hm, apparently it's pretty easy to turn a ZFS mirror of a Proxmox installation to a full disk encrypted setup wit LUKS.
Then I can remotely unlock the disks with dropbear in the initramfs.
nvm, you can just use native zfs encryption.
After the Proxmox install i booted the installer into debug mode, did snapshots of the datasets, deleted the datasets, recreated them with encryption enabled and moved the data to the now encrypted datasets. Proxmox will prompt you for the password at boot. Also there is the zfs-initramfs which works with dropbear-initramfs and I can now unlock the server remotely over SSH.
@firstname.lastname@example.org Hmm interesting, if it's really easy and clean and not cursed™, I might also do it.
Would be pretty nice to have FDE instead of just VM data encryption...
@julian I found this blog post: https://herold.space/proxmox-zfs-full-disk-encryption-with-ssh-remote-unlock/
I'll try to recreate this setup on one of my servers
Nekoverse: Put on the cat ears and experience the cutest Mastodon instance there is! ~ Cuteness thanks to 甘城なつき/Nachoneko.