From cd364fa323ce3c6a64f5e21d97dd9ea96e85526c Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Sun, 26 Oct 2025 23:34:49 +0100
Subject: [PATCH] moore home assistant

---
 apps/homeassistant/{ => base}/deployment.yaml |  1 -
 apps/homeassistant/{ => base}/ingress.yaml    | 10 ++++----
 apps/homeassistant/base/kustomization.yaml    | 20 ++++++++++++++++
 apps/homeassistant/base/name_reference.yaml   | 23 ++++++++++++++++++
 apps/homeassistant/{ => base}/namespace.yaml  |  0
 apps/homeassistant/{ => base}/pvc.yaml        |  0
 apps/homeassistant/{ => base}/service.yaml    |  4 ++--
 .../{ => base}/servicemonitor.yaml            |  0
 apps/homeassistant/kustomization.yaml         | 18 --------------
 .../overlays/flat/ingress.patch.yaml          |  3 +++
 .../overlays/flat/kustomization.yaml          | 14 +++++++++++
 .../overlays/house/ingress.patch.yaml         |  3 +++
 .../overlays/house/kustomization.yaml         | 24 +++++++++++++++++++
 .../house/wireguard-config.sealedsecret.yaml  | 16 +++++++++++++
 .../overlays/house/wireguard.deployment.yaml  | 24 +++++++++++++++++++
 .../homeassistant/application.yaml            |  8 ++++---
 .../homeassistant/house.application.yaml      | 20 ++++++++++++++++
 .../homeassistant/kustomization.yaml          |  3 ++-
 18 files changed, 161 insertions(+), 30 deletions(-)
 rename apps/homeassistant/{ => base}/deployment.yaml (99%)
 rename apps/homeassistant/{ => base}/ingress.yaml (66%)
 create mode 100644 apps/homeassistant/base/kustomization.yaml
 create mode 100644 apps/homeassistant/base/name_reference.yaml
 rename apps/homeassistant/{ => base}/namespace.yaml (100%)
 rename apps/homeassistant/{ => base}/pvc.yaml (100%)
 rename apps/homeassistant/{ => base}/service.yaml (79%)
 rename apps/homeassistant/{ => base}/servicemonitor.yaml (100%)
 delete mode 100644 apps/homeassistant/kustomization.yaml
 create mode 100644 apps/homeassistant/overlays/flat/ingress.patch.yaml
 create mode 100644 apps/homeassistant/overlays/flat/kustomization.yaml
 create mode 100644 apps/homeassistant/overlays/house/ingress.patch.yaml
 create mode 100644 apps/homeassistant/overlays/house/kustomization.yaml
 create mode 100644 apps/homeassistant/overlays/house/wireguard-config.sealedsecret.yaml
 create mode 100644 apps/homeassistant/overlays/house/wireguard.deployment.yaml
 create mode 100644 kluster-deployments/homeassistant/house.application.yaml

diff --git a/apps/homeassistant/deployment.yaml b/apps/homeassistant/base/deployment.yaml
similarity index 99%
rename from apps/homeassistant/deployment.yaml
rename to apps/homeassistant/base/deployment.yaml
index acaff0d..1537a08 100644
--- a/apps/homeassistant/deployment.yaml
+++ b/apps/homeassistant/base/deployment.yaml
@@ -34,4 +34,3 @@ spec:
         - name: config-dir
           persistentVolumeClaim:
             claimName: config
-
diff --git a/apps/homeassistant/ingress.yaml b/apps/homeassistant/base/ingress.yaml
similarity index 66%
rename from apps/homeassistant/ingress.yaml
rename to apps/homeassistant/base/ingress.yaml
index 7cb14ff..fbbdfc3 100644
--- a/apps/homeassistant/ingress.yaml
+++ b/apps/homeassistant/base/ingress.yaml
@@ -1,17 +1,17 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: homeassistant-ingress
+  name: homeassistant
 spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`home.kluster.moll.re`) && !Path(`/api/prometheus`)
+    - match: Host(`homeassistant.kluster.moll.re`)
       middlewares:
-        - name: homeassistant-websocket
+        - name: homeassistant
       kind: Rule
       services:
-        - name: homeassistant-web
+        - name: homeassistant
           port: 8123
   tls:
     certResolver: default-tls
@@ -19,7 +19,7 @@ spec:
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-  name: homeassistant-websocket
+  name: homeassistant
 spec:
   headers:
     customRequestHeaders:
diff --git a/apps/homeassistant/base/kustomization.yaml b/apps/homeassistant/base/kustomization.yaml
new file mode 100644
index 0000000..c677179
--- /dev/null
+++ b/apps/homeassistant/base/kustomization.yaml
@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # - namespace.yaml # not managed by kustomize but created as needed by the argo app. creates conflicts otherwise since both overlays share the same namespace
+  - ingress.yaml
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - servicemonitor.yaml
+
+
+images:
+  - name: homeassistant
+    newName: homeassistant/home-assistant
+    newTag: "2025.10"
+
+configurations:
+  # allow nameReference to work with different mentions of the same resource as well
+  - name_reference.yaml
diff --git a/apps/homeassistant/base/name_reference.yaml b/apps/homeassistant/base/name_reference.yaml
new file mode 100644
index 0000000..8df8c7f
--- /dev/null
+++ b/apps/homeassistant/base/name_reference.yaml
@@ -0,0 +1,23 @@
+nameReference:
+  # Tie target Service metadata.name to other ingressroute fields
+  - kind: Service
+    fieldSpecs:
+      # rewrite the backend service name
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/services/name
+
+      # adapt the ingress url
+      # DOES NOT WORK
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: /spec/routes/match
+        create: false
+
+      # adapt any middleware names
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/middlewares/name
diff --git a/apps/homeassistant/namespace.yaml b/apps/homeassistant/base/namespace.yaml
similarity index 100%
rename from apps/homeassistant/namespace.yaml
rename to apps/homeassistant/base/namespace.yaml
diff --git a/apps/homeassistant/pvc.yaml b/apps/homeassistant/base/pvc.yaml
similarity index 100%
rename from apps/homeassistant/pvc.yaml
rename to apps/homeassistant/base/pvc.yaml
diff --git a/apps/homeassistant/service.yaml b/apps/homeassistant/base/service.yaml
similarity index 79%
rename from apps/homeassistant/service.yaml
rename to apps/homeassistant/base/service.yaml
index 5916e74..f93dcea 100644
--- a/apps/homeassistant/service.yaml
+++ b/apps/homeassistant/base/service.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: homeassistant-web
+  name: homeassistant
   labels:
     app: homeassistant
 spec:
@@ -10,4 +10,4 @@ spec:
   ports:
   - port: 8123
     targetPort: 8123
-    name: http
\ No newline at end of file
+    name: http
diff --git a/apps/homeassistant/servicemonitor.yaml b/apps/homeassistant/base/servicemonitor.yaml
similarity index 100%
rename from apps/homeassistant/servicemonitor.yaml
rename to apps/homeassistant/base/servicemonitor.yaml
diff --git a/apps/homeassistant/kustomization.yaml b/apps/homeassistant/kustomization.yaml
deleted file mode 100644
index b329b67..0000000
--- a/apps/homeassistant/kustomization.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: homeassistant
-
-resources: 
-  - namespace.yaml
-  - ingress.yaml
-  - pvc.yaml
-  - service.yaml
-  - deployment.yaml
-  - servicemonitor.yaml
-
-
-images:
-  - name: homeassistant
-    newName: homeassistant/home-assistant
-    newTag: "2025.10"
diff --git a/apps/homeassistant/overlays/flat/ingress.patch.yaml b/apps/homeassistant/overlays/flat/ingress.patch.yaml
new file mode 100644
index 0000000..92a8c7e
--- /dev/null
+++ b/apps/homeassistant/overlays/flat/ingress.patch.yaml
@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/routes/0/match
+  value: Host(`home.kluster.moll.re`)
diff --git a/apps/homeassistant/overlays/flat/kustomization.yaml b/apps/homeassistant/overlays/flat/kustomization.yaml
new file mode 100644
index 0000000..a507a9a
--- /dev/null
+++ b/apps/homeassistant/overlays/flat/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+namespace: homeassistant
+nameSuffix: -flat
+
+
+patches:
+  - path: ingress.patch.yaml
+    target:
+      kind: IngressRoute
diff --git a/apps/homeassistant/overlays/house/ingress.patch.yaml b/apps/homeassistant/overlays/house/ingress.patch.yaml
new file mode 100644
index 0000000..ce101e7
--- /dev/null
+++ b/apps/homeassistant/overlays/house/ingress.patch.yaml
@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/routes/0/match
+  value: Host(`home-house.kluster.moll.re`)
diff --git a/apps/homeassistant/overlays/house/kustomization.yaml b/apps/homeassistant/overlays/house/kustomization.yaml
new file mode 100644
index 0000000..cd4ee36
--- /dev/null
+++ b/apps/homeassistant/overlays/house/kustomization.yaml
@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+  - wireguard-config.sealedsecret.yaml
+
+
+namespace: homeassistant
+nameSuffix: -house
+
+images:
+  - name: wireguard
+    newName: ghcr.io/linuxserver/wireguard
+    newTag: "1.0.20250521"
+
+patches:
+  - path: wireguard.deployment.yaml
+    target:
+      kind: Deployment
+      name: homeassistant
+  - path: ingress.patch.yaml
+    target:
+      kind: IngressRoute
diff --git a/apps/homeassistant/overlays/house/wireguard-config.sealedsecret.yaml b/apps/homeassistant/overlays/house/wireguard-config.sealedsecret.yaml
new file mode 100644
index 0000000..f43cb70
--- /dev/null
+++ b/apps/homeassistant/overlays/house/wireguard-config.sealedsecret.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: wireguard-config
+  namespace: homeassistant
+spec:
+  encryptedData:
+    wireguard.conf: AgAw9RQNHoSMrlB48rp83iKm3S5nsvF4LfAjTVysBh0dD8D8IbcdT6yOrNz5lPRia7nDv46mryOdLWjqZeiy61PqDcfsgogN8LvVpzEgFOiHFDwzz7pILwoMJhZ7YyTNviZpLkOcDsErsCYDKqGAh9jxEul2OLsoFha8iwbEc0EQftMTkt0t57PS6/AozXe9yoDG8epWINdmbiwtUHcWT5jmwDhl0O8YLsTr01GiF8DSRKaaj3cMcbXZr2Y/xU8C9MDzOwTpRNw9WfK5MiFPNWWUQYzgEqodoMaLPc2Q6HJn7JP6lQaYNEJSVfqvEaxnck4YMAIUwAncgjqvGL9yivQZHgfDwOftYb/IoiImJeiUadcnOQrBahBzRuSmmjTxqMaKXExOyu/r4d9yRncdyGKc5HoB6ZyNKvxQOHPjUMtwZ6QvHvLmP5tbQoRcD1YR9Q0uu1tQvZrBE/XKGB5lsEAl30h8ptVVT19DuPcsT0yTLoz9HWy7u5X1QvSixPch/7vmddDj/leRwf6sfbwEJqQ2yGjEjSkATB3F8Ohb/2AM420et5TtoGbLGmAJLAoiV/ZY5Xktnw1CDNI4QkQsl2g8hsQ8UgQNJ24SsjzjFTaG92y4VjZ+7EF5iS8OTazJkGbbNe9DqYnfN6ADTyX/SHtLnR2Qz2WWFf07W7IqGQcADHoj9LMgJjXxXW+uNrinFUAh0RtdpyT1p7SXNvKxuSCz44ghNNNxUb9xzF+6vsy9Wppnxyc72RZuOUwew86gK2XMsqCSZ3VvF03dZsrbgiVj2UrwQBQnwyJdYjlFwLa5WkjLLcDwFPNjRrJQKOuPknQ8+bjIekIFmTZ6Yu2d2UL/bFKurHUBrdOgOOR+uocBaYNoDhnmq7Lghy+5U8uQfs2TJq9fcq0a0ldFDB+Lahg9pLcosplEEtMSW5MSZRxXvvx/roQGLRlUy8hgZFuGvLfRSNjQVBUi1OcRTZaKliF8GVOHTSm8Xxt1Hi13JvVrg/HwB9gt3Dgb2IWPEtz3YZnhzKISSd3s6NjE4qPdJgdK8VzOAV00JX6v0tSi3HuKoKc4g9TgafKVb6pUOt92IhxQBans8k8qNoJ1U+i5Lw+VLNiwMszU7ZCa+h8F1GD3suducZsmVOfl2YpKbpuBwnKVdhn4q/44QX64xmQkOJxAPIyw8DswjhCyQDvrYkfgtj301Cmed2d89rQOcLT/t2twoJ9Q9N/s8qpTaI2GAPOgQlyKtnFKWxGGajnCJdMOKbAnuxGmtS0VOaKiX5hxYwvov/t9jZci456Icd4hNd/HvRh8kYuO4A==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: wireguard-config
+      namespace: homeassistant
+    type: Opaque
diff --git a/apps/homeassistant/overlays/house/wireguard.deployment.yaml b/apps/homeassistant/overlays/house/wireguard.deployment.yaml
new file mode 100644
index 0000000..a546531
--- /dev/null
+++ b/apps/homeassistant/overlays/house/wireguard.deployment.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant
+spec:
+  template:
+    spec:
+      containers:
+      - name: wireguard-sidecar
+        image: wireguard
+        securityContext:
+          privileged: true
+
+
+      volumeMounts:
+      - name: wireguard-config
+        mountPath: /config/wg_confs/
+
+      volumes:
+      - name: wireguard-config
+        secret:
+          secretName: wireguard-config
+
+
diff --git a/kluster-deployments/homeassistant/application.yaml b/kluster-deployments/homeassistant/application.yaml
index ed70b4e..0dbdbb9 100644
--- a/kluster-deployments/homeassistant/application.yaml
+++ b/kluster-deployments/homeassistant/application.yaml
@@ -1,18 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: homeassistant-application
+  name: homeassistant-flat-application
   namespace: argocd
 spec:
   project: apps
   source:
     repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
     targetRevision: main
-    path: apps/homeassistant
+    path: apps/homeassistant/overlays/flat
   destination:
     server: https://kubernetes.default.svc
     namespace: homeassistant
   syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
     automated:
       prune: true
-      selfHeal: true
\ No newline at end of file
+      selfHeal: true
diff --git a/kluster-deployments/homeassistant/house.application.yaml b/kluster-deployments/homeassistant/house.application.yaml
new file mode 100644
index 0000000..995704b
--- /dev/null
+++ b/kluster-deployments/homeassistant/house.application.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: homeassistant-house-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/homeassistant/overlays/house
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: homeassistant
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/kluster-deployments/homeassistant/kustomization.yaml b/kluster-deployments/homeassistant/kustomization.yaml
index 0b082ba..79ad226 100644
--- a/kluster-deployments/homeassistant/kustomization.yaml
+++ b/kluster-deployments/homeassistant/kustomization.yaml
@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- application.yaml
\ No newline at end of file
+- application.yaml
+- house.application.yaml