- Nix 82.9%
- JavaScript 6.3%
- Shell 6%
- HTML 4.8%
|
Some checks failed
module-ci / validate modules and profiles (push) Failing after 1s
This reverts commit
|
||
|---|---|---|
| .claude | ||
| .forgejo/workflows | ||
| _Before | ||
| docs | ||
| modules | ||
| profiles | ||
| scripts | ||
| upstream | ||
| .gitignore | ||
| CLAUDE.md | ||
| LICENSE | ||
| README.md | ||
MDMZ
ESPO's open-source self-hosted fun zone. Declarative NixOS profiles that turn bare metal into a running platform — k3s, Forgejo, Woodpecker, Cloudflare Tunnel, Ollama, and whatever else is bolted onto *.espoautos.com — via a single apply.
MDMZ is a fused downstream of two upstream projects, reviewed weekly through a Claude-driven CI pipeline and human-approved pull requests.
Lineage
MDMZ draws from two upstream sources:
- Trevato/open-platform — Helm chart with Forgejo, Woodpecker, MinIO, Mailpit, Postgres, and oauth2-proxy
- vespo92/open-platform-infra — NixOS + K3s + Traefik + MetalLB + Flux + vCluster infrastructure layer
Both sources remain tracked as living repositories under upstream/, with weekly diffs and human-reviewed ingestion into MDMZ's module system.
MDMZ is a sibling of vespo92/nick-rig. Same scaffold, same two upstreams, different target: nick-rig targets Ubuntu, MDMZ targets NixOS. The two use distinct apiVersion namespaces so modules are not silently portable.
Home
MDMZ lives on Forgejo. No GitHub.
- Repo:
https://forgejo.espoautos.com/espoautos/mdmz - CI: Forgejo Actions (
.forgejo/workflows/) - Public deploy:
*.espoautos.comvia Cloudflare Tunnel
Quickstart
git clone https://forgejo.espoautos.com/espoautos/mdmz.git
cd mdmz
./scripts/mdmz apply profiles/espoautos.yaml
The apply engine remains unimplemented in the MVP; the repository currently provides the declaration layer (modules, profiles, contract, CI) to allow schema stabilization before runtime development.
Repository Structure
mdmz/
├── CLAUDE.md # policy for humans + agents
├── upstream/ # frozen snapshots of the two upstreams
│ ├── trevato-open-platform/
│ └── vespo92-open-platform-infra/
├── modules/ # reusable, opinionated building blocks
├── profiles/ # declarative compositions (one per hardware target)
│ └── espoautos.yaml # the reference profile
├── _Before/ # historical snapshot from ChildCompanies (read-only)
├── .claude/ # agent + slash-command config
├── .forgejo/workflows/ # CI: module-ci + weekly upstream-sync
├── scripts/ # mdmz CLI + sync helpers
└── docs/ # architecture, module contract, ingestion policy
Three Layers
| Layer | Purpose | Owner |
|---|---|---|
| Upstream | Source snapshots of lineage repos | Automated (weekly) |
| Modules | Reusable, opinionated building blocks | Humans + Claude |
| Profiles | Declarative compositions for hardware | Humans |
Origin
MDMZ is what ESPO's ChildCompanies/ directory grew up to be. The old tree (NixOS configs, foospxe PXE boot, enrollment-web, infrastructure docs) is preserved under _Before/ as historical context.
License
MIT (inherited from both upstreams and from the nick-rig scaffold).
Contributing
Review CLAUDE.md and docs/module-contract.md before submitting pull requests with new modules or profiles.