apiVersion: v1
kind: ConfigMap
metadata:
  name: home-assistant-configmap
  namespace: home-assistant
data:
  configuration.yaml: |
    http:
      use_x_forwarded_for: true
      trusted_proxies:
        - 10.0.0.0/8
        - fd00::/8
        - 2001:470:7116:a::/64

    auth_header:
      username_header: X-authentik-username
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: home-assistant-config
  namespace: home-assistant
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: cephfs-hyper
  resources:
    requests:
      storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: home-assistant
  namespace: home-assistant
spec:
  replicas: 1
  selector:
    matchLabels:
      app: home-assistant
  template:
    metadata:
      labels:
        app: home-assistant
    spec:
      initContainers:
        - name: copy-config
          image: busybox:1.36
          command:
            - sh
            - -c
            - |
              mkdir -p /config
              cp /src/configuration.yaml /config/configuration.yaml
              chmod 0644 /config/configuration.yaml
          volumeMounts:
            - name: config
              mountPath: /config
            - name: configmap
              mountPath: /src

        - name: install-auth-header
          image: alpine:3.20
          command:
            - sh
            - -c
            - |
              set -e
              apk add --no-cache git
              rm -rf /tmp/hass-auth-header
              git clone --depth=1 https://github.com/BeryJu/hass-auth-header /tmp/hass-auth-header
              mkdir -p /config/custom_components
              rm -rf /config/custom_components/auth_header
              cp -r /tmp/hass-auth-header/custom_components/auth_header /config/custom_components/
          volumeMounts:
            - name: config
              mountPath: /config

      containers:
        - name: home-assistant
          image: ghcr.io/home-assistant/home-assistant:stable
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8123
          volumeMounts:
            - name: config
              mountPath: /config
          env:
            - name: TZ
              value: Europe/Berlin
          resources:
            requests:
              cpu: 200m
              memory: 512Mi
            limits:
              memory: 1Gi

      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: home-assistant-config
        - name: configmap
          configMap:
            name: home-assistant-configmap
---
apiVersion: v1
kind: Service
metadata:
  name: home-assistant
  namespace: home-assistant
spec:
  ipFamilies:
    - IPv6
    - IPv4
  ipFamilyPolicy: PreferDualStack
  selector:
    app: home-assistant
  ports:
    - name: http
      port: 8123
      protocol: TCP
      targetPort: 8123
  sessionAffinity: None
  type: ClusterIP