diff --git a/k8s/README.md b/k8s/README.md
index ec7084b..d4464e2 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -318,13 +318,20 @@ done
 
 ### home-assistant hass
 
+How to generate token (not really required): https://github.com/hahn-th/homematicip-rest-api 
+Using this helm chart: [https://github.com/pajikos/home-assistant-helm-chart](https://github.com/pajikos/home-assistant-helm-chart)
+
 Install chart:
 
 ```sh
+# secret for auth in hass-code
+k apply -f home-assistant/hass-code-auth.secret.yml
+#
 helm repo add pajikos http://pajikos.github.io/home-assistant-helm-chart/
 helm repo update
 #helm show values pajikos/home-assistant > ./home-assistant/home-assistant.yaml
-helm install home-assistant pajikos/home-assistant
+k create ns home-assistant
+helm upgrade --install home-assistant pajikos/home-assistant -n home-assistant -f ./home-assistant/home-assistant.yaml
 ```
 
 ### robusta
diff --git a/k8s/home-assistant/hass-code-auth.secret.yml b/k8s/home-assistant/hass-code-auth.secret.yml
new file mode 100644
index 0000000..56e90d8
--- /dev/null
+++ b/k8s/home-assistant/hass-code-auth.secret.yml
@@ -0,0 +1,13 @@
+# ❯ htpasswd -c htpasswd moritz
+# => ooshi7doh0rutaNazeit
+# ❯ cat htpasswd
+# moritz:$apr1$Wes7/nZG$HvxzpYXrP9Ff0FRCxHnnn1
+# ❯ k create secret generic --from-literal='auth=moritz:$apr1$Wes7/nZG$HvxzpYXrP9Ff0FRCxHnnn1' -o yaml --dry-run=server hass-coder-auth
+apiVersion: v1
+data:
+  auth: bW9yaXR6OiRhcHIxJFdlczcvblpHJEh2eHpwWVhyUDlGZjBGUkN4SG5ubjE=
+kind: Secret
+metadata:
+  name: hass-coder-auth
+  namespace: home-assistant
+type: Opaque
\ No newline at end of file
diff --git a/k8s/home-assistant/home-assistant.yaml b/k8s/home-assistant/home-assistant.yaml
new file mode 100644
index 0000000..6638276
--- /dev/null
+++ b/k8s/home-assistant/home-assistant.yaml
@@ -0,0 +1,217 @@
+# # helm show values pajikos/home-assistant | less
+
+
+# Environment variables
+env:
+- name: TZ
+  value: Europe/Berlin
+# - name: SOME_VAR_FROM_CONFIG_MAP
+#   valueFrom:
+#     configMapRef:
+#       name: configmap-name
+#       key: config-key
+# - name: SOME_SECRET
+#   valueFrom:
+#     secretKeyRef:
+#       name: secret-name
+#       key: secret-key
+
+# Ingress settings
+ingress:
+  # Enable ingress for home assistant
+  enabled: true
+  className: "nginx"
+  annotations:
+    kubernetes.io/ingress.class: "nginx"    
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    kubernetes.io/tls-acme: "true"   
+  hosts:
+    - host: hass.moritzgraf.de
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - "hass.moritzgraf.de"
+    secretName: hass-moritzgraf-de
+
+# Persistence values for the Home Assistant instance
+persistence:
+  # Enable or disable persistence
+  enabled: true
+  # Access mode for the persistent volume claim
+  accessMode: ReadWriteOnce
+  # Size of the persistent volume claim
+  size: 10Gi
+  # Storage class for the persistent volume claim
+  storageClass: ""
+
+configuration:
+  # Enable or disable the configuration setup for Home Assistant
+  enabled: true
+  # Force init will merge the current configuration file with the default configuration on every start
+  # This is useful when you want to ensure that the configuration file is always up to date
+  forceInit: true
+  # List of trusted proxies in the format of CIDR notation in a case of using a reverse proxy
+  # Here is the list of the most common private IP ranges, use your list of possible trusted proxies, usually, it's the IP of the reverse proxy
+  trusted_proxies:
+    - 10.233.0.0/16
+  # Template for the configuration.yaml file
+  # Used the `tpl` function to render the template, so you can use Go template functions
+  templateConfig: |-
+    # Loads default set of integrations. Do not remove.
+    default_config:
+
+    {{- if .Values.ingress.enabled }}
+    http:
+      use_x_forwarded_for: true
+      trusted_proxies:
+        {{- range .Values.configuration.trusted_proxies }}
+        - {{ . }}
+        {{- end }}
+    {{- end}}
+    # Load frontend themes from the themes folder
+    frontend:
+      themes: !include_dir_merge_named themes
+
+    automation: !include automations.yaml
+    script: !include scripts.yaml
+    scene: !include scenes.yaml
+    # moritz custom config
+    prometheus:
+      namespace: hass
+
+  # Init script for the Home Assistant initialization, you can use Go template functions
+  # Script is executed before the Home Assistant container starts and is used to prepare the configuration
+  # Will be executed only if the configuration.enabled is set to true
+  initScript: |-
+    #!/bin/bash
+    set -e
+
+    # Check if the configuration file exists
+    if [ ! -f /config/configuration.yaml ]; then
+      echo "Configuration file not found, creating a new one"
+      cp /config-templates/configuration.yaml /config/configuration.yaml
+    fi
+
+    # Check if the force init is enabled
+    forceInit="{{ .Values.configuration.forceInit }}"
+    if [ "$forceInit" = "true" ]; then
+      echo "Force init is enabled, overwriting the configuration file"
+      current_time=$(date +%Y%m%d_%H%M%S)
+      echo "Backup the current configuration file to configuration.yaml.$current_time"
+      cp /config/configuration.yaml /config/configuration.yaml.$current_time
+      echo "The current configuration file will be merged with the default configuration file with this content:"
+      cat /config-templates/configuration.yaml
+      if [[ ! -s /config/configuration.yaml ]]; then
+        # If /config/configuration.yaml is empty, use the content of /config-templates/configuration.yaml
+        cat /config-templates/configuration.yaml > /config/configuration.yaml
+      else
+        # Perform the merge operation if /config/configuration.yaml is not empty
+        yq eval-all --inplace 'select(fileIndex == 0) *d select(fileIndex == 1)' /config/configuration.yaml /config-templates/configuration.yaml
+      fi
+    fi
+
+    # Check if the automations file exists
+    if [ ! -f /config/automations.yaml ]; then
+      echo "Automations file not found, creating a new one"
+      touch /config/automations.yaml
+      echo "[]" >> /config/automations.yaml
+    fi
+
+    # Check if the scripts file exists
+    if [ ! -f /config/scripts.yaml ]; then
+      echo "Scripts file not found, creating a new one"
+      touch /config/scripts.yaml
+    fi
+
+    # Check if the scenes file exists
+    if [ ! -f /config/scenes.yaml ]; then
+      echo "Scenes file not found, creating a new one"
+      touch /config/scenes.yaml
+    fi
+
+  initContainer:
+    name: setup-config
+    image: mikefarah/yq:4
+    securityContext:
+      runAsUser: 0
+    command: ["/bin/sh", "-c"]
+    args:
+    - /bin/sh /mnt/init/init.sh
+    # env:
+    # - name: FORCE_INIT
+    #   valueFrom:
+    #     configMapKeyRef:
+    #       name: init-script
+    #       key: forceInit
+    # Home Assistant configuration volume will be mounted to /config automatically
+    volumeMounts:
+      - name: init-volume
+        mountPath: /mnt/init/init.sh
+        subPath: init.sh
+      - name: config-volume
+        mountPath: /config-templates
+
+serviceMonitor:
+  # requires HA integration:  https://www.home-assistant.io/integrations/prometheus/
+  enabled: true
+  scrapeInterval: 30s
+  labels:
+    prometheus: haumdaucher
+
+# Addons configuration for additional services
+addons:
+  # Code-server addon configuration
+  codeserver:
+    # Enable or disable the code-server addon
+    enabled: true
+    # # Resource settings for the code-server container
+    # resources: {}
+    # # Image settings for the code-server addon
+    # image:
+    #   # Repository for the code-server image
+    #   repository: ghcr.io/coder/code-server
+    #   # Image pull policy for the code-server image
+    #   pullPolicy: IfNotPresent
+    #   # Tag for the code-server image
+    #   tag: "4.92.2"
+    # Service settings
+    service:
+      # Service type (ClusterIP, NodePort, LoadBalancer, or ExternalName)
+      type: ClusterIP
+      # Service port
+      port: 12321
+    # Ingress settings for the code-server addon
+    ingress:
+      # Enable or disable the ingress for the code-server addon
+      enabled: true
+      # Ingress class name
+      className: "nginx"
+      # Ingress annotations
+      annotations:
+        kubernetes.io/ingress.class: "nginx"    
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/ssl-redirect: "true"
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+        kubernetes.io/tls-acme: "true"
+        nginx.ingress.kubernetes.io/auth-type: basic
+        nginx.ingress.kubernetes.io/auth-secret: hass-coder-auth
+        nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - HASS Coder'
+      # Ingress hosts configuration
+      hosts:
+      - host: hass-coder.moritzgraf.de
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+      # Ingress TLS configuration
+      tls:
+        - hosts:
+          - "hass-coder.moritzgraf.de"
+          secretName: hass-coder-moritzgraf-de
+    # if you need any additional volume mounts, you can define them here
+    additionalMounts: []
+      # - mountPath: /home/coder/.ssh/id_rsa
+      #   name: id-rsa