Skip to content

About MDAPI

MDAPI stands for Martino Dell'Ambrogio's Personal Infrastructure. It is a personal project — run with the discipline and tooling of a production environment — that has existed in one form or another for as long as I've had something to put on a network.

The point of MDAPI has never been the stack. The point has been the operating model: declarative state, predictable upgrades, observable behaviour, secure-by-default access, and recoverable data — practiced at the scale of a household, for users who happen to be family and friends. The technology stacks are just the medium of the decade.

A network grows up

The connectivity story tracks the consumer internet itself:

  • ISDN — the original uplink. Dial-up sessions had a budget; everything that mattered had to fit on disk locally.
  • ADSL — first persistent uplink. The first time anything I ran was reachable from the outside world.
  • DOCSIS — cable broadband. First taste of asymmetric headroom that made hosting services from home plausible, and one of the few residential offers that came with a static IP — a luxury at the time.
  • A friend's datacenter rack — multi-homed fiber, real BGP-adjacent thinking, real responsibility for uptime someone else also cared about.
  • Home FTTH (XGS-PON today) — the wheel comes back around: symmetric multi-gigabit terminated on a custom-OpenWrt edge router I build myself.

Each step changed what was affordable to try — and therefore what was worth automating, observing, and protecting.

A site grows up

The hosting site followed the same arc. From tower PCs in a bedroom, through a stack of mid-tower servers, to the present: a dedicated server room with a 42U rack, redundant UPS, structured cabling, and environmental monitoring.

The stack rewrites

The thing that has stayed continuous is the willingness to rebuild. Every era has involved learning a stack, then replacing it when something better-suited arrived — never as fashion, always because the previous one stopped paying for the complexity it asked for.

Among the inflection points: Mandrake in the early days, then long Debian and Gentoo eras; Xen when paravirtualization opened up real consolidation; Proxmox + Ceph when KVM and software-defined storage caught up; QNAP and Synology appliances as fast-track NAS while custom storage matured; ProCurve when L2/L3 separation became cheap enough at home; and now Harvester HCI — RKE2 with KubeVirt — unifying virtualization and Kubernetes on the same control plane.

Underneath all of this, the hardware has been deliberately heterogeneous: SPARC workstations in the early years, generations of x86 and x86_64 servers, and a steady supply of ARM and MIPS appliances at the edge. With each, the same instinct: open the OS or firmware, understand it, and bend it as far as the hardware will allow. That thread runs unbroken from custom kernels on early Linux distributions to the OpenWrt fork on the BPI-R4 today.

Funding model

MDAPI has never had a commercial budget. It runs on three things:

  • Decommissioned enterprise hardware from employers over the years, refurbished, upgraded past its original spec, and pushed further than it was ever sold to go.
  • Donations of hardware and a small amount of money from users who depend on the services. For a stretch, a popular online game I ran even covered part of the running costs through light, unobtrusive advertising.
  • Personal funds, kept deliberately low — frugality is a design constraint, not an afterthought.

This is why every architectural decision has a cost lens on it: licenses, cloud egress, premium support, vendor lock-in. The stack you see documented here is what survives once those costs are taken seriously.

Tooling today

The latest addition to the operating model is AI-assisted operations. Day-to-day work — incident triage, runbook drafting, multi-cluster diffs, postmortems, documentation passes — increasingly happens in collaboration with Claude Code, Anthropic's terminal-resident coding agent. The co-authored commits in the GitHub mirror of the fleet repo are the visible footprint.

This is the same pattern every previous era of MDAPI has followed: when a tool meaningfully changes what's affordable to try, automate, and observe, it gets adopted — never as fashion, but because the cost it asks for is paid back in clarity and time.

What stays constant

Across thirty years of uplinks, sites, stacks and CPUs, four principles have not moved:

  1. Security first — every exposed surface assumes hostile input.
  2. Ease of operation — if it can't be debugged in the cracks between work and domestic life, it doesn't ship.
  3. Visibility — if it isn't observable, it isn't running.
  4. Data safety — backups are the only feature users notice when they need it.

Everything else on this site — Kubernetes, GitOps, WAFs, identity, image scanning, the custom router — is a way of expressing those four principles in the language of the current decade.