My system has a 1TB NVME and a 16TB USB HDD, and 64GB RAM.
I want to use mandos to auto-decrypt the drives using a key that it will retrieve from a RPi.
I'm not planning to encrypt the root partition, because each time Proxmox updates it could overwrite the mandos modifications, and there won't really be anything sensitive in that partition anyway.
So, replicating the partition layout from my old SSD which I'm replacing, the 1TB NVME will have:
1M partition
1G /boot/efi
256GB root partition (also containing home and a swap file)
674GB ZFS pool partition, containing my VMs/LXCs, including my PBS backups, which I'll also clone to the cloud.
The 16TB USB HDD will just be formatted as a single partition, either LVM or ZFS, but I probably don't have enough RAM to use ZFS for a drive that big.
I know mandos (and dropbear) work with LVM ext4 partitions encrypted with LUKS/dmcrypt, but does it work with ZFS partitions using native encryption, or would I have to use dmcrypt on the ZFS partition too?
I want to use mandos to auto-decrypt the drives using a key that it will retrieve from a RPi.
I'm not planning to encrypt the root partition, because each time Proxmox updates it could overwrite the mandos modifications, and there won't really be anything sensitive in that partition anyway.
So, replicating the partition layout from my old SSD which I'm replacing, the 1TB NVME will have:
1M partition
1G /boot/efi
256GB root partition (also containing home and a swap file)
674GB ZFS pool partition, containing my VMs/LXCs, including my PBS backups, which I'll also clone to the cloud.
The 16TB USB HDD will just be formatted as a single partition, either LVM or ZFS, but I probably don't have enough RAM to use ZFS for a drive that big.
I know mandos (and dropbear) work with LVM ext4 partitions encrypted with LUKS/dmcrypt, but does it work with ZFS partitions using native encryption, or would I have to use dmcrypt on the ZFS partition too?