From d66177eff1d4d9b3cbc1ee9ab9d6cdc3aea944b2 Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Sun, 7 Dec 2025 15:47:59 +0000
Subject: [PATCH] home assistant

---
 .github/workflows/ha.yml        |  46 ++++++++++++
 homeassistant/homeassistant.yml | 119 ++++++++++++++++++++++++++++++++
 2 files changed, 165 insertions(+)
 create mode 100644 .github/workflows/ha.yml
 create mode 100644 homeassistant/homeassistant.yml

diff --git a/.github/workflows/ha.yml b/.github/workflows/ha.yml
new file mode 100644
index 0000000..440535b
--- /dev/null
+++ b/.github/workflows/ha.yml
@@ -0,0 +1,46 @@
+name: Deploy Home Assistant
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  MANIFEST_PATH: "homeassistant/homeassistant.yml"
+
+jobs:
+  deploy:
+    runs-on: mealcraft-runners
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install kubectl
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y curl ca-certificates
+          curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          sudo install -m 0755 kubectl /usr/local/bin/kubectl
+
+      - name: Install envsubst
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gettext
+
+      - name: Configure kubeconfig
+        run: |
+          KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
+          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+          CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+          kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
+          kubectl config set-credentials runner --token="$SA_TOKEN"
+          kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
+          kubectl config use-context runner-context
+
+      - name: Deploy Home Assistant
+        run: |
+          echo "Deploying Home Assistant from $MANIFEST_PATH"
+          kubectl apply -f $MANIFEST_PATH
diff --git a/homeassistant/homeassistant.yml b/homeassistant/homeassistant.yml
new file mode 100644
index 0000000..c5ebd72
--- /dev/null
+++ b/homeassistant/homeassistant.yml
@@ -0,0 +1,119 @@
+##############################################
+# Persistent Volume (hostPath on mist)
+##############################################
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: homeassistant-pv
+spec:
+  capacity:
+    storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: homeassistant-local-storage
+  local:
+    path: /home/kimjunte/k8s_storage/homeassistant
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - mist
+---
+##############################################
+# Persistent Volume Claim
+##############################################
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: homeassistant-pvc
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: homeassistant-local-storage
+  resources:
+    requests:
+      storage: 10Gi
+---
+##############################################
+# Deployment (Home Assistant Core)
+##############################################
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant
+  namespace: default
+  labels:
+    app: homeassistant
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homeassistant
+  template:
+    metadata:
+      labels:
+        app: homeassistant
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: mist
+      containers:
+        - name: homeassistant
+          image: ghcr.io/home-assistant/home-assistant:stable
+          ports:
+            - name: http
+              containerPort: 8123
+          volumeMounts:
+            - name: ha-data
+              mountPath: /config
+          env:
+            - name: TZ
+              value: "Europe/London"
+      volumes:
+        - name: ha-data
+          persistentVolumeClaim:
+            claimName: homeassistant-pvc
+---
+##############################################
+# Service
+##############################################
+apiVersion: v1
+kind: Service
+metadata:
+  name: homeassistant
+  namespace: default
+spec:
+  selector:
+    app: homeassistant
+  ports:
+    - protocol: TCP
+      name: http
+      port: 8123
+      targetPort: 8123
+---
+##############################################
+# IngressRoute (Traefik)
+##############################################
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: homeassistant-ingressroute
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`ha.juntekim.com`)
+      kind: Rule
+      services:
+        - name: homeassistant
+          port: 8123
+  tls:
+    certResolver: myresolver
+    domains:
+      - main: ha.juntekim.com