So I've seen some conversation around here, most of which were older and dated and not talked about much lately. So I wanted to start a fresh thread on this idea and see if anyone has successfully done it, and/or would like to share some insight/input on where to make the appropriate configurations. I've read a lot from Zack Reed whose script I believe is the basis of the SnapRAID script, and came about this thread: https://zackreed.me/encrypted-snapraid/.
I've got my encrypted disks setup, I've got the keyfiles created on an external USB drive, that I'd like to use as my way too simply "lock" the drives. What I need to do now, is alter the cryptTab and FStab to support mounting these automatically. Problem is, I'm not sure where to make these specific changes, as I recall OMV overwrites at least specifically the FStab through some normal configurations - aka upon restart I'll lose these changes.
An alternative option I might entertain, is storing the keyfiles on the system drive, but then having a mechanism to stop the boot of the OMV system drive without a USB device plugged in and available. Could simply be a keyfile for LUKS encryption on the system drive, or some other mechanism available that perhaps I don't even know of.
Is anyone able to shed some light on this dream of having a fully encrypted OMV system that can have a simple USB device removed to render the drives unreadable? The goal here is security and privacy. I'd like to ensure that if a drive was ever stolen/lost, it could not be read. I'd also like to produce a mechanism to "pull the plug" on the system if I was ever being forced to turn over drives. Call me paranoid, but with the advent of things these days, I'd love to have the peace of mind that it's possible.
SIDE NOTE: Any impact folks have seen on performance of things like NFS/CIFS/AFP transactions and/or throughput with the use of LUKS on their disks?