diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index f35c2d5..15caac2 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -15,6 +15,7 @@
       ./services/flame.nix
       ./services/gitea.nix
       ./services/hedgedoc.nix
+      ./services/home-assistant.nix
       ./services/matrix-synapse.nix
       ./services/metrics
       ./services/minecraft.nix
diff --git a/hosts/defiant/services/home-assistant.nix b/hosts/defiant/services/home-assistant.nix
new file mode 100644
index 0000000..ff7a714
--- /dev/null
+++ b/hosts/defiant/services/home-assistant.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = "ha.home.feal.no";
+in {
+  # Home-assistant - Smart Home Controller
+  # https://www.home-assistant.io/installation/linux#install-home-assistant-container
+  # The container is supposed to run as "privileged", but I believe this is only to allow device access (dongles/radios/etc.)
+
+  virtualisation.oci-containers.containers = {
+    homeassistant = {
+      image = "ghcr.io/home-assistant/home-assistant:2024.1";
+      extraOptions = [
+        "--network=host"
+      ];
+      volumes = [
+        "/tank/services/homeassistant/config:/config"
+      ];
+      environment = {
+        TZ = "Europe/Oslo";
+      };
+    };
+  };
+
+  # Requires addition to configuration.yaml:
+  #  http:
+  #    server_host: 127.0.0.1
+  #    use_x_forwarded_for: true
+  #    trusted_proxies: 127.0.0.1
+  services.nginx.virtualHosts."${domain}" = {
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8123";
+      proxyWebsockets = true;
+    };
+    listen = [
+      { addr = "192.168.10.175"; port = 80; ssl = false; }
+      { addr = "192.168.10.175"; port = 8123; ssl = false; }
+    ];
+  };
+}
+