> I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.
Isn't this rather trivial? You gen a keyfile, register it with luksAddKey, then update /etc/crypttab, no? The real concern is making sure that keyfile is stored securely, but you can simply symmetrically encrypt it and upload it to your favorite cloud storage provider.
Uuh, I am not sure. I believe that he was talking about having full disk encryption which means that he needs to input the password to unlock the boot partition.
You can use TPM2 to automatically unlock the root partition and not have to input a password manually at boot. This is how my laptop (running Arch, btw) is setup. Whether or not disk encryption is necessary for a system that is physically secure at home or elsewhere is debatable however. But a laptop can be easily left somewhere and disk encryption seems necessary unless it never leaves home.