I still think best would be full disk encryption with passphrase, ssh and vpn. As said there are many features a home lab would need. Physical theft is very unluckely, but if drives are thrown to garbage or for warrenty, you always want the data to be encrypted. A usb stick or passphrase for full disk encryption could help here. As said, usb stick is helping to make sure the system always comes up/back after failure.
I guess I will try out custom partitioning and full disk encryption with luks. Other datasets will use then a key for encryption residing in unlocked boot-pool.
Update: Just to mention…using luks on a zfs mirror, you would have to unlock two drives which is again…more comfort using auto unlock with usb stick…
Update: coming from openmediavault…you can prepare a debian installation according your needs and then install omv on top which is an advantage here. Thinking outside the box…