diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index 5ebea98..f366a60 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -77,6 +77,10 @@
       enable = true;
       subdomain = "search";
     };
+    home-assistant = {
+      enable = true;
+      subdomain = "home";
+    };
   };
   networking = {
     hostId = "c51763d6";
diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix
index f98e680..0a6bb46 100644
--- a/configurations/nixos/defiant/services.nix
+++ b/configurations/nixos/defiant/services.nix
@@ -239,17 +239,6 @@ in {
         };
       };
 
-      home-assistant = {
-        enable = true;
-        config.http = {
-          server_port = 8082;
-          use_x_forwarded_for = true;
-          trusted_proxies = ["127.0.0.1"];
-          ip_ban_enabled = true;
-          login_attempts_threshold = 10;
-        };
-      };
-
       # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres
       nextcloud = {
         enable = true;
@@ -271,16 +260,6 @@ in {
               proxyWebsockets = true;
             };
           };
-          ${config.apps.forgejo.hostname} = {
-            # forceSSL = true;
-            # enableACME = true;
-            locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
-          };
-          ${config.apps.home-assistant.hostname} = {
-            # forceSSL = true;
-            # enableACME = true;
-            locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
-          };
         };
       };
     };
diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix
index c38d60c..38516d8 100644
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@@ -6,5 +6,6 @@
     ./jellyfin.nix
     ./forgejo.nix
     ./searx.nix
+    ./home-assistant.nix
   ];
 }
diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix
new file mode 100644
index 0000000..27b6a55
--- /dev/null
+++ b/modules/nixos-modules/server/home-assistant.nix
@@ -0,0 +1,51 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  configDir = "/var/lib/hass";
+in {
+  options.host.home-assistant = {
+    enable = lib.mkEnableOption "should home-assistant be enabled on this computer";
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+      description = "subdomain of base domain that home-assistant will be hosted at";
+      default = "home-assistant";
+    };
+  };
+
+  config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [
+    {
+      services.home-assistant = {
+        enable = true;
+        config.http = {
+          server_port = 8082;
+          use_x_forwarded_for = true;
+          trusted_proxies = ["127.0.0.1"];
+          ip_ban_enabled = true;
+          login_attempts_threshold = 10;
+        };
+      };
+      host = {
+        reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = {
+          target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
+        };
+      };
+    }
+    (lib.mkIf config.host.impermanence.enable {
+      assertions = [
+        {
+          assertion = config.services.home-assistant.configDir == configDir;
+          message = "home assistant config directory does not match persistence";
+        }
+      ];
+      environment.persistence."/persist/system/root" = {
+        enable = true;
+        hideMounts = true;
+        directories = [
+          configDir
+        ];
+      };
+    })
+  ]);
+}