I need a solution which abstracts redundancy and bitrot mitigation/detection and presents itself as a single block device (via NBD for example) over the wire. To be used with LUKS on the other side of the wire.
Simply using mdadm to consolidate a bunch of drives in some RAID configuration and NBD that seems to be too simplistic, doesn’t mitigate bitrot.
Rooting out bitrot: use ECC memory. And a strong encryption-algorithm to sign data sets. But the easiest option: use different vendors for your RAID storage drives. If one particular batch from a particular manufacturer fails, the remaining disks would still hold your data as these are not from that same batch of drives.