moore home assistant

apps/homeassistant/base/deployment.yaml

@@ -34,4 +34,3 @@ spec:
         - name: config-dir
           persistentVolumeClaim:
             claimName: config
-

apps/homeassistant/base/ingress.yaml

@@ -1,17 +1,17 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: homeassistant-ingress
+  name: homeassistant
 spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`home.kluster.moll.re`) && !Path(`/api/prometheus`)
+    - match: Host(`homeassistant.kluster.moll.re`)
       middlewares:
-        - name: homeassistant-websocket
+        - name: homeassistant
       kind: Rule
       services:
-        - name: homeassistant-web
+        - name: homeassistant
           port: 8123
   tls:
     certResolver: default-tls
@@ -19,7 +19,7 @@ spec:
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-  name: homeassistant-websocket
+  name: homeassistant
 spec:
   headers:
     customRequestHeaders:

apps/homeassistant/base/kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # - namespace.yaml # not managed by kustomize but created as needed by the argo app. creates conflicts otherwise since both overlays share the same namespace
+  - ingress.yaml
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - servicemonitor.yaml
+
+
+images:
+  - name: homeassistant
+    newName: homeassistant/home-assistant
+    newTag: "2025.10"
+
+configurations:
+  # allow nameReference to work with different mentions of the same resource as well
+  - name_reference.yaml

apps/homeassistant/base/name_reference.yaml

@@ -0,0 +1,23 @@
+nameReference:
+  # Tie target Service metadata.name to other ingressroute fields
+  - kind: Service
+    fieldSpecs:
+      # rewrite the backend service name
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/services/name
+
+      # adapt the ingress url
+      # DOES NOT WORK
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: /spec/routes/match
+        create: false
+
+      # adapt any middleware names
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/middlewares/name

apps/homeassistant/base/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: homeassistant-web
+  name: homeassistant
   labels:
     app: homeassistant
 spec:
@@ -10,4 +10,4 @@ spec:
   ports:
   - port: 8123
     targetPort: 8123
-    name: http
+    name: http

apps/homeassistant/kustomization.yaml

@@ -1,18 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: homeassistant
-
-resources: 
-  - namespace.yaml
-  - ingress.yaml
-  - pvc.yaml
-  - service.yaml
-  - deployment.yaml
-  - servicemonitor.yaml
-
-
-images:
-  - name: homeassistant
-    newName: homeassistant/home-assistant
-    newTag: "2025.10"

apps/homeassistant/overlays/flat/ingress.patch.yaml

@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/routes/0/match
+  value: Host(`home.kluster.moll.re`)

apps/homeassistant/overlays/flat/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+namespace: homeassistant
+nameSuffix: -flat
+
+
+patches:
+  - path: ingress.patch.yaml
+    target:
+      kind: IngressRoute

apps/homeassistant/overlays/house/ingress.patch.yaml

@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/routes/0/match
+  value: Host(`home-house.kluster.moll.re`)

apps/homeassistant/overlays/house/kustomization.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+  - wireguard-config.sealedsecret.yaml
+
+
+namespace: homeassistant
+nameSuffix: -house
+
+images:
+  - name: wireguard
+    newName: ghcr.io/linuxserver/wireguard
+    newTag: "1.0.20250521"
+
+patches:
+  - path: wireguard.deployment.yaml
+    target:
+      kind: Deployment
+      name: homeassistant
+  - path: ingress.patch.yaml
+    target:
+      kind: IngressRoute

apps/homeassistant/overlays/house/wireguard-config.sealedsecret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: wireguard-config
+  namespace: homeassistant
+spec:
+  encryptedData:
+    wireguard.conf: AgBPtOEhM6iYYY/0qc85R3dPLNBmJ/W/Xi2NHZ96hF4nR+XwoAug+O5rFU2D124HRiQF0JmlI5OIF0Ze86vcSnhjEFvKV1FjvsSgRl1caKMUf4B6KJq4ykeeWl3I0cclYGAznvkLJ7eKjZLlUaQKUrOhbKIoiXABUjxk4BPcF9ESj1hx5CHzjHi4nghyUji7DSg5424OifSUA2D4OLOt8QOqYwP/NZT+BM18DsaDS/D87HjWsNkDPmeGQy/5V2N3bDWLOxu0Y1jKLZ+jAa+5LH0CIW5voBqfyQA+S10sPksQqLn+eSYCYaTa6PCfcrreNpWPZbxL3E8MZoM4hfecIjDEWNhyGonh9uSn0oQgd/xcv1oiWhorciI7BKPPD5gjcltPEqYl98lcWJJ6M3zoGgcgOsapnV+aowhwaoqQbOEDN8VUtHcbCls2Jp+Fl/xOPE913uPgWnsNyHBMDzIjT0n1K3KFIgrvAH2XdqQGnHrZAsADoFKB997ARwENgYaw6E7ZBaJgw8uYPLdeZd/os82OrihETfqZYewLw4TXpVpyTVhMuoww4vXee1xLfBNbolD8vU2f+a4BU90Votd15Uloorfv9fXq7tYZyBkz/z7pPWL9sOQ5Mrf00kMGmwpBqbxe11EaaDwpqNDfCmpbnPEeOaNjj+FroQP/LAZ3418cWlt5MXYOGQYQdU2yvfL7EaLQm68/2BUcMPgCjnoRbDsXgWaOvvGvJrumLHCg99EmkFaP+HIhq/TjJ4AHPkmzF566u7XklgZq84Zq+CJH59cffjbm5qDl5bDplKUBHRBxl9QdGhLRFFyFA8Ie+Y0c7OktMUzOrA8S650nyfgJ0AlryvUr3VuQMMfFKnk+dAApVejyEg44mBAjwz2+KtH8kvzkA4MhDT4Mu/c0Ex9At5dNEWjMNK9pLuX2SQZtCpOZXgvVclTN3tzJQZMTcYCduGHrdQMCLivqmDmIgKa9e78WhMcgLI1tGkT/fcpGoQEJOUcgTYkqhC/MA/rEy17AmZ7cEM9GtvfyeiUS29c9zD+2vP91cLShf2/Qf8RZvOvbTFqB7BJ6BfbHO2KzZzsph+9WPDN9boCMUoO1SK6IKq1S7wdfXNT0dcQ72203yJ/JLZPAd6qvxCHEXzhQ/t9Ox3JzkniY/hBpx2Y/A1W6eJ31RktUqksJ0bjGcQpnZB6pWw7kDKdIoFFIqa3LMVlNlXGkiJOXREuj9mOZ7wmCVimuyPiY2vMv2WpklUofY/INTmQLXWFObJJ8KDnymeoYmLDnIzVqU81a9G2Myt0hrqfMfxxHkWpB8Q==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: wireguard-config
+      namespace: homeassistant
+    type: Secret

apps/homeassistant/overlays/house/wireguard.deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant
+spec:
+  template:
+    spec:
+      containers:
+      - name: wireguard-sidecar
+        image: wireguard
+        securityContext:
+          privileged: true
+
+
+      volumeMounts:
+      - name: wireguard-config
+        mountPath: /config/wg_confs/
+
+      volumes:
+      - name: wireguard-config
+        secret:
+          secretName: wireguard-config
+
+