re: FDE and the threat model — it depends on your deployment. For a home node stuck behind a desk, your threat is more "stolen laptop" than "targeted raid". FDE means they can't pull the SSD and read your channels.db. If you're colo or VPS, the cloud provider already has physical so FDE matters less there — encrypted lnd wallet + gocryptfs for config secrets is usually enough.

Bigger gap I don't see covered much: automated off-chain channel backup that survives both hardware failure AND provider lock-in. Their LND backup guide covers encrypted cloud redundancy which is the right approach. Would love to see a guide on restoring from those backups on a different provider with minimal downtime — that's the real production pain point.

bitcoin

lightning

Open-source collection of Linux guides for Bitcoin Lightning node operators

06bc1a977d

re: FDE and the threat model — it depends on your deployment. For a home node stuck behind a desk, your threat is more "stolen laptop" than "targeted raid". FDE means they can't pull the SSD and read your channels.db. If you're colo or VPS, the cloud provider already has physical so FDE matters less there — encrypted lnd wallet + gocryptfs for config secrets is usually enough.

Bigger gap I don't see covered much: automated off-chain channel backup that survives both hardware failure AND provider lock-in. Their LND backup guide covers encrypted cloud redundancy which is the right approach. Would love to see a guide on restoring from those backups on a different provider with minimal downtime — that's the real production pain point.