apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: hass
  namespace: hass
spec:
  storageClassName: longhorn-static
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 500Mi

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: hass
  namespace: hass
data:
  configuration.yaml: |
    # Loads default set of integrations. Do not remove.
    default_config:

    http:
      use_x_forwarded_for: true
      trusted_proxies:
        - 10.42.0.0/16

    panel_iframe:
      nodered:
        title: 'Node-Red'
        url: 'https://node-red.bhasher.com'
        icon: mdi:sitemap
        require_admin: true
    
    binary_sensor:
      - platform: ping
        host: 192.168.1.2
        name: "Bhasher's Desktop"
        count: 2
        scan_interval: 30
    
    wake_on_lan:

    switch:
      - platform: wake_on_lan
        name: "WOL Bhasher's Desktop"
        mac: e0:d5:5e:08:3c:d4
        broadcast_address: 192.168.1.255

    recorder: !include recorder.yaml
    automation: !include automations.yaml
    script: !include scripts.yaml
    scene: !include scenes.yaml

---

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: hass
  name: hass
  namespace: hass
  annotations:
    reloader.stakater.com/auto: "true"
spec:
  replicas: 1
  revisionHistoryLimit: 1
  selector:
    matchLabels:
      app: hass
  template:
    metadata:
      labels:
        app: hass
    spec:
      affinity:
        podAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - hass
              topologyKey: kubernetes.io/hostname
            weight: 100
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: hass
      - name: config
        configMap:
          name: hass
      - name: secrets
        secret:
          secretName: hass
      containers:
      - name: hass
        image: homeassistant/home-assistant:latest
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - name: data
          mountPath: "/config"
        - name: config
          mountPath: "/config/configuration.yaml"
          subPath: "configuration.yaml"
        - name: secrets
          mountPath: "/config/recorder.yaml"
          subPath: "recorder.yaml"
        ports:
        - name: http
          containerPort: 8123
          protocol: TCP
        livenessProbe:
          httpGet:
            path: /
            port: http
          failureThreshold: 2
          periodSeconds: 10
        startupProbe:
          httpGet:
            path: /
            port: http
          failureThreshold: 24
          periodSeconds: 5

---

apiVersion: v1
kind: Service
metadata:
  name: hass
  namespace: hass
spec:
  type: ClusterIP
  selector:
    app: hass
  ports:
  - name: http
    port: 8123
    protocol: TCP

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hass
  namespace: hass
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "bhasherca-k3s-issuer"
    cert-manager.io/common-name: "hass.bhasher.com"
    # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
    # nginx.ingress.kubernetes.io/auth-signin: https://idp.bhasher.com
    # #nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
    # nginx.ingress.kubernetes.io/auth-url: https://idp.bhasher.com/api/verify
    # #nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header X-Forwarded-Method $request_method;
spec:
  tls:
  - hosts:
    - hass.bhasher.com
    secretName: hass-tls
  rules:
  - host: hass.bhasher.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: hass
            port:
              number: 8123