secure-luks-dropbox

This project is a secure self-hosting system built around a Raspberry Pi 4 Model B and a Raspberry Pi Zero 2 W. The Pi 4B hosts the primary services from a remote location, such as a friend’s house, allowing those services to stay online independently of my home internet connection. Rather than encrypting the full operating system, the design uses an encrypted data partition that protects sensitive files while keeping the core system bootable. The Pi Zero 2W functions as a passive, offline unlock device that stores or provides the information needed to decrypt that partition. It does not actively connect to networks or the internet during normal operation, which is refreshing in an age where even refrigerators demand cloud accounts.

The goal of the project is to balance uptime, privacy, and practical trust boundaries using inexpensive hardware. By hosting the server elsewhere, the system gains resilience against outages at home. By keeping the unlock device offline and physically separate, the remote host cannot casually inspect the encrypted data. Wireless interception attacks are effectively removed from the threat model because the Pi Zero is not participating in live network communication. Access would instead require a physical man-in-the-middle attack: obtaining the device or storage media, examining the hardware, and understanding the custom setup well enough to replicate or subvert it. In short, it is an experiment in making self-hosted infrastructure harder to snoop on without turning it into an enterprise compliance nightmare built by committee.