diff --git a/machines/pedro/configuration.nix b/machines/pedro/configuration.nix
index db5de6e..8604404 100644
--- a/machines/pedro/configuration.nix
+++ b/machines/pedro/configuration.nix
@@ -116,6 +116,7 @@
   virtualisation.oci-containers.containers = let
     serverIP = "192.168.88.21";
   in {
+    home-assistant = import ./home-assistant.nix serverIP;
     pihole = import ./pihole.nix serverIP;
   };
 
@@ -123,6 +124,16 @@
   services = {
     chrony.enable = true;
 
+    fail2ban = {
+      enable = true;
+      maxretry = 5;
+      ignoreIP = [
+        "127.0.0.0/8"     # localhost
+        "192.168.0.0/16"  # LAN
+        "160.91.241.229"  # lucky
+      ];
+    };
+
     gitea = import ./gitea.nix;
 
     nginx = import ./nginx.nix;
diff --git a/machines/pedro/home-assistant.nix b/machines/pedro/home-assistant.nix
new file mode 100644
index 0000000..504ae95
--- /dev/null
+++ b/machines/pedro/home-assistant.nix
@@ -0,0 +1,17 @@
+serverIP :
+{
+  image = "ghcr.io/home-assistant/home-assistant:2022.8.5";
+  #ports = [
+    #"8123:8123"
+  #];
+  volumes = [
+    "/etc/localtime:/etc/localtime:ro"
+    "/serverdata/home-assistant:/config"
+  ];
+  extraOptions = [
+    "--privileged"
+    "--network=host"
+    #"--device /dev/ttyUSB0"
+    #"--device /dev/ttyUSB1"
+  ];
+}