Added homeassistant to the homelab

ansible/playbooks/homeassistant.yaml

@@ -0,0 +1,6 @@
+---
+- name: Deploy Home Assistant on Minisforum
+  hosts: minisforum
+  become: yes
+  roles:
+    - homeassistant

ansible/roles/homeassistant/handlers/main.yaml

@@ -0,0 +1,4 @@
+---
+- name: reload systemd
+  systemd:
+    daemon_reload: yes

ansible/roles/homeassistant/tasks/main.yaml

@@ -0,0 +1,88 @@
+---
+- name: Install Docker prerequisites
+  apt:
+    name:
+      - ca-certificates
+      - curl
+    state: present
+    update_cache: yes
+
+- name: Create apt keyrings directory
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
+
+- name: Download Docker GPG key
+  get_url:
+    url: https://download.docker.com/linux/debian/gpg
+    dest: /etc/apt/keyrings/docker.asc
+    mode: "0644"
+
+- name: Add Docker apt repository
+  apt_repository:
+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian trixie stable"
+    state: present
+    filename: docker
+
+- name: Install Docker CE and Compose plugin
+  apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-buildx-plugin
+      - docker-compose-plugin
+    state: present
+    update_cache: yes
+
+- name: Enable and start Docker
+  systemd:
+    name: docker
+    enabled: yes
+    state: started
+
+- name: Add nik to docker group
+  user:
+    name: nik
+    groups: docker
+    append: yes
+
+- name: Create HA config directory
+  file:
+    path: /home/nik/homeassistant/config
+    state: directory
+    owner: nik
+    group: nik
+    mode: "0755"
+
+- name: Deploy docker-compose.yaml
+  template:
+    src: docker-compose.yaml.j2
+    dest: /home/nik/homeassistant/docker-compose.yaml
+    owner: nik
+    group: nik
+    mode: "0644"
+
+- name: Deploy systemd unit
+  template:
+    src: homeassistant.service.j2
+    dest: /etc/systemd/system/homeassistant.service
+    mode: "0644"
+  notify: reload systemd
+
+- name: Deploy base configuration.yaml
+  template:
+    src: configuration.yaml.j2
+    dest: /home/nik/homeassistant/config/configuration.yaml
+    owner: nik
+    group: nik
+    mode: "0644"
+    force: no
+
+- name: Enable and start homeassistant
+  systemd:
+    name: homeassistant
+    enabled: yes
+    state: started
+    daemon_reload: yes

ansible/roles/homeassistant/templates/configuration.yaml.j2

@@ -0,0 +1,7 @@
+# Home Assistant configuration
+http:
+  use_x_forwarded_for: true
+  trusted_proxies:
+    - 127.0.0.1
+    - 192.168.7.0/24
+    - 10.42.0.0/16

ansible/roles/homeassistant/templates/docker-compose.yaml.j2

@@ -0,0 +1,10 @@
+services:
+  homeassistant:
+    container_name: homeassistant
+    image: ghcr.io/home-assistant/home-assistant:stable
+    network_mode: host
+    volumes:
+      - /home/nik/homeassistant/config:/config
+      - /etc/localtime:/etc/localtime:ro
+    restart: unless-stopped
+    privileged: true

ansible/roles/homeassistant/templates/homeassistant.service.j2

@@ -0,0 +1,15 @@
+[Unit]
+Description=Home Assistant (Docker Compose)
+Requires=docker.service
+After=docker.service network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory=/home/nik/homeassistant
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose down
+User=nik
+
+[Install]
+WantedBy=multi-user.target

manifests/homeassistant/homeassistant.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: homeassistant
+  namespace: default
+subsets:
+  - addresses:
+      - ip: 192.168.7.77
+    ports:
+      - port: 8123
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: homeassistant
+  namespace: default
+spec:
+  ports:
+    - port: 8123
+      targetPort: 8123
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: homeassistant-cert
+  namespace: default
+spec:
+  secretName: homeassistant-tls
+  issuerRef:
+    name: internal-ca-issuer
+    kind: ClusterIssuer
+  dnsNames:
+    - ha.home.arpa
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: homeassistant
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`ha.home.arpa`)
+      kind: Rule
+      services:
+        - name: homeassistant
+          port: 8123
+  tls:
+    secretName: homeassistant-tls

values/pihole.yaml

@@ -78,3 +78,4 @@ dnsmasq:
     - address=/traefik.home.arpa/192.168.7.77
     - address=/photoview.home.arpa/192.168.7.77
     - address=/gitea.nik4nao.com/192.168.7.77
+    - address=/ha.home.arpa/192.168.7.77