The services are hosted on one Vultr and four Oracle servers. A [variables file](vars/services.yaml) defines the services to be deployed or already deployed.
Our caddy server blocks IP ranges that have been involved in mass spams or botnets. The [mass spam block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). The [botnet block range file](https://raw.githubusercontent.com/return42/sandbox/main/data/searxng/ipv4_botnet.lst) is created by [return42](https://github.com/return42). Thanks to their team.
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml). We host an Authelia and Firefox stack that is restricted to specific users only. Their related files are also kept locally.
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.