diff --git a/hosts/home-assistant.cloonar.com/configuration.nix b/hosts/home-assistant.cloonar.com/configuration.nix
new file mode 100644
index 0000000..3fb08e7
--- /dev/null
+++ b/hosts/home-assistant.cloonar.com/configuration.nix
@@ -0,0 +1,48 @@
+{ lib, config, pkgs, ... }:
+let
+  nodePkgs = pkgs.callPackage ./pkgs/playactor/default.nix { };
+in
+{ 
+  imports = [
+    ./utils/modules/sops.nix
+    ./utils/modules/lego/lego.nix
+    ./utils/modules/nginx.nix
+    ./utils/modules/home-assistant/default.nix
+    ./utils/modules/mopidy.nix
+    ./utils/modules/mosquitto.nix
+    ./utils/modules/snapserver.nix
+    ./utils/modules/deconz/default.nix
+    ./utils/modules/borgbackup.nix
+    ./utils/modules/netdata.nix
+
+    ./utils/bento.nix
+    ./utils/modules/autoupgrade.nix
+
+    ./hardware-configuration.nix
+  ];
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  networking.hostName = "home-assistant";
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    nodePkgs.playactor
+    pkgs.jq
+  ];
+
+  # backups
+  borgbackup.repo = "u149513-sub6@u149513-sub6.your-backup.de:borg";
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 22 80 443 ];
+  };
+
+  system.stateVersion = "22.11";
+}
diff --git a/hosts/home-assistant.cloonar.com/hardware-configuration.nix b/hosts/home-assistant.cloonar.com/hardware-configuration.nix
new file mode 100644
index 0000000..2d2d3d2
--- /dev/null
+++ b/hosts/home-assistant.cloonar.com/hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  boot.loader.grub.device = "/dev/sda";
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/b93c9cce-edc0-4019-b5be-29da49652433";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/66de22b5-db14-4a73-8000-e52bdfdd794c"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/home-assistant.cloonar.com/secrets.yaml b/hosts/home-assistant.cloonar.com/secrets.yaml
new file mode 100644
index 0000000..a8c2580
--- /dev/null
+++ b/hosts/home-assistant.cloonar.com/secrets.yaml
@@ -0,0 +1,31 @@
+borg-passphrase: ENC[AES256_GCM,data:Z7JftGp60YzKLXpfqRlIOFBx+WDbOA7nrqyYNeKWR5c2+tSAeQ+nsKxYS8cViIZor+OI8/PwkSgBYmslJ4iHpQ==,iv:d3kvQj2Eheu8uXnXYLmAw4YmL6be43NZJbCCR0RaJdg=,tag:K9LmnJQiyQu1MoHGDq8Jtw==,type:str]
+borg-ssh-key: ENC[AES256_GCM,data:3lAMkLbKLcvPUU+qYgvGINVLtbKY0pHGAzLaQUsX5RUCqPfmhXRtffTjXtSNAdU4dhiu423BMUjjloe1V9nOsr9Z7Mq9cu0X+kSqJjyHpACsGx18BKJH1jBkTv3JF6Hp419UhAJEZ1X9DI5vEb+KPwHshNMAmQ6qGqkqy0UjnpOEzMV53393ZTgiPU5HxhRvGrhYK12SmFshmoT+KC6nZZQNL60vCvGtlGv1qiGW/U2IY3qKZdxO4bw6mETwF2Jc0B+plEe1ArV5HpfklB7OZkKcxXPPzcLwpUGnEyW9dlZxJOTAYr+l6KGacFmBfHied52J4UKfVEOoz3kMMoiL+v7rkD1iP1U2KDUqvTOfQld4MrEDo3tOc+8tbsvIVkUDDA5L/AyPTRcoerk5+TYTQTbEb5EjOGg0ULlpK0BuvlXmrUhrD1OVCSxKPL70FmgR7lkiH5Hkh/0XUXY9GVRR0PfYB4DSVyfwNV3gpGc2n+BLBfIHQGRMeLuevddkl+UaklRCC7+/6kzg83r6ER21bzuo2jLzTC2WEkZ6Iql03CH3rCpArNxIibROovwghLATW2sjYJJpU6L17N+3pyexHmOFOtK1heQqZsAQ3oRB6PwKwDW2ppW3BCFftKV9UI+uzxoheE2hOfkoaEP0+j3DUrpyB/iM12egPnzI7hUuJ9EnCcUXptnoazYz1KvKHXLy65vQh4FjlbFnLqdQQaavoX6OZe5O1RrhkLXt1kHyBS6H8dF6MdWBStMFuXfMFZovAvNa+1rvohYoDWVHTPyj0JaMCs2N7e7tXZGPNoMLRZQC9t/u4663yp3R24DWkzd/CYgEDJVKNgcroqWkXXsKL0D5yfHisnEykD/t7EostAgBuSII+1apjoCbk4WVI8v+bcHIKXtTVStKdnfMYwje1nzLVdCAlHIYTO2dRSJ+2z+dF/l7J3pQ4bK620UIo7nUMWt1vPpIS/cD+k6PqJikjpv1zad8UcUqIiZErKXSOn/hFQ0WkevjlgzeUpj02cjlIOKfSCF65BccEgdUP/V44327z5qzHztEk71qZp9udsLRDJ7z04yYPMuGTsu9hMjzN2sNflFqk29KDF6QJf5eGkbgQKU52iIViKttvLt8JJ1qrmQfuCMzKim6MaDqeOLbLdOKlXlNt+M+STNsZ6jphCzC2ILnpcwxZtCdl4uZJUy7XTRm70ESGY9P3mUXoNaRyyNe02DRr+AHB7hy7cLjv9EcJDjr2tv//3tSh3HKsy7DT7XXW0zU+pk1T7AIVgVaVByqAM9fgEkPFBZQDTB7AMFCnktYvOkK+7waa40A1S1V3o9SdN2WqiOk5vcI6bBI7V0k5SN1kLENICGlnA/v97n6Xd/53eb3GD3/FuDG1Tx4BI5uOuVc1UP+rJGvvg1s8cM3MGmwZXm1tLsrHaDaoDNJXdlwymnyvq/N/JUsSr1GQZeFrbq/LKsJrz24hC+8SzHPyMLNZGyCj6dfYjHC2jaazYKua305eMXv53a4kaZ45aj5v33A8lOeAGFzACbZxsE0SOFKEyYjVWXnZ/HPkgYn7jDxKKX0M3utbMoFU/T9H7S7qAvc4tL0CDq0y6AGc6ejb2OVKC6Fg4TtL2J23i2b5ybGi4ODDn8fXSxB04ovccZ3CzyxDkbrQWiyLGSRrF2yYDItdilnNgS1199dztP6D75UqpVx/u48I+uatpKU/QfD5b5+qduV9SHe9nzPBQuOsyQmUju4DvYrp1xmrTnAPR+UolenkUd+3anCvPVTbv7c/p/yrEQW53mbfABbNlcmrygItWruSkjKiX4JbM5dafrdBwdn+/QeRbDS3TbCHdQfRPuaKAb6LryPGQFNKSgSMpu6SGnQSig31FnyVfZ4tA+ItgAFByEOoK0r1JX2YktHDXsRXwb9wSsDYNl4LCatXkltdiNVC7lPSsMxZjJ5q7VwovjsqoHtBsEhrQJeObJ66ifeQdznPtnW3AFgmI8ms9n2SA942KDf3xtCZWN+lkmCISOXB4ZHh91XGvDFmJ1YmjFNupz5ZAX4MWLsdRj6eSmHkZLhZ7XP++80w3r/tIAqNZbheot/r4uBs5kaFdwIjcrihlIxAC0HNXJ0f4r9vpcUx4WIiYuVmz5BJktD3gCyL2DEGY/6Lq1EXCxf9RGnRo4blV77C5rhgI+a1wirHkhYC+4wU9di+V5PILg1tTKvq9ZLDUhR1FFE06+lfGe9JOwtVIgr7rS+VRqNYEmNSj+r/5L/7MwPQkzFTXfzDZLapR6UoJ64J96m7FwVGHPHctmVcThJ1bDOKziGPoELb7gpiv87pCsFcpegyHAEPfkmE+RwaFH19Rmwn2DFRjxN2RQmcFSoER1nt7Ei2J4O5Fd/Y4yYass4BZnvp2OBu/zORLqxXpMNtvQwNPKPGHQU2x8ukOHehuuxHt1ncFJ92aqSEsdM8jG5CqoSpqTS9FvutGOeWjBXOp89drc9QLqGgSmI4/orizBvJSE3NjSZAtN8/7A3pRSk/H3lmA/nmz8ES8I2FbXi7G245dE8zhFbn2kimP6bOOPrwv42qXoKm1uO2lii63299M+83i75gdpMvDP+4oqC4iryDyBQfT+QmlosGWw8hazf2TGrsHRekQSolw8vzXl1G84B+0tu7Xh/+0oPpCRH7AHV1ena1rGywCVTw3LK1nXGvSyvPmBvdftwCSsh9puFlT5rS5zv38SF1d9v/cguUfei4K+vwmTwZK+qsNTFWf1tWmnSKaK+zM9Gl9ooea/BDHcv0NO6ue4KjAt5Cn6PlFnSbFgQI7GGIkgcWo/2q/dNz85beJWsTHdzrQO2SN3a5FaK8MvnFUwM0Vdv51o80Yxzm8MYp/Rzttc4QpTudCST/HMdqUVJw7yC4FmPNgSJK9Ri6tXt7Io09T/Qizxrw4khxECXNJCFt+xBwD7Fu4QUH3H7/atHpfkT+tH4TE9WUN5WKx8kc/9fb7dep0U0LUZFjvucxeV+jPMEjWAxHHLtA8ZWfgaxbeOHgF+7qVysWD1BmxE3STkQ3zdX7wXGaHDxfyb6PESGghk13JnTRQXDZyPFOvgFiwYm7UrMghTXMi7yIYHzxf+rrM8QU82nZfbINth/qi1qbMTrrSDPd8YebQCI57OSHrI7W8vcoppYyiyGUUIZXQJ+zbOVJj2nuxTyL2aH8kO5skkBw6I9pWTRzEDj+lvMwyJeZ30cK1+sUH0Y9S5UOKRpFDOxYRSI/RiKxtscbaG8DCbLii4Ck/3qfyHO6vdPqMVMObmy9vrt6yG75g3SBkSLMfXcnETcWMusdpI7gVqJaJP3A/bKrb6R/pfFTwalfDcihlm5n7FLhCEV5OCVEfp4+S6U59pc8vsILK+SbRPtTfcYGDQKU+G3ylHFC1UzribgXL/Ij+VqSjvVWTpdV0xFWUSUguGwJOZs9M9po+IkBOvWug1rVanIrHdX7hJxGQ3AO9lEpw==,iv:W3cwoql686CZ/1gvN/2peskuOPj5FnEnQ7bV28+nHJ4=,tag:heszwVzajuFJKQLmT/h6/w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOR2NFU2Q1Wjl1YmNFSXBa
+            S0lZcFdkYmtRTUNiZVRKUkxxTTcrNmZsbWkwCm9xY0dsQzIrN3lzR3luSU1VaUxN
+            bWdRVm1uZmZUc0QwQklzYnowQjgwUlUKLS0tIGw0OEh0aThibTRtNExqeGV1Vjkz
+            NUFqVXo4aVNlMzZNSlJZU3ozeHM0R28KJdZHqBdjssWQdCl/60JEqDRvFsQElQBx
+            ZSCQCKPBmpj0y1/QBeItsRYCnn3rety9ZnD6HUE9Oc0OF4b0ByRZhw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTk41UGFGQktiakQ0VFFN
+            SjgxL1Y4VXF1UTViSVpZSVYzdlFGd0s5aEZjCmc2UXg1SHllYVZ4RXRSUHpXZHl4
+            WEJjcDhTSmNpM3hoWUoyYi84Sm0wTEEKLS0tIHQ2bVJnM0RVQnkvUk92Ulo5OU45
+            U0hkcXFObndTMTN3d1hzcnVyUktKRFkKd0LP3Ex+2oUDphP7alk7jvaj/vu4jM2X
+            MkEOoG8cm/uIIu85Yuz5wRZKhb1tU/1iXTZD6Nc0IcIxRZPl/o0Llw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-01-30T06:47:22Z"
+    mac: ENC[AES256_GCM,data:BcBCbtz0+EiT9oKNY9mBOSWlzg9Jl6+/QY2gO7PnnGQlQ4U0fKbRnu6qQ6Wps7omAHZgkiG1IbeURPPRg6ujs1dQYm1r8ol8D6nTmvZS8bQqFzsP+becpW5aA/aIi60d06WbLOHoecnr6gi58cgIqOhckyDMI2NsXlcFJbHgADc=,iv:ZJnAGMqZACRbfkzpV+ZYrUZ822l130Sye+1TdigbQzk=,tag:WIeyyFWpvqGem+gQY4vb/w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
diff --git a/hosts/home-assistant.cloonar.com/utils b/hosts/home-assistant.cloonar.com/utils
new file mode 120000
index 0000000..6b18391
--- /dev/null
+++ b/hosts/home-assistant.cloonar.com/utils
@@ -0,0 +1 @@
+../../utils
\ No newline at end of file