moore home assistant

apps/homeassistant/base/deployment.yaml

@@ -34,4 +34,3 @@ spec:
         - name: config-dir
           persistentVolumeClaim:
             claimName: config
-

apps/homeassistant/base/ingress.yaml

@@ -1,17 +1,17 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: homeassistant-ingress
+  name: homeassistant
 spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`home.kluster.moll.re`) && !Path(`/api/prometheus`)
+    - match: Host(`homeassistant.kluster.moll.re`)
       middlewares:
-        - name: homeassistant-websocket
+        - name: homeassistant
       kind: Rule
       services:
-        - name: homeassistant-web
+        - name: homeassistant
           port: 8123
   tls:
     certResolver: default-tls
@@ -19,7 +19,7 @@ spec:
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-  name: homeassistant-websocket
+  name: homeassistant
 spec:
   headers:
     customRequestHeaders:

apps/homeassistant/base/kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # - namespace.yaml # not managed by kustomize but created as needed by the argo app. creates conflicts otherwise since both overlays share the same namespace
+  - ingress.yaml
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - servicemonitor.yaml
+
+
+images:
+  - name: homeassistant
+    newName: homeassistant/home-assistant
+    newTag: "2025.10"
+
+configurations:
+  # allow nameReference to work with different mentions of the same resource as well
+  - name_reference.yaml

apps/homeassistant/base/name_reference.yaml

@@ -0,0 +1,23 @@
+nameReference:
+  # Tie target Service metadata.name to other ingressroute fields
+  - kind: Service
+    fieldSpecs:
+      # rewrite the backend service name
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/services/name
+
+      # adapt the ingress url
+      # DOES NOT WORK
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: /spec/routes/match
+        create: false
+
+      # adapt any middleware names
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/middlewares/name

apps/homeassistant/base/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: homeassistant-web
+  name: homeassistant
   labels:
     app: homeassistant
 spec:
@@ -10,4 +10,4 @@ spec:
   ports:
   - port: 8123
     targetPort: 8123
-    name: http
+    name: http

apps/homeassistant/kustomization.yaml

@@ -1,18 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: homeassistant
-
-resources: 
-  - namespace.yaml
-  - ingress.yaml
-  - pvc.yaml
-  - service.yaml
-  - deployment.yaml
-  - servicemonitor.yaml
-
-
-images:
-  - name: homeassistant
-    newName: homeassistant/home-assistant
-    newTag: "2025.10"

apps/homeassistant/overlays/flat/ingress.patch.yaml

@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/routes/0/match
+  value: Host(`home.kluster.moll.re`)

apps/homeassistant/overlays/flat/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+namespace: homeassistant
+nameSuffix: -flat
+
+
+patches:
+  - path: ingress.patch.yaml
+    target:
+      kind: IngressRoute

apps/homeassistant/overlays/house/ingress.patch.yaml

@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/routes/0/match
+  value: Host(`home-house.kluster.moll.re`)

apps/homeassistant/overlays/house/kustomization.yaml

@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+  - wireguard-config.sealedsecret.yaml
+
+
+namespace: homeassistant
+nameSuffix: -house
+
+images:
+  - name: wireguard
+    newName: ghcr.io/linuxserver/wireguard
+    newTag: "1.0.20250521"
+
+patches:
+  - path: wireguard.deployment.yaml
+    target:
+      kind: Deployment
+      name: homeassistant
+  - path: ingress.patch.yaml
+    target:
+      kind: IngressRoute

apps/homeassistant/overlays/house/wireguard-config.sealedsecret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: wireguard-config
+  namespace: homeassistant
+spec:
+  encryptedData:
+    wireguard.conf: AgAw9RQNHoSMrlB48rp83iKm3S5nsvF4LfAjTVysBh0dD8D8IbcdT6yOrNz5lPRia7nDv46mryOdLWjqZeiy61PqDcfsgogN8LvVpzEgFOiHFDwzz7pILwoMJhZ7YyTNviZpLkOcDsErsCYDKqGAh9jxEul2OLsoFha8iwbEc0EQftMTkt0t57PS6/AozXe9yoDG8epWINdmbiwtUHcWT5jmwDhl0O8YLsTr01GiF8DSRKaaj3cMcbXZr2Y/xU8C9MDzOwTpRNw9WfK5MiFPNWWUQYzgEqodoMaLPc2Q6HJn7JP6lQaYNEJSVfqvEaxnck4YMAIUwAncgjqvGL9yivQZHgfDwOftYb/IoiImJeiUadcnOQrBahBzRuSmmjTxqMaKXExOyu/r4d9yRncdyGKc5HoB6ZyNKvxQOHPjUMtwZ6QvHvLmP5tbQoRcD1YR9Q0uu1tQvZrBE/XKGB5lsEAl30h8ptVVT19DuPcsT0yTLoz9HWy7u5X1QvSixPch/7vmddDj/leRwf6sfbwEJqQ2yGjEjSkATB3F8Ohb/2AM420et5TtoGbLGmAJLAoiV/ZY5Xktnw1CDNI4QkQsl2g8hsQ8UgQNJ24SsjzjFTaG92y4VjZ+7EF5iS8OTazJkGbbNe9DqYnfN6ADTyX/SHtLnR2Qz2WWFf07W7IqGQcADHoj9LMgJjXxXW+uNrinFUAh0RtdpyT1p7SXNvKxuSCz44ghNNNxUb9xzF+6vsy9Wppnxyc72RZuOUwew86gK2XMsqCSZ3VvF03dZsrbgiVj2UrwQBQnwyJdYjlFwLa5WkjLLcDwFPNjRrJQKOuPknQ8+bjIekIFmTZ6Yu2d2UL/bFKurHUBrdOgOOR+uocBaYNoDhnmq7Lghy+5U8uQfs2TJq9fcq0a0ldFDB+Lahg9pLcosplEEtMSW5MSZRxXvvx/roQGLRlUy8hgZFuGvLfRSNjQVBUi1OcRTZaKliF8GVOHTSm8Xxt1Hi13JvVrg/HwB9gt3Dgb2IWPEtz3YZnhzKISSd3s6NjE4qPdJgdK8VzOAV00JX6v0tSi3HuKoKc4g9TgafKVb6pUOt92IhxQBans8k8qNoJ1U+i5Lw+VLNiwMszU7ZCa+h8F1GD3suducZsmVOfl2YpKbpuBwnKVdhn4q/44QX64xmQkOJxAPIyw8DswjhCyQDvrYkfgtj301Cmed2d89rQOcLT/t2twoJ9Q9N/s8qpTaI2GAPOgQlyKtnFKWxGGajnCJdMOKbAnuxGmtS0VOaKiX5hxYwvov/t9jZci456Icd4hNd/HvRh8kYuO4A==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: wireguard-config
+      namespace: homeassistant
+    type: Opaque

apps/homeassistant/overlays/house/wireguard.deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant
+spec:
+  template:
+    spec:
+      containers:
+      - name: wireguard-sidecar
+        image: wireguard
+        securityContext:
+          privileged: true
+
+
+      volumeMounts:
+      - name: wireguard-config
+        mountPath: /config/wg_confs/
+
+      volumes:
+      - name: wireguard-config
+        secret:
+          secretName: wireguard-config
+
+

kluster-deployments/homeassistant/application.yaml

@@ -1,18 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: homeassistant-application
+  name: homeassistant-flat-application
   namespace: argocd
 spec:
   project: apps
   source:
     repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
     targetRevision: main
-    path: apps/homeassistant
+    path: apps/homeassistant/overlays/flat
   destination:
     server: https://kubernetes.default.svc
     namespace: homeassistant
   syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
     automated:
       prune: true
-      selfHeal: true
+      selfHeal: true

kluster-deployments/homeassistant/house.application.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: homeassistant-house-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/homeassistant/overlays/house
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: homeassistant
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

kluster-deployments/homeassistant/kustomization.yaml

@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- application.yaml
+- application.yaml
+- house.application.yaml