

Unless the crook happens to be extremely nerdy or its law enforcement, already being a Linux formatted partition feels it should be enough for a rando breaking in and stealing a computer.
That being said, something like a PiKVM connected to your server (and Tailscale) could let you enable both UEFI/boot password and propt for LUKS decryption upon boot.
Having had similar hardware and reading about your preferences let me throw some cents in the hat:
Sim stuff runs mostly ootb. I don’t have a fancy rig, but both my G29 and x52 pro work perfectly fine. At most, some games will map the axis wrong, but that’s easily fixable (eg. AMS2 swaps clutch and brakes and inverts all axis). The insullary apps such as TrackIR and controller stuff is already available, although not official. There’s Oversteer for wheels and GX52 for hotas.
I don’t have a TrackIR device but I’ve used FacetrackNoIR with the neuralnet face tracker and besides needing a bit of background lighting, it woked fine.
It’s not all perfect and depending on the games, it might need some tinkering. For example Mechwarrior 5 refuses to work properly with my hotas, and when I had a weaker CPU, Beam.ng was unusable with traffic/opponents. Some older titles are a pain to set up, like the older WRC games that had some obscure config files for the mappings. The upside is that you can back up your “fake windows C:” (aka as compatdata folder) once you got everything the way you like it.
I mostly do office type stuff and vector graphics along with CNC, and the proprietary software I need runs 90% fine on wine/bottles, so I haven’t had much of any blocker issues with work stuff.
I’ve been running Linux way before proton was a thing, and I’m really happy about how things are moving nowadays. I got used to the gnome workflow and now any other OS feels cumbersome and clunky, but YMMV.
TL; DR: