You can go with something like this if you want a clean solution.

I use a drive dock station for my backup drives, and I have a few of these for one-offs too.

Crucial is fine. It’s commonly found in corporate and government workstations.

You’ve clearly done your homework, and you’ve gotten a lot of good feedback already, so I’ll just add a few points…

• Storage options: Personally, I’d replace the existing drive with the highest capacity I could afford. In an ideal situation, I’d keep the host on another drive (NVMe or flash) and dedicate the large drive to a single partition of data storage.

  In my own mini-PC (8th gen NUC), I’ve got a smaller NVMe for Proxmox and a single 8TB internal SSD for data.

• Encryption: If you’re going to bother with encryption, I wouldn’t half-ass it. Why bother at all if you’re fine using auto-decryption or a weak password that will be guessed with any sizeable effort? Just lock it down with a strong password and decrypt/mount the data drive after any reboot; making a shell alias or script for this is trivial. You’re likely not rebooting the server more than once a week anyway.

• Budget/Specs: I get the sense you don’t have much budget right now, but knowing your hardware would help in suggesting solutions. Do you have an NVMe slot? What is the make/model of the motherboard and case?

• Filesystem: For simple storage, this really doesn’t matter and Ext4 will probably be fine. It’s a mature, robust, no-frills filesystem which is perfect for bulk file storage (docs, music, videos, etc.), but Btrfs would be fine too if you want more options.

• USB Docking Stations: I’ve had really good experiences with USB docking stations like this one, and I currently use it for attaching my backup HDDs each month. I wouldn’t want to rely on them for realtime data access, but they do work wonderfully for backups and one-off drive access.

Amazon typically has a few vendors that specialize in refurbished Optiplexes and/or HP Elites in small or ultra small form factor sizes.

A word of caution about these refurbs though…the memory and storage they include are often dollar store brands (Kingfast) that I wouldn’t even trust for a child’s PC. It’s worth purchasing your own after the fact.

Your options will depend on many things…

• How much storage is needed?
• Is RAID important to you?
• Is power usage a concern?
• Noise level?

I don’t know how demanding photoprism is, but you could probably do fine with a refurbished i5/i7 Dell Optiplex or similar, with one or more SSDs added to it. If money is really tight and storage needs are high, you could go with mechanical drives instead.

The problem with enterprise servers is that are generally very loud and use a lot of power…not unlike adding a second refrigerator to your environment. In my opinion, they’re not worth it unless you have a specific use case (training for a career, etc.).

The dropbear method is more secure overall, and I plan to incorporate it as well when I find the time to wipe/reinstall my server, but it’s arguably not as easy or simple, which is what OP requested.

As mentioned elsewhere, the easiest method is to encrypt only the data drives. This way you can secure shell into the server upon restart and decrypt the data. I’ve been using this method for years now without issue.

I’ve been super happy with my 8th gen Intel NUC i5. I put it in an Akasa Turing fanless case, installed an NVMe for host OS, and an 8TB SSD for data. It’s low power and so quiet that I couldn’t imagine ever using fans again.
I also have a USB 3.2 drive dock for external backup HDDs, but I only turn it on when actively doing a monthly backup.

8TB holds more media than I’ll ever need, but I do trim movies and shows regularly. For some, 8TB won’t be anywhere near enough, and SSDs exceeding this are ridiculously expensive.

If ambient noise is a concern, I’d go with an SSD. If money is tight, an HDD will give you the best value.

My server is in an otherwise quiet home office/sitting room, so I went with an 8TB SSD (870 QVO). Spinning disks make a fair bit of noise just waking up, let alone the actual file operations.

Yep, that’s the one. We use KeePassDX on mobile and KeePassXC on the desktop.

My wife and I share a KeePass database for all of our credentials, including the keys to our digital kingdom. I document our LAN design, server setup, and general maintenance notes, which are synced between all of our devices via SyncThing.

I add notes and quick instructions to the important credentials, like “See Proxmox.md to start this service”, or “This password decrypts our file server drive…to do this, open a terminal and paste the following…”

She is comfortable pasting commands into a terminal already, so if anything ever happens to me I am confident she or my son will at least be able to access our data and move it to a more user-friendly format.

Edit: Had way too many words lol

24/7 here with a NUC 8i5 in a fanless case; all SSD. I use a simple UPS (APC 600VA) to protect the server, modem, router, and main network switch, and it survives outages up to about 30 mins.

Haha, well I’m glad it worked out in the end. Canspace has been a solid, set-and-forget service for my domains…hopefully you’ll find the same!

And I would argue that all data should be encrypted now, even the working copy. If you have data that’s worth backing up, you probably don’t want it in the hands of criminals or weirdos either.

It’s better than no backup at all, but ideally it shouldn’t be your only backup. Still, having any backup puts you ahead of the vast majority of computer users. If the data is truly of value to you, consider also keeping a second backup within your custody and away from your home.

I rotate two encrypted hard drives between work and home, performing a backup monthly and taking the newest backup to work before bringing home the previous.

• Instructional (non-tech how-to books)
• Manuals (for actual household items, vehicles, etc.)
• Programming (tech books)
• Books (everything else)

I write everything in markdown, and I mean just about everything. Tech notes, recipes, work procedures, shopping lists…everything. If you check my comment history from today, you can see a quick example of the kind of tech notes I keep (firewalld in this case).

I keep all of my plain text files synced across multiple devices using Syncthing. For desktop editors, I use mostly vim and VSCodium (though Kate is nice too), and I use Markor on Android. This workflow has been highly efficient for many years now, and I no longer waste time constantly reviewing the latest note-taking app.

I’ve been happy with whc.ca for hosting…been using their pro account for years. I generally use canspace.ca for domain registration, and have done so for more than 10 years without issue.

If it were me and there was no way to have an additional drop installed from the exterior, I would still consider running a single cable through the living space to your desired location, as discreetly as possible.

It’s difficult to suggest exactly how to do so without pics or a floorplan, but I would try to match the wall or trim color and keep the cable tucked close to the floor and/or ceiling throughout the run.

Once in place, the cable will quickly disappear into your surroundings and you’ll be left with rock solid reliable networking.

Yep, this is how we’ve kept ours for over 20 years. Even if you don’t use the command line, most graphical file browsers will search through text files without issue.