diff --git a/darwin/shiro/services/default.nix b/darwin/shiro/services/default.nix
index 6d4e8008..c10177bc 100644
--- a/darwin/shiro/services/default.nix
+++ b/darwin/shiro/services/default.nix
@@ -6,6 +6,7 @@
     ./zerotier.nix
     ./jellyfin.nix
     ./autossh.nix
+    # ./homeassistant.nix
     # ./aerospace.nix
   ];
 }
diff --git a/darwin/shiro/services/homeassistant.nix b/darwin/shiro/services/homeassistant.nix
new file mode 100644
index 00000000..b17e5ec2
--- /dev/null
+++ b/darwin/shiro/services/homeassistant.nix
@@ -0,0 +1,28 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.systemPackages = [pkgs.arion pkgs.docker-client];
+  virtualisation.docker.enable = lib.mkForce false;
+  virtualisation.podman.enable = true;
+  virtualisation.podman.dockerSocket.enable = true;
+  # users.extraUsers.servius.extraGroups = ["podman"];
+  # networking.firewall.allowedTCPPorts = [21063 21064];
+  # networking.firewall.allowedUDPPorts = [5353];
+
+  virtualisation.arion = {
+    backend = "docker";
+    projects = {
+      homeassistant.settings.services = {
+        homeassistant = {
+          service.image = "ghcr.io/home-assistant/home-assistant:stable";
+          service.volumes = ["/etc/localtime:/etc/localtime:ro" "/run/dbus:/run/dbus:ro"];
+          service.privileged = true;
+          service.network_mode = "host";
+          service.restart = "unless-stopped";
+        };
+      };
+    };
+  };
+}
diff --git a/nixos/mirai/services/default.nix b/nixos/mirai/services/default.nix
index 3ac07c95..7a7db017 100644
--- a/nixos/mirai/services/default.nix
+++ b/nixos/mirai/services/default.nix
@@ -9,6 +9,7 @@
     ./caddy.nix
     ./fail2ban.nix
     ./gitea.nix
+    ./home-assistant.nix
     # ./appflowy.nix
 
     # ./jellyfin.nix
@@ -19,7 +20,6 @@
     # ./nextcloud.nix
     # ./navidrome.nix
     # ./ldap.nix
-    # ./home-assistant.nix
     # ./llama.nix
     # ./nextcloud.nix
   ];
diff --git a/nixos/mirai/services/home-assistant.nix b/nixos/mirai/services/home-assistant.nix
index f55780a9..79714af2 100644
--- a/nixos/mirai/services/home-assistant.nix
+++ b/nixos/mirai/services/home-assistant.nix
@@ -30,8 +30,15 @@
             copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
         }
         reverse_proxy localhost:8123
-
       '';
     };
   };
+  networking.firewall.allowedTCPPorts = [5555 5353 1900 51827 48784 38989 18555];
+  networking.firewall.allowedUDPPorts = [5555];
+  networking.firewall.allowedTCPPortRanges = [
+    {
+      from = 21063;
+      to = 21070;
+    }
+  ];
 }