[Nextgrid]

It's not trivial when it comes to a server. Sure, you can tick that checkbox you'll enable encryption, but when you reboot you realize that you can't actually SSH in it, as it's waiting for a key to be entered on the physical console.

Entering (and managing) that key is the hard part.

[jcynix]

That's what Dropbear is supposed to do, it can be included in the initramfs of a server: https://matt.ucc.asn.au/dropbear/dropbear.html

Disclaimer: I still didn't try it myself yet, but it's on my (too long) list of things to do.

[gnufx]

[I don't think it has to be dropbear specifically.] https://nixos.wiki/wiki/Remote_LUKS_Unlocking has a recipe also including Tor. You still have to be present to unlock the system, unlike with Mandos -- which I wish I'd been able to set up for our office, even before the Great Work From Home.