM should be completely encrypted, and it is okay if I need to remotely access the system to decrypt this VM.
My plan is as follows: I install Proxmox on SSD 1. Then I create two partitions on SSD 2. One partition is unencrypted and will be used for all VMs that do not require encryption. The other partition is encrypted with LUKS and is where all VMs that need to be encrypted will be stored. Is this easily doable, or will Proxmox not be able to handle an encrypted partition? Then I would start my server, Proxmox starts automatically, and the Pi Hole VM as well. After that, I remote into the system and enter the password for the LUKS encrypted partition. Then I log into Proxmox and start the Nextcloud VM.
Backup: I also want to create backups. These should then be stored on SSD 3. But of course, there also need to be two partitions there. An unencrypted and an encrypted one. I can choose where the backups are stored when setting up the backup jobs. For the Pi Hole VM, I would then select the unencrypted partition through Proxmox, and for the Nextcloud VM, I would choose the encrypted partition.
Somehow, this seems too simple to me. Have I made any logical errors?
Thank you in advance and best regards
