diff --git a/hosts/companion/configuration.nix b/hosts/companion/configuration.nix
index f7c336ba..5a8dd5df 100644
--- a/hosts/companion/configuration.nix
+++ b/hosts/companion/configuration.nix
@@ -12,6 +12,7 @@
   imports = [
     ./hardware-configuration.nix
     ./home-controller.nix
+    ./home-assistant.nix
   ];
 
   boot.loader.timeout = lib.mkForce 0;
@@ -42,7 +43,7 @@
   boot.loader.systemd-boot.enable = lib.mkForce false;
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [2380 6443];
+  networking.firewall.allowedTCPPorts = [2380 6443 8080 8123];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
diff --git a/hosts/companion/hardware-configuration.nix b/hosts/companion/hardware-configuration.nix
index 7805d0f3..0c6b6875 100644
--- a/hosts/companion/hardware-configuration.nix
+++ b/hosts/companion/hardware-configuration.nix
@@ -1,22 +1,26 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "uas" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage" "uas"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
 
-  boot.kernelParams = [ "usb-storage.quirks=2109:0716:u,174c:55aa:u" ];
+  #boot.kernelParams = [ "usb-storage.quirks=2109:0716:u,174c:55aa:u" ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.supportedFilesystems = [ ];
+  boot.supportedFilesystems = [];
 
   boot.loader.grub = {
     enable = true;
@@ -38,19 +42,19 @@
     bypassWorkqueues = true;
   };
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-label/root";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/root";
+    fsType = "ext4";
+  };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/5552-1B21";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/5552-1B21";
+    fsType = "vfat";
+  };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-label/swap"; }
-    ];
+  swapDevices = [
+    {device = "/dev/disk/by-label/swap";}
+  ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/hosts/companion/home-assistant.nix b/hosts/companion/home-assistant.nix
new file mode 100644
index 00000000..6ee6df3a
--- /dev/null
+++ b/hosts/companion/home-assistant.nix
@@ -0,0 +1,76 @@
+{
+  self,
+  config,
+  pkgs,
+  ...
+}: {
+  config = {
+    services.mosquitto = {
+      enable = true;
+      listeners = [
+        {
+          users = {
+            z2m.hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ==";
+            ha.hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA==";
+          };
+        }
+      ];
+    };
+
+    services.udev.extraRules = ''KERNEL=="ttyS0", OWNER="zigbee2mqtt", GROUP="zigbee2mqtt"'';
+
+    services.zigbee2mqtt = {
+      enable = true;
+      settings = {
+        frontend = true;
+        permit_join = true;
+        homeassistant = true;
+        options = "-d -d";
+        mqtt = {
+          user = "z2m";
+          password = "!secrets.yaml mqtt_password";
+        };
+        serial = {
+          port = "/dev/ttyS0";
+          adapter = "deconz";
+        };
+        #advanced.network_key = "'!secrets.yaml network_key'";
+      };
+    };
+
+    #users.users.hass.extraGroups = [ "tty" ];
+
+    services.home-assistant = {
+      enable = true;
+      extraComponents = ["fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"];
+      config = {
+        homeassistant = {};
+        http = {
+          ip_ban_enabled = false;
+          use_x_forwarded_for = true;
+          trusted_proxies = [
+            "127.0.0.1"
+            "10.254.0.21"
+            "10.0.1.5"
+            "10.0.1.6"
+            "172.16.0.0/12"
+          ];
+        };
+
+        energy = {};
+        frontend = {};
+        history = {};
+        map = {};
+        my = {};
+        mobile_app = {};
+        network = {};
+        notify = {};
+        person = {};
+        ssdp = {};
+        sun = {};
+        system_health = {};
+        zeroconf = {};
+      };
+    };
+  };
+}