modified: README.md

modified:   deploy/README.md
renamed:    deploy/rbac.yaml -> deploy/cicd-rbac.yaml

.gitea/workflows/deploy.yaml

@@ -0,0 +1,48 @@
+name: Casa Home Assistant CI/CD Pipeline
+
+on:
+  push:
+    branches:
+      - fix/*
+      - main
+      - master
+  pull_request:
+  schedule:
+    - cron: '0 16 * * 0' # every sunday 4 pm
+
+jobs:
+  deploy:
+    runs-on: casa-vlan-cicd
+    env:
+      GITHUB_TEMP: ${{ runner.temp }}
+      
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Fetch limbo public actions
+        env: 
+          RUNNER_TEMP: "${{ runner.temp }}"
+          WORKSPACE: "${{ gitea.workspace }}"
+        run: |
+          curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
+
+      - name: Setup kubectl
+        uses: ./.gitea/limbo_actions/kubectl-setup
+        with:
+          kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }}
+          kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
+          kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }}
+         
+      - name: Deploy Home Assistant
+        shell: bash
+        env:
+          ENDPOINT_IP: "${{ secrets.CASA_HOMEASSISTANT_ENDPOINT_IP }}"
+          SERVICE_PORT: "${{ secrets.CASA_HOMEASSISTANT_ENDPOINT_SERVICE_PORT }}"
+          INGRESS_ROUTES_MATCH: "${{ secrets.CASA_HOMEASSISTANT_INGRESS_ROUTES_MATCH }}"
+          INGRESS_TLS_SECRET_NAME: "${{ secrets.CASA_HOMEASSISTANT_INGRESS_TLS_SECRET_NAME }}"
+        run: |
+          kubectl apply -f ./deploy/deployment.yaml \
+          && envsubst < ./deploy/service.template.yaml | kubectl apply -f -
+            

.gitignore

@@ -1,5 +1,4 @@
 **.env
-_volumes
-_volumes
 .vscode
-.volumes
+.devcontainer
+.tmp/**

README.md

@@ -0,0 +1,257 @@
+# Home Assistant
+
+Welcome to my Home Assistant setup repository.  
+This repository documents and maintains the Home Assistant instance running in my home, hosted on casa server k3s cluster.  
+Related containers, such as MQTT and speech recognition, are hosted on same cluster.  
+
+**Table of Contents:**
+
+- [Devices](#devices)
+  - [Broadlink - RM4 Pro](#broadlink---rm4-pro)
+  - [ZigBee - Smart Plugs](#zigbee---smart-plugs)
+  - [Shelly - Smart Plugs](#shelly---smart-plugs)
+- [Integrations](#integrations)
+  - [MQTT](#mqtt)
+  - [zigbee2mqtt](#zigbee2mqtt)
+  - [Broadlink](#broadlink)
+  - [Wyoming Protocol](#wyoming-protocol)
+  - [HACS](#hacs)
+  - [Google Cast](#google-cast)
+  - [LG webOS Smart TV](#lg-webos-smart-tv)
+  - [Mobile App](#mobile-app)
+  - [Meteorologisk institutt (Met.no)](#meteorologisk-institutt-metno)
+  - [Pi-hole](#pi-hole)
+  - [Proxmox VE](#proxmox-ve)
+  - [Shelly](#shelly)
+  - [Speedtest.net](#speedtestnet)
+  - [Squeezebox (Lyrion Music Server)](#squeezebox-lyrion-music-server)
+  - [Sun](#sun)
+  - [Time \& Date](#time--date)
+  - [Xbox](#xbox)
+- [Setup](#setup)
+
+## Devices
+
+### Broadlink - RM4 Pro
+
+Using as Ir blaster for living room devices and temperature meter.
+
+![ZigBee Smart Plugs](./docs/images/broadlink-universal-remote-irwifi-rm4-mini.jpg)
+
+**Integrations:**
+
+- [broadlink](#broadlink)
+
+### ZigBee - Smart Plugs
+
+Currently controlling:
+
+- bed room lights
+- dining table lights
+- office room lights
+
+![ZigBee Smart Plugs](./docs/images/51ojy7qoMmL._SL1500_.jpg)
+
+**Integrations:**
+
+- [zigbee2mqtt](#zigbee2mqtt)
+- [mqtt](#mqtt)
+
+### Shelly - Smart Plugs
+
+- brutusplug
+  - shellyplug-s-80646f83bcf2.dev.lan
+  - brutus.dev.lan (proxmox server)
+  
+- gaiaplug
+  - shellyplug-s-80646F80FB14.dev.lan
+  - gaia.dev.lan (proxmox server)
+
+![Shelly - Smart Plug](./docs/images/shellysmartplug.png)
+
+Devices connected to IOT lan.
+
+**Integrations:**
+
+- [shelly](#shelly)
+
+## Integrations
+
+### MQTT
+
+MQTT (Message Queuing Telemetry Transport) is a lightweight, publish/subscribe messaging protocol designed for machine-to-machine (M2M) communication and the Internet of Things (IoT). It operates on top of TCP/IP, making it ideal for resource-constrained devices.
+
+**Setup:**  
+The Mosquitto MQTT broker is configured as the central messaging hub. For setup details, refer to the [Mosquitto setup repository](https://git.limbosolutions.com/marcio.fernandes/mosquitto).
+
+**Requirements:**  
+Ensure port `1883` is accessible from Home Assistant to the Mosquitto server (`mqtt.lan`).
+
+**Links:**  
+
+- [Home Assistant MQTT Integration Documentation](https://www.home-assistant.io/integrations/mqtt)
+
+### zigbee2mqtt
+
+Configured as a docker container on [homesrv01](/marcio.fernandes/homesrv01.dev.lan#zigbee2mqtt).
+
+Using SONOFF Universal Zigbee 3.0 USB Dongle Plus.
+
+### Broadlink
+
+The [broadlink integration](https://www.home-assistant.io/integrations/broadlink) allows you to control and monitor Broadlink universal remotes, smart plugs, power strips, switches and sensors.
+
+![broadlink integration](./docs/images/integrations-broadlink.png).
+
+Devices:
+
+- RM4 mini (IR Blaster)
+
+Requires port 80 access from home assistant to Broadlink devices.
+
+### Wyoming Protocol
+
+A peer-to-peer protocol for voice assistants (basically JSONL + PCM audio)
+
+```json
+{ "type": "...", "data": { ... }, "data_length": ..., "payload_length": ... }
+<data_length bytes (optional)>
+<payload_length bytes (optional)>
+```
+
+Used in Rhasspy and Home Assistant for communication with voice services.
+
+This is an open standard of the Open Home Foundation.
+
+Docker containers currently hosted at [homesrv01.dev.lan](https://git.limbosolutions.com/marcio.fernandes/homesrv01.dev.lan#wyoming).
+
+**Links:**
+
+- <https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md>
+- <https://github.com/rhasspy/wyoming-faster-whisper>
+
+### HACS
+
+**Links:**
+
+- [Official git repo](https://github.com/hacs/integration)
+
+### Google Cast
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/cast)
+- [Official git repo](https://github.com/home-assistant/core/tree/dev/homeassistant/components/cast)
+
+### LG webOS Smart TV
+
+The webostv platform allows you to control a LG webOS Smart TV.
+
+There is currently support for the following device types within Home Assistant:
+
+- Media player
+- Notifications
+
+To begin with enable LG Connect Apps feature in Network settings of the TV.
+
+### Mobile App
+
+The Mobile App integration allows Home Assistant mobile apps to easily integrate with Home Assistant.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/mobile_app)
+
+### Meteorologisk institutt (Met.no)
+
+The met platform uses the Met.no web service as a source for meteorological data for your location. The weather forecast is delivered by the Norwegian Meteorological Institute and the NRK.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/met)
+
+### Pi-hole
+
+The Pi-hole integration allows you to retrieve statistics and interact with a Pi-hole system.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/pi_hole)
+
+### Proxmox VE
+
+Proxmox VE Custom Integration Home Assistant
+
+**Links:**
+
+- [Official integration repo](https://github.com/dougiteixeira/proxmoxve)
+
+### Shelly
+
+Integrate Shelly devices into Home Assistant.
+
+[Devices](#shelly---smart-plugs) connected to IOT lan.
+
+**Firewall rules:**
+
+- allow TCP:80(HTTP) from server homesrv to vlan IOT
+- allow TCP:5683(CoIoT) from vlan IOT to server homesrv
+- allow TCP:80(HTTP) from vlan IOT to server homesrv
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/shelly)
+
+### Speedtest.net
+
+The Speedtest.net integration uses the Speedtest.net web service to measure network bandwidth performance.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/speedtestdotnet)
+
+### Squeezebox (Lyrion Music Server)
+
+The Squeezebox integration allows you to control music players from the Lyrion Music Server (LMS) ecosystem. Lyrion Music Server was previously known as Logitech Media Server.
+
+The Squeezebox music player ecosystem, which can be controlled through this integration, includes hardware audio players from Logitech, including Squeezebox 3rd Generation, Squeezebox Boom, Squeezebox Receiver, Transporter, Squeezebox2, Squeezebox and SLIMP3, and many software emulators like Squeezelite, SqueezeSlave, SoftSqueeze and SqueezePlay.
+
+[Check git repo](/marcio.fernandes/lms) for more information how to setup Lyrion Music Server docker container.
+
+RaspberryPI client:
+
+- <https://git.limbosolutions.com/marcio.fernandes/pi.bluetooth.speaker>
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/squeezebox)
+
+### Sun
+
+The sun integration will use the location as configured in your Home Assistant configuration to track if the sun is above or below the horizon. The sun can be used within automation's as a trigger with an optional offset to simulate dawn/dusk or as a condition with an optional offset to test if the sun has already set or risen.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/sun)
+
+### Time & Date
+
+The time and date (time_date) integration allows one to create sensors for the current date or time in different formats. All values are based on the timezone which is set in “General Configuration”.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/time_date)
+
+### Xbox
+
+The Xbox integration allows you to control Xbox One (or newer) consoles from Home Assistant.
+
+Home Assistant authenticates with Xbox Live through OAuth2 using the Home Assistant Cloud account linking service.
+
+**Links:**
+
+- [Home Assistant - Official integration documentation](https://www.home-assistant.io/integrations/xbox)
+
+## Setup
+
+[Deploy documentation](./deploy/README.md).

deploy/README.md

@@ -0,0 +1,51 @@
+# Home Assistant Deploy
+
+## Namespace
+
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+kubectl create namespace home-assistant
+```
+
+## Deployment
+
+### Environments requirements
+
+``` bash
+#./deploy/.env
+
+export ENDPOINT_IP="xxx.xxx.xxx.xxxx"
+export SERVICE_PORT=xxxx
+export INGRESS_ROUTES_MATCH="Host(`xxxx`)"
+export INGRESS_TLS_SECRET_NAME=xxxxxx
+```
+
+## Test Templates
+
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+source ./deploy/.env \
+&& cat ./deploy/deployment.yaml \
+&& envsubst < ./deploy/service.template.yaml
+```
+
+## Deploy
+
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+source ./deploy/.env \
+&& kubectl apply -f ./deploy/deployment.yaml \
+&& envsubst < ./deploy/service.template.yaml | kubectl apply -f -
+```
+
+## Continuos Deploy
+
+All Environment variables requirements as set as secrets.
+
+[gitea workflow](../.gitea/workflows/deploy.yaml)
+
+## cicd RBAC
+
+```bash { cwd=../ }
+kubectl apply -f ./deploy/cicd-rbac.yaml
+```

deploy/cicd-rbac.yaml

@@ -0,0 +1,34 @@
+
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: home-assistant
+  name: ci-cd
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "statefulsets"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["traefik.io"]
+  resources: ["ingressroutes"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  ci-cd
+  namespace: home-assistant
+subjects:
+- kind: ServiceAccount
+  name: casa-ci-cd
+  namespace: home-assistant
+roleRef:
+  kind: Role
+  name: ci-cd
+  apiGroup: rbac.authorization.k8s.io

deploy/deployment.yaml

@@ -0,0 +1,61 @@
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: home-assistant-config 
+  namespace: home-assistant 
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: local-path 
+---      
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+  labels:
+    app: home-assistant
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: home-assistant
+  template:
+    metadata:
+      labels:
+        app: home-assistant
+    spec:
+      dnsPolicy: ClusterFirstWithHostNet # ensures pod uses cluster DNS (CoreDNS) for service discovery even with host networking
+      hostNetwork: true
+      nodeName: casa # force deploy to master node cluster
+      tolerations:
+        - key: "node-role.kubernetes.io/control-plane" # allow installation on control-plane
+          operator: "Exists"
+          effect: "NoSchedule"
+      containers:
+        - name: home-assistant
+          image: "homeassistant/home-assistant"
+          imagePullPolicy: Always
+          env:
+            - name: TZ
+              value: Europe/Lisbon  # set timezone      
+          volumeMounts:
+            - name: home-assistant-config
+              mountPath: /config
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "400m"
+            limits:
+              memory: "724Mi"
+              cpu: "1000m"
+      volumes:
+        - name: home-assistant-config
+          persistentVolumeClaim:
+            claimName: home-assistant-config

deploy/service-account-secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: casa-ci-cd
+  annotations:
+    kubernetes.io/service-account.name: casa-ci-cd
+type: kubernetes.io/service-account-token

deploy/service-account.yaml

@@ -0,0 +1,6 @@
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: casa-ci-cd
+  namespace: home-assistant

deploy/service.template.yaml

@@ -0,0 +1,42 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+spec:
+  clusterIP: None
+  ports:
+    - port: ${SERVICE_PORT}
+      protocol: TCP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+subsets:
+  - addresses:
+      - ip: ${ENDPOINT_IP}
+    ports:
+      - port: ${SERVICE_PORT}
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: ${INGRESS_ROUTES_MATCH}
+      kind: Rule
+      services:
+        - name: home-assistant
+          port: ${SERVICE_PORT}
+  tls:
+    secretName: ${INGRESS_TLS_SECRET_NAME}

docker/docker-compose.yaml

@@ -1,33 +0,0 @@
-version: '3'
-services:
-  homeassistant:
-    container_name: homeassistant
-    build: .
-    #image: "ghcr.io/home-assistant/raspberrypi4-homeassistant:stable"
-    volumes:
-      - config_data:/config
-      - /etc/localtime:/etc/localtime:ro
-    restart: unless-stopped
-    privileged: true
-    ports:
-      - '10000:80'
-    networks:
-      network:
-        ipv4_address: 192.168.1.252
-#    network_mode: host
-#    networks:
-#      lms_bridge:
-#      pihole_bridge:
-volumes:
-  config_data:
-    name: homeassistant_config
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr=192.168.1.251,rw
-      device: ":/export/docker-volumes/home_assistant/config"
-networks:
-  network:
-    external: true
-    name: macvlan_pub_net
-

docker/dockerfile

@@ -1,6 +0,0 @@
-FROM ghcr.io/home-assistant/raspberrypi4-homeassistant:stable
-RUN apk update&& \
-apk add --update --no-cache sudo bash 
-EXPOSE 22
-
-