# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: home-assistant namespace: default spec: interval: 5m chart: spec: chart: app-template version: 3.4.0 sourceRef: kind: HelmRepository name: bjws-charts namespace: flux-system dependsOn: - name: openebs namespace: openebs values: controllers: main: containers: app: image: repository: ghcr.io/onedr0p/home-assistant tag: 2024.12.4 env: TZ: America/New_York #${SERVER_TIMEZONE} HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.0/16 HASS_HTTP_TRUSTED_PROXY_2: 10.0.0.0/8 HASS_SECRET_URL: &hassHost "hass.thin.seanomik.net" #${SECRET_NEW_DOMAIN} HOME_ASSISTANT__HACS_INSTALL: "true" envFrom: - secretRef: name: home-assistant securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: { drop: ["ALL"] } resources: requests: cpu: 10m limits: memory: 2Gi code-server: image: repository: ghcr.io/coder/code-server tag: 4.95.3 args: [ "--auth", "none", "--user-data-dir", "/config/.vscode", "--extensions-dir", "/config/.vscode", "--port", "12321", "/config" ] resources: requests: cpu: 10m limits: memory: 512Mi defaultPodOptions: securityContext: runAsNonRoot: true runAsUser: 568 runAsGroup: 568 fsGroup: 568 fsGroupChangePolicy: OnRootMismatch seccompProfile: { type: RuntimeDefault } service: app: controller: main ports: http: port: 8123 code-server: port: 12321 ingress: app: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure #traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd className: external hosts: - host: *hassHost paths: - path: / service: identifier: app port: http code-server: annotations: cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure #traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd className: internal hosts: - host: "hass-code.internal.thin.seanomik.net" paths: - path: / service: identifier: app port: code-server persistence: config: existingClaim: home-assistant-config globalMounts: - path: /config logs: type: emptyDir globalMounts: - path: /config/logs tts: type: emptyDir globalMounts: - path: /config/tts tmp: type: emptyDir globalMounts: - path: /tmp