Here comes a general description of the technical setup of the instance.

Copies of this structure as outlined within the licence are encouraged to build on this setup, but should also try to mutate their versions in order to pile up knowledge, reduce the overall attack surface and promote diversity.

The instance consists of two physical servers: One in North Italy and one in South Germany.

The one in Italy has the latest Proxmox Linux installed. On the Proxmox, three virtual servers are running:

The Italian server has no open port, and in addition has not even a public IP. It punches a hole through the provider's NAT and connects via wireguard to the Server in South Germany, merging subnets.

On the Server in South Germany, two virtual Servers are running:

The dynamical dns of the reachable server in south germany is done by deSEC, an association in Berlin.

The Backups

The Backups are encrypted by the following code:

openssl enc -aes-256-cbc \
-md sha512 \
-pbkdf2 \
-iter 1000000 \
-salt \
-pass file:oi.txt \
-in /mnt/backup-hdd/dump/vzdump-vmid-date.vma.zst \
-out /mnt/backup-hdd/dump/vzdump-vmid-date.vma.zst.enc


before they are rsynced over wireguard and pub key ssh.

The overall architecture of offgpt can be summarized with the following graphic. The pink keys indicate that the backups get encrypted before being sent. The forgejo server in singapore only gets non user data related configurations backuped into private repositories:

Please contact

luca[ät]offgpt[dot]org

if you want other shell scripts or configurations.

The whole setup is open source and available in non anonymity on https://git.kaoscube.org