Michael Vivirito

Lead Site Reliability Engineer · Building OpenWorld

A coordination layer for civic action, plus FreeBSD, Kubernetes, and self-hosted infrastructure.

Meet OpenWorld → Tour the Homelab Read the Blog

About Me

I'm a Lead Site Reliability Engineer with a decade of professional IT experience. I've been at a keyboard since I was three years old, and I've spent most of my adult life trying to understand how the layers underneath a running service actually work, from packet to process to platform.

Most of my hands-on work today sits at two ends of the same spectrum: Kubernetes and AWS on the production side, where I run highly available platforms for a living, and FreeBSD and networking on the homelab side, where I run a self-built pf router and a fleet of small services that exist mostly to keep me sharp.

The project I keep coming back to is OpenWorld, a mobile-first coordination layer for civic action. Truly open-sourcing the world: an overlay where anyone can pin a place, propose an idea, flag an issue, recognise something working, or organise a time-bounded event. People are good. Action compounds. Agency over guilt.

Before the MSP work I spent six years going up the stack the long way, IT administration at a Beverly Hills capital group, systems administration at AT&T / DirecTV, and cloud-migration leadership at a payments processor (Atlantic Pacific Processing Systems), where I led three concurrent migrations from Azure / Eukhost / Linode into a consolidated AWS environment. That route, domain controllers and Ansible fleets to AWS Control Tower and Kubernetes, is what underwrites the SRE work today.

I'm mostly self-taught but I started formal CS coursework in 2017 and finished a Bachelor's in Computer Science at Western Governors University alongside an Associate of Arts in CS, Math, and Physics from West Los Angeles College. I'm AWS-certified, a long-time FreeBSD advocate, and a committed Vim golfer.

When I'm not on call I'm usually iterating on the network, building out the FreeBSD pf router, writing about the pf rules that hold it together, or refining the NixOS configs that define everything behind it.

Looking for the longer story? The resume covers four years as a contingent SRE on an Enterprise Platforms Integration team at a top-tier technology company, plus the prior decade across payments, telecom, and financial-services infrastructure. The /now page is the current snapshot.

B.S. Computer Science A.A. CS / Math / Physics AWS Developer Associate AWS SysOps Administrator Associate CompTIA Project+ AWS Solutions Architect Associate CompTIA Security+
Michael Vivirito

OpenWorld: A Coordination Layer for Civic Action

"I just want to help make the world a better place. An overlay over the world where everyone can propose ideas to make the infrastructure of our world better. Truly open-sourcing the world."

OpenWorld is the project I keep coming back to. A mobile-first platform where anyone can pin a place and attach an idea, an issue, kudos, or a time-bounded timer event, and connect with everyone else who cares about that same square of ground. 

$ ls -lah ~/openworld/pins/
idea    · proposed improvement
issue   · something broken
kudos   · something working, worth recognition
timer   · beach cleanup · 2026-05-23 09:00

The action rails, GoFundMe, sign-ups, petitions, contact-your-rep tools, already exist. OpenWorld is the layer that lets people coordinate around them. iOS is now live on the App Store; Android in closed Play Console testing.

Download on the App Store → Meet OpenWorld www.openworld.run Why I'm Building It

Featured Projects

openworld

A mobile-first coordination layer for civic action, pin a place, propose an idea, flag an issue, give kudos, or organize an event.

Mobile + Web Showcase →

freebsd-router

Self-built FreeBSD edge router and firewall, pf, unbound, dhcpd, WireGuard. The hub of the homelab.

FreeBSD Tour the setup →

nix-config

Personal Nix configuration for reproducible system setups and development environments.

Nix View on GitHub →

media_server

Portainer stack for my media server - containerized media management and streaming infrastructure.

Docker View on GitHub →

url_runner

A URL runner game based on the browser URL snake game! Creative use of the browser address bar for gameplay.

JavaScript View on GitHub →

advantage360

Custom configuration for the Advantage360 Professional keyboard using ZMK firmware.

Shell View on GitHub →

glove80-config

Configuration for my MoErgo Glove80 keyboard - ergonomic keyboard layout optimization.

Nix View on GitHub →

Homelab: FreeBSD pf Router behind XGS-PON

At the edge of my homelab is a FreeBSD 15 box (hostname homefw) that handles every packet coming into and out of the network: WAN router, stateful pf firewall, recursive DNS, DHCP, NTP, and a WireGuard endpoint. The AT&T fiber gateway is gone; an X-ONU-SFPP XGS-PON SFP+ module takes the fiber directly and slots into one of the box's 10G SFP+ ports, so FreeBSD pulls the public IP itself. No vendor GUI, no shadow configs. Just /etc/rc.conf, /etc/pf.conf, and a git repo. 

      ┌────────────────────────────┐
      │  AT&T XGS-PON Fiber         │
      │  (SC/APC, no ISP gateway)  │
      └─────────────┬──────────────┘
                    │
      ┌─────────────▼──────────────┐
      │ X-ONU-SFPP (XGS-PON SFP+)  │
      └─────────────┬──────────────┘
                    │ ix0 (WAN, 10G SFP+)
      ┌─────────────▼──────────────┐
      │  FreeBSD 15 (homefw)       │
      │  pf · unbound · dhcpd      │
      └─────────────┬──────────────┘
                    │ ix1 (LAN trunk, 10G SFP+)
      ┌─────────────▼──────────────┐
      │     Sodola Switch          │
      └──┬──────────────────┬──────┘
         │ untagged         │ VLAN 20
      UniWorld           UniWork
      10.0.0.0/24        10.20.0.0/24

One LAN trunk down to a managed switch, two SSIDs out at the UniFi APs, with VLAN 20 (UniWork) firewalled away from the main LAN by rule. ZFS boot environments make every change reversible with a reboot.

Tour the Setup → XGS-PON Bypass Build Guide pf.conf Deep Dive

Blog

$ ls -lah ~/blog/
-rw-r--r-- 2026-05-10 xgs-pon-bypass-att-gateway.html
-rw-r--r-- 2026-05-06 truly-open-sourcing-the-world.html
-rw-r--r-- 2026-05-10 freebsd-pf-router.html
-rw-r--r-- 2026-05-03 pf-firewall-rules.html
-rw-r--r-- 2026-05-03 freebsd-jails-network.html
-rw-r--r-- 2026-05-03 freebsd-ipv6-router.html
-rw-r--r-- 2026-05-03 ipv6-prefix-delegation-troubleshooting.html
-rw-r--r-- 2026-05-03 freebsd-wireguard.html
-rw-r--r-- 2026-05-03 zfs-send-recv-replication.html
-rw-r--r-- 2026-05-03 freebsd-vs-linux-sre.html
-rw-r--r-- 2026-04-02 kubernetes-bare-metal.html
-rw-r--r-- 2026-04-02 aws-cost-optimization.html
-rw-r--r-- 2026-04-02 prometheus-grafana-monitoring.html
-rw-r--r-- 2026-04-02 why-i-run-nixos.html
-rw-r--r-- 2024-01-22 top-10-tui-apps.html

Subscribe: RSS feedNewsletter
Resources: Check out my dotfiles on GitHub

$ subscribe --to newsletter

SRE tips, FreeBSD pf and networking notes, NixOS guides, and infrastructure patterns. No spam, just signal.

Powered by Buttondown. Unsubscribe anytime. ~2 emails/month. Or grab the RSS feed.

Connect

Contact LinkedIn GitHub