diff --git a/rpi4.nix b/rpi4.nix
index 2efafa4..3fd71a1 100644
--- a/rpi4.nix
+++ b/rpi4.nix
@@ -8,6 +8,7 @@
     ./system/i18n.nix
     ./services/jellyfin.nix
     ./modules/cfdyndns.nix
+    ./services/home-assistant.nix
   ];
 
   nixpkgs.config.allowUnfree = true;
@@ -41,6 +42,26 @@
     records = [ "home.felschr.com" ];
   };
 
+  services.nginx = {
+    enable = true;
+
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts = {
+      "home.felschr.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://localhost:8123";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+
   programs.zsh.enable = true;
 
   services.openssh.enable = true;
diff --git a/services/home-assistant.nix b/services/home-assistant.nix
new file mode 100644
index 0000000..04359f9
--- /dev/null
+++ b/services/home-assistant.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+with pkgs;
+{
+  services.home-assistant = {
+    enable = true;
+    openFirewall = true;
+    config = {
+      homeassistant = {
+        name = "Home";
+        latitude = "!secret latitude";
+        longitude = "!secret longitude";
+        elevation = 0;
+        unit_system = "metric";
+        temperature_unit = "C";
+        external_url = "https://home.felschr.com";
+        internal_url = "http://192.168.86.233:8123";
+      };
+      default_config = {};
+      config = {};
+      frontend = {};
+      mobile_app = {};
+      discovery = {};
+      zeroconf = {};
+      ssdp = {};
+      shopping_list = {};
+      owntracks = {
+        mqtt_topic = "owntracks/#";
+	secret = "!secret owntracks_secret";
+      };
+    };
+    # configWritable = true; # doesn't work atm
+  };
+}