In what way is TPM protecting your data if someone steals the entire server? TPM only ensures that the boot environment has not been modified. Whatever key is being used to automatically decrypt the disk would be in the clear.

Unless I'm misunderstanding your situation, I think you should look up the "Evil Maid Attack" to better understand how to mitigate risk for your threat model.