Added Home-Assistant (#75)

* Added Home-Assistant

* Fix Healthcheck

README.md

@@ -16,6 +16,7 @@ If you would like to add your own config, you can use the [service-template](tem
     - [Productivity and Collaboration](#productivity-and-collaboration)
     - [Development Tools](#development-tools)
     - [Monitoring and Analytics](#monitoring-and-analytics)
+    - [Smart Home](#smart-home)
   - [Tailscale Information](#tailscale-information)
     - [Tailscale Funnel vs. Tailscale Serve](#tailscale-funnel-vs-tailscale-serve)
     - [Tailscale Funnel](#tailscale-funnel)
@@ -90,6 +91,12 @@ If you would like to add your own config, you can use the [service-template](tem
 | 📉 **Beszel**            | A lightweight server monitoring hub with historical data, Docker stats, and alerts.      | [Details](services/beszel)            |
 | 🚀 **Speedtest Tracker** | A self-hosted tool to monitor and log internet speed tests with detailed visualizations. | [Details](services/speedtest-tracker) |
 
+### Smart Home
+
+| 🏠 Service            | 📝 Description                                                         | 🔗 Link                           |
+| --------------------- | ---------------------------------------------------------------------- | --------------------------------- |
+| 🏡 **Home Assistant** | An open-source home automation platform for controlling smart devices. | [Details](services/home-assistant) |
+
 ## Tailscale Information
 
 ### Tailscale Funnel vs. Tailscale Serve

services/home-assistant/.env

@@ -0,0 +1,8 @@
+#version=1.0
+#url=https://github.com/2Tiny2Scale/tailscale-docker-sidecar-configs
+#COMPOSE_PROJECT_NAME= // only use in multiple deployments on the same infra
+SERVICE=home-assistant
+IMAGE_URL=ghcr.io/home-assistant/home-assistant:stable
+SERVICEPORT=8123
+TS_AUTHKEY=
+DNS_SERVER=1.1.1.1

services/home-assistant/README.md

@@ -0,0 +1,42 @@
+# Home Assistant with Tailscale Sidecar Configuration  
+
+This Docker Compose configuration sets up **[Home Assistant](https://github.com/home-assistant/)** with Tailscale as a sidecar container to securely manage and access your smart home automation platform over a private Tailscale network. By integrating Tailscale, you can ensure that your Home Assistant instance remains private and accessible only to authorized devices within your Tailscale network.
+
+## Home Assistant  
+
+[Home Assistant](https://github.com/home-assistant/) is an open-source home automation platform that allows you to control and automate smart devices from a unified interface. With support for thousands of integrations, it provides powerful automation capabilities and privacy-focused self-hosted control over your smart home. Pairing Home Assistant with Tailscale ensures a secure, remote-accessible smart home without exposing it to the public internet.
+
+## Key Features  
+
+- **Local Control & Privacy** – Self-hosted and privacy-focused, keeping your data in your home.  
+- **Extensive Integrations** – Supports thousands of smart home devices and services.  
+- **Automation & Customization** – Create complex automations with YAML or visual editors.  
+- **Secure Remote Access** – Pair with Tailscale to safely access your Home Assistant instance from anywhere.  
+
+## Configuration Overview  
+
+In this setup, the `tailscale-homeassistant` service runs Tailscale, which manages secure networking for the Home Assistant service. The `homeassistant` service uses the Tailscale network stack via Docker's `network_mode: service:` configuration. This ensures that Home Assistant’s web interface and smart home control features are only accessible through the Tailscale network (or locally, if preferred), adding an extra layer of security and privacy for your home automation system.  
+
+## Troubleshooting
+
+If you encounter a `400: Bad Request` after deployment, please alter the file `ha-data/config/configurations.yaml` to trust the reverse proxy configuration used by Tailscale. The `configurations.yaml` should look like this.
+
+```plain
+$ cat ha-data/config/configuration.yaml 
+
+# Loads default set of integrations. Do not remove.
+default_config:
+
+# Load frontend themes from the themes folder
+frontend:
+  themes: !include_dir_merge_named themes
+
+automation: !include automations.yaml
+script: !include scripts.yaml
+scene: !include scenes.yaml
+
+http:
+ use_x_forwarded_for: true
+ trusted_proxies:
+   - 127.0.0.1
+```

services/home-assistant/config/serve.json

@@ -0,0 +1,16 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:8123"
+        }
+      }
+    }
+  }
+}

services/home-assistant/docker-compose.yml

@@ -0,0 +1,61 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_SERVE_CONFIG=/config/serve.json # Tailsacale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_EXTRA_ARGS=--accept-dns=true # Uncomment when using MagicDNS
+    volumes:
+      - ${PWD}/config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ${PWD}/ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+      - sys_module # Tailscale requirement
+    #ports:
+    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns: 
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  application:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: app-${SERVICE} # Name for local container management
+    privileged: true
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Amsterdam
+    volumes:
+      - ${PWD}/${SERVICE}-data/config:/config
+      - /etc/localtime:/etc/localtime:ro
+      - /run/dbus:/run/dbus:ro
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    healthcheck:
+      test: "curl --fail http://localhost:8123/ || exit 1" # Check if ${SERVICE} process is running
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 30s # Time to wait before starting health checks
+    restart: always