# ============================================================================
# Home Assistant + Matter Server  --  runs on the HOME BOX (Pi 5 / N100)
# ----------------------------------------------------------------------------
# THIS DOES NOT RUN ON HETZNER / DOKPLOY.
# It lives in the infra repo for source-control + documentation, but it is
# deployed by hand on the home machine:  `docker compose up -d`
#
# WHY host networking (network_mode: host) is mandatory here:
#   - Tapo cameras are reached over your LAN (RTSP 554 / ONVIF 2020). HA must
#     sit on the same L2 segment to discover + stream them.
#   - mDNS / SSDP / Matter commissioning are MULTICAST. Bridge networking
#     drops multicast at the container boundary, so discovery silently fails.
#   With host mode the container shares the home box's network stack directly.
# ============================================================================
services:
  homeassistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    container_name: homeassistant
    restart: unless-stopped
    network_mode: host          # see header note -- non-negotiable for HA
    volumes:
      - ./config:/config        # all HA state + configuration.yaml lives here
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro  # lets HA see host Bluetooth/dbus (harmless if unused)
    environment:
      - TZ=Asia/Kolkata
    # NOTE: no `ports:` needed -- host mode already exposes :8123 on the box.
    # NOTE: no `privileged` -- only required if you later pass a USB Zigbee/Thread
    #       dongle, which would also need a `devices:` mapping. Not needed for
    #       WiFi / RTSP / Matter-over-WiFi devices.

  # --- Matter controller (you mentioned Matter devices) -------------------
  # HA talks to this over ws://localhost:5580 (add the "Matter" integration in
  # the HA UI and point it there). Comment this whole block out if you want to
  # hold off on Matter for now -- Tapo cameras do NOT need it.
  matter-server:
    image: ghcr.io/home-assistant-libs/python-matter-server:stable
    container_name: matter-server
    restart: unless-stopped
    network_mode: host          # Matter commissioning needs multicast too
    security_opt:
      - apparmor=unconfined     # required for the Matter stack's raw network access
    volumes:
      - ./matter-data:/data
    environment:
      - TZ=Asia/Kolkata