The entire design is going to have to be yours, and you are going to have to set up security at each level. You will have to figure out how they will access the central location securely, and as nihil said, control access to only what they need.

But for the server, the easiest solution is to just encrypt the entire server ( OS included ).
This won't stop a hacker from breaching the system ( you need other measures for that because while running everything is unencrypted ) but once it is powered down they will need the passphrase or token to retrieve the data.
If the server location is manned, then with something like DM-Crypt with LUKS, you can simply wipe the header information on the partitions to make the data mostly unrecoverable ( though the information could be obtained from any backups so you would have to protect them as well. ) That would solve the problem of time to wipe the drives; a script could be written for that. Then included in the script ( if there is time ) overwrite the entire partitions just to make sure.

( see DM-Crypt with LUKS for an intro on how to set up encrypted system )

The server would need an adequate UPS, plenty of memory, and the memory would need to be verified prior to using in such a scenario to prevent corruption of data while in use.

Again, there is no one complete solution. A stealth break-in to an unmanned facility would be bad!

If using a physical token and having it in the only available usb, unplugging it would start a wiping script. Who cares if they have the passphrase on the usb if there are no partitions that use it! ( might be a chicken and the egg problem here, but that would have to be worked out. ) Problem with this, if they physically kill the power first, then clone the drives and work off cloned drives they have the token.

But, if you do not use a physical token, then setting up a script ( after locking down the case ) that any device plugged into say, a usb, would also trigger a script to wipe the LUKS header info and then overwrite the drives may do what you want. Or a case open alarm would do the same thing. But if they clone the drives ( as above ) they would still need the passphrase from someone who knows it.

I have never tried to use these scenarios before, just bouncing ideas.

And I take exception to the phrase meathead marine !!

Using something like TrueCrypt you could possibly have a partition inside a partition. If the wrong passphrase is given ( or you enter it on purpose ) it unlocks the both inner and outer partitions, and when the inner is mounted it auto runs a script and wipes them. I don't know how quick that can be done as I have not used TrueCrypt in quite some time.
Again, just ideas.