diff --git a/bundles/homeassistant/files/check_homeassistant_update b/bundles/homeassistant/files/check_homeassistant_update
new file mode 100644
index 0000000..d01d830
--- /dev/null
+++ b/bundles/homeassistant/files/check_homeassistant_update
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+
+from sys import exit
+
+import requests
+from packaging import version
+
+bearer = "${bearer}"
+domain = "${domain}"
+OK = 0
+WARN = 1
+CRITICAL = 2
+UNKNOWN = 3
+
+status = 3
+message = "Unknown Update Status"
+
+
+domain = "hass.home.kunbox.net"
+
+s = requests.Session()
+s.headers.update({"Content-Type": "application/json"})
+
+try:
+    stable_version = version.parse(
+        s.get("https://version.home-assistant.io/stable.json").json()["homeassistant"][
+            "generic-x86-64"
+        ]
+    )
+    s.headers.update(
+        {"Authorization": f"Bearer {bearer}", "Content-Type": "application/json"}
+    )
+    running_version = version.parse(
+        s.get(f"https://{domain}/api/config").json()["version"]
+    )
+    if running_version == stable_version:
+        status = 0
+        message = f"OK - running version {running_version} equals stable version {stable_version}"
+    elif running_version > stable_version:
+        status = 1
+        message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
+    else:
+        status = 2
+        message = f"CRITICAL - update necessary, running verison {running_version} is lower than stable version {stable_version}"
+except Exception as e:
+    message = f"{message}: {repr(e)}"
+
+print(message)
+exit(status)
diff --git a/bundles/homeassistant/files/homeassistant.service b/bundles/homeassistant/files/homeassistant.service
new file mode 100644
index 0000000..d97cec7
--- /dev/null
+++ b/bundles/homeassistant/files/homeassistant.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Home Assistant
+After=network-online.target
+
+[Service]
+Type=simple
+User=homeassistant
+WorkingDirectory=/var/opt/homeassistant
+ExecStart=/opt/homeassistant/venv/bin/hass -c "/var/opt/homeassistant"
+RestartForceExitStatus=100
+
+[Install]
+WantedBy=multi-user.target
diff --git a/bundles/homeassistant/items.py b/bundles/homeassistant/items.py
new file mode 100644
index 0000000..6ceeec4
--- /dev/null
+++ b/bundles/homeassistant/items.py
@@ -0,0 +1,72 @@
+users = {
+    'homeassistant': {
+        'home': '/var/opt/homeassistant',
+    },
+}
+
+directories = {
+    '/opt/homeassistant': {
+        'owner': 'homeassistant',
+    },
+    '/var/opt/homeassistant': {
+        'owner': 'homeassistant',
+    },
+}
+
+files = {
+    '/etc/systemd/system/homeassistant.service': {
+        'triggers': {
+            'action:systemd-reload',
+            'svc_systemd:homeassistant:restart',
+        },
+    },
+    '/usr/local/share/icinga/plugins/check_homeassistant_update': {
+        'content_type': 'mako',
+        'context': {
+            'bearer': repo.vault.decrypt(node.metadata.get('homeassistant/api_secret')),
+            'domain': node.metadata.get('homeassistant/domain'),
+        },
+        'mode': '0755',
+    },
+}
+
+actions = {
+    'homeassistant_create_virtualenv': {
+        'command': 'sudo -u homeassistant /usr/bin/python3 -m virtualenv -p python3 /opt/homeassistant/venv/',
+        'unless': 'test -d /opt/homeassistant/venv/',
+        'needs': {
+            'directory:/opt/homeassistant',
+            'user:homeassistant',
+            'pkg_apt:bluez',
+            'pkg_apt:libffi-dev',
+            'pkg_apt:libssl-dev',
+            'pkg_apt:libjpeg-dev',
+            'pkg_apt:zlib1g-dev',
+            'pkg_apt:autoconf',
+            'pkg_apt:build-essential',
+            'pkg_apt:libopenjp2-7',
+            'pkg_apt:libtiff5',
+            'pkg_apt:libturbojpeg0-dev',
+            'pkg_apt:tzdata',
+        },
+    },
+    'homeassistant_install': {
+        'command': 'sudo -u homeassistant /opt/homeassistant/venv/bin/pip install homeassistant',
+        'unless': 'test -f /opt/homeassistant/venv/bin/hass',
+        'needs': {
+            'action:homeassistant_create_virtualenv',
+        },
+        'triggers': {
+            'svc_systemd:homeassistant:restart',
+        },
+    },
+}
+
+svc_systemd = {
+    'homeassistant': {
+        'needs': {
+            'action:homeassistant_install',
+            'file:/etc/systemd/system/homeassistant.service',
+        },
+    },
+}
diff --git a/bundles/homeassistant/metadata.py b/bundles/homeassistant/metadata.py
new file mode 100644
index 0000000..87855f8
--- /dev/null
+++ b/bundles/homeassistant/metadata.py
@@ -0,0 +1,68 @@
+from bundlewrap.metadata import atomic
+
+defaults = {
+    'apt': {
+        'packages': {
+            'autoconf': {},
+            'bluez':  {},
+            'build-essential': {},
+            'libffi-dev': {},
+            'libjpeg-dev': {},
+            'libopenjp2-7': {},
+            'libssl-dev': {},
+            'libtiff5': {},
+            'libturbojpeg0-dev': {},
+            'python3-packaging': {},
+            'tzdata': {},
+            'zlib1g-dev': {},
+        },
+    },
+    'backups': {
+        'paths': {
+            '/opt/homeassistant',
+            '/var/opt/homeassistant',
+        },
+    },
+}
+@metadata_reactor.provides(
+    'icinga2_api/homeassistant/services/HOMESSISTANT UPDATE',
+)
+def icinga_check_for_new_release(metadata):
+    return {
+        'icinga2_api': {
+            'homeassistant': {
+                'services': {
+                    'HOMEASSISTANT UPDATE': {
+                        'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_homeassistant_update',
+                        'vars.notification.mail': True,
+                        'check_interval': '60m',
+                    },
+                },
+            },
+        },
+    }
+
+@metadata_reactor.provides(
+    'nginx/vhosts/homeassistant',
+)
+def nginx(metadata):
+    if not node.has_bundle('nginx'):
+        raise DoNotRunAgain
+
+    return {
+        'nginx': {
+            'vhosts': {
+                'homeassistant': {
+                    'domain': metadata.get('homeassistant/domain'),
+                    'website_check_path': '/',
+                    'website_check_string': 'Homeassistant',
+                    'locations': {
+                        '/': {
+                            'target': 'http://127.0.0.1:8123',
+                            'websockets': True,
+                        },
+                    },
+                },
+            },
+        },
+    }
diff --git a/nodes/home.hass.toml b/nodes/home.hass.toml
index 34cf68d..b451d32 100644
--- a/nodes/home.hass.toml
+++ b/nodes/home.hass.toml
@@ -1,5 +1,8 @@
 hostname = "172.19.138.25"
-bundles = []
+bundles = [
+    'homeassistant',
+    'nginx'
+]
 groups = ["debian-bullseye"]
 
 [metadata.backups]
@@ -13,3 +16,16 @@ ipv6_accept_ra = true
 [metadata.vm]
 cpu = 2
 ram = 2
+
+[metadata.homeassistant]
+domain = 'hass.home.kunbox.net'
+api_secret = 'encrypt$gAAAAABjpyuqXLoilokQW5c0zV8shHcOzN1zkEbS-I6WAAX-xDO_OF33YbjbkpELU2HGBzqiWX40J0hsaEbYJOnCHFk8gJ-Xt0vdqqbQ5vca_TGPNQHZPAS4qZoPTcUhmX_I-0EdT6ukhxejXFYBiYRZikTLjH3lcNM5qnckCm-H9NbRdjLb9hbCDIjbEglHmBl_g08S1_ukvX3dDSCIHIxgXXGsdK_Go1KxPJd8G22FL_MMhCfsTW-6ioIqoHSeSA1NGk3MZHEIM2errckiopKBxoBaROsacO9Uqk1zrrgXOs2NsgiTRtrbV1TNlFVaIX9mZdsUnMGZ'
+
+[metadata.nginx]
+restrict-to = [
+    '172.19.136.0/25',
+    '172.19.138.0/24',
+]
+
+[metadata.nginx.vhosts.homeassistant]
+ssl = '_.home.kunbox.net'