{"id":51192679,"url":"https://github.com/bryandph/mandala","last_synced_at":"2026-06-27T17:01:35.411Z","repository":{"id":364009075,"uuid":"1265823440","full_name":"bryandph/mandala","owner":"bryandph","description":"Fleet contract engine for Nix flakes: schema + projection library. Describe a heterogeneous fleet once, project it to deploy-rs, ansible inventory, sops recipients, DNS/DHCP, and overlay networks. Engine only, no fleet data; deps = nixpkgs.lib.","archived":false,"fork":false,"pushed_at":"2026-06-20T05:38:42.000Z","size":222,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-20T07:16:47.904Z","etag":null,"topics":["ansible","deploy-rs","fleet-management","infrastructure-as-code","nix","nix-flakes"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bryandph.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-11T05:34:24.000Z","updated_at":"2026-06-20T05:38:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bryandph/mandala","commit_stats":null,"previous_names":["bryandph/mandala"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bryandph/mandala","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryandph%2Fmandala","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryandph%2Fmandala/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryandph%2Fmandala/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryandph%2Fmandala/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bryandph","download_url":"https://codeload.github.com/bryandph/mandala/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bryandph%2Fmandala/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34860913,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","deploy-rs","fleet-management","infrastructure-as-code","nix","nix-flakes"],"created_at":"2026-06-27T17:01:34.675Z","updated_at":"2026-06-27T17:01:35.405Z","avatar_url":"https://github.com/bryandph.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mandala\n\nFleet contract engine for Nix flakes: describe a heterogeneous fleet once —\nin your configurations — and project that single source outward to the\ntools that already manage fleets well: deploy-rs, ansible, sops, DNS/DHCP,\noverlay networks, terraform.\n\n## The arrow points outward\n\nMost fleet frameworks generate machine configuration downward from an\ninventory, and bring their own orchestration runtime with them. mandala\ninverts the arrow: **your configurations are the inventory**. A NixOS host\nauthors its own facts (`config.host.*` per the member schema); a non-NixOS\nmember (router, switch, AP, BMC, Windows box) is plain data validated\nagainst the same schema. The engine validates what the fleet declares and\ncomputes the views other systems consume — it never generates a host\nconfiguration, and it never replaces the tools that deploy, configure, or\ndistribute secrets.\n\nThat buys two things frameworks can't offer:\n\n- **A tiny, exit-friendly buy-in surface.** Adopt mandala and your\n  `nixosConfigurations` are still yours; rip it out and they still stand.\n- **Native drift detection.** Because the contract is independent of the\n  machines, there is always something to diff live state against.\n\n```\nmandala            engine (this repo): schema + lib, flake inputs = nixpkgs only\n└── \u003coperator\u003e     data flake: values filling the schema (private or public)\n    └── consumers  infra flakes pin the data flake and read projections\n```\n\nThe engine deliberately contains no fleet — no VLAN, no key, no address.\nAn operator publishes a *data flake* filling the schema; consumers pin that\none input and get validated data, the schema modules, and this library\ntogether.\n\n## Outputs\n\n- `lib.schemas.{operator,topology,member,mesh,pki}` — module paths\n  declaring the contract.\n- `lib.eval{Operator,Topology,Member,Mesh,Pki}` — validate data against a\n  schema and return it with derived fields; invalid data fails the\n  consumer's eval, not a later deploy.\n- `lib.groupsFor` / `lib.ansibleGroupsFor` / `lib.sanitizeGroupName` — the\n  one group taxonomy (and its one fan-out spelling) behind deploy-rs\n  groups, `ansible -l`, and sops recipient sets, so the authorities cannot\n  drift.\n- `lib.facter` — nixos-facter report predicates; reports corroborate\n  authored facts, they never set them.\n- `checks.\u003csystem\u003e.fake-fleet` — the engine evaluated against the bundled\n  fake fleet in `examples/fake-fleet/` (operator-value-free).\n\n## Status / roadmap (pre-1.0)\n\nThe projection layer is being lifted into this repo: pure projection\nfunctions (`lib.projections` — ansible inventory, sops config, deploy-rs\nnodes, eval-once batch builds), flake-parts shim modules, a secret-grade\nsecrets schema, a `mandala.fleet` ansible collection (eval-once build +\nfan-out deploy adapters), a CLI/TUI, `nix flake init` templates, and a\nshowcase fleet. Until 1.0, schemas and lib signatures may change without\nnotice; aggregate outputs carry a `schemaVersion` so porcelain can keep up.\n\n## Design\n\nConfigs author the inventory; projections flow outward. The engine never\ngenerates host configurations from inventory — it validates facts the\nconfigurations (and facts-only members) declare, and computes the views\nother systems consume. Toolchains (deploy-rs, nixpkgs package sets) are\ninjected as function arguments, never engine inputs: the engine's only\nflake input is nixpkgs, and lib-only consumers evaluate nothing else.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbryandph%2Fmandala","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbryandph%2Fmandala","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbryandph%2Fmandala/lists"}