Hey!
I'm new to OMV and about to build my first NAS system. My NAS is going to have two HDDs of which one will host personal data (backups, pictures, etc...) and the other one will contain media (movies, music, software, ...). I consider all the personal stuff to be irretrievable and sensible information. Therefore, I want to have it encrypted and backed up to a remote location, for instance in case the HDD or the whole NAS get stolen.
I figured that currently there are three tools for data encryption that - judging from the posts in this forum - are more or less suitable to be used with OMV:
1) TrueCrypt
2) dm-crypt/LUKS
3) EncFS
In general I imaginge the encryption to require a passphrase only after system startup. After that, I want to be able to share the encrypted data via samba as if it wasnt encrypted after all. I want the NAS to handle all the de- and encryption stuff. I also want rsnapshot creating snapshots of my backups on the NAS and rsync or duplicity to back up my most recent backup to a remote location via the internet. I don't want the media HDD to be affected by all this in any way (it shall remain unencrypted).
My current plan is to have a TrueCrypt container on the data HDD which is mounted again in OMV and shared via samba. I think this would allow me the implement all the stuff I mentioned in the paragraph above. However I'm certainly not sure if that is actually going to work, nor if it's the best solution. Especially since TrueCrypt is dead, I'd like to avoid the use of it. I also wonder what happens to the sambda share, the snapshots and the remote backup if I forget to mount the TrueCrypt container or to put in the passphrase. In that case the shared directory is probably empty and the backup software of my computer is going to build a full new backup. Also rsync and rsnapshot will probably continue to work with this "wrong" and unencrypted backup.
Edit: The other option would be to encrypt the whole data HDD with one of the other tools mentioned above. Unfortunately I was not able to determine which one I should use, how to do it and especially how that is going to interfere with OMV...
What do you think of my idea? Could you please point out different approaches to this problem? What would you recommend?
Thanks a lot for your help!