diff --git a/kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml b/kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml
new file mode 100644
index 00000000..7d4236df
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: ebusd-config-deploy-key
+type: kubernetes.io/ssh-auth
+stringData:
+    ssh-privatekey: ENC[AES256_GCM,data:FgLKm8XNvj7PisZNng0vJ9sd3qHMfKRmoP4vDuy93cusYV7HmR+zI4hM1lZ93lHC5flj20OqW1MSIBkclrRuB95hMFl8o9gfYNrph0MCTk192FbMFYD0K4MDrXYtWXMdv+cg6WLYahBeiCObK69DjzewD3RritiDZLLW5sgR/U1DGSBiFgGxfkC0Qc22r6IzY0fb6qu0/5GKIFRCdO11HKp9AIRPheiAaBRSiZRHtXcvdfNwzoOCeNf6TXyVeDhDrX8hTOzTMrsDVq85+NeTF3cMjdoSjv/q2Qbq8xasFcYh1Uk95qAv7ufIDFBvYkPLHVmQR8GdMUif1T/OH/AwvkiW8s3BVNrXI13yzd4A9MUdGuic+fhR26WTBbPqgM/QBUoPFGxaJEmoQNvX4eQrXfzs2ukyu+EDPCshcS8Xb9cuX8nbUzX9RAcnYYKhRzPofSEWhOrSZjW/5DoBcqJ9vwVi0I4YWGBzTl51dzM1Be0piO4G7pVZJTL1YqNgRmGxc8/YTLb7e51sry5A32vG1OTlJnkeeLCRdrJTzaMKhgVs0fU=,iv:nuh1/y4b9pdacvKiaGHctrZjP9nfMmF21fea2hc4tCQ=,tag:/Hzw+9TS/ghbOZwnsxTPsg==,type:str]
+    ssh-privatekey-type: ENC[AES256_GCM,data:7ArBiHJgrw==,iv:HARFrYhoAvM1CjbUUQh9/nMtRll8nIEprjn33Gsk4Jc=,tag:BvfzrVLaz8yBCj5f8CMDYw==,type:str]
+    ssh-known-hosts: ENC[AES256_GCM,data:QOBt7z+ErV81bhnZKZzOJLlxH3hePo54XvXa5t9enJq56Ei8hUEwpUNW1M+bcDQmRn7XvjtQr9RB796Dh0rLYBGn0QzvilOL22ZHLYq0FurD/lhhRq9YUXjd0TBttkW2xssSVj8Aq9ZM+ym01tBU2xjrVpxmqo0ktVDlogx60CYjPw38phHEuTNNkLFcBQKWvZXCltTA/S34rM1vK+vAhrMSMZk00jLOMJ69JmVbfkWI+hmB/MPNpz+HIVXfGHfpn8sedMjkhPvbsp8z3dGRDcbwAcE4lrHrZIjyDO882FMJ+2v+PZACtvI49n9k8ihquFRrsBkPbc0WnnOCSbq4+MGh4XvBHQdNFgsYV8zf206BVzENOKF661Ds++Rz6ytjguiols482r1yziBR6L1/AnXze95oNd5dGUzYEvXN+Hl60/t2dwOzjeBCYn6ekw0PRpYE970kCA31I1KavepUaeIBtxCn7GFAhYVWEwQFI7MyR77K6a7TbsdDukfkHww8XjcoQSm+/5XSsLAbBoqqPv8f2LcwV2YXkDX8KrwlNPZoxghH1rFXzhTEKg1ErUJNt96nAJ3cr4kfsyWnq3aA6cyimoRjdhW4JPbx13ubuz4b19Fu/9sKxGJG8akJU+1Bz8KXLV9uJjOQO91qi5+dDk1w8Hvu9GX3wnS0EiaCLh8tVNDDdtdtATUPS+MZEkMVFTGYfW0auRR2nfoPyTJgpvtRxi7dToxKpA67jacj+j4NQRwm0sKamwDN0xBWfENeuaZ/NHbFWzC+xssZmSeA/FRTPmdEpLQQ8jcG+MI9Fc8xnd+Ydz/GCv6TdWPazww0C6X4ERTBk5eo9BEMAjDo8jF9A5aRDThgx/rxeDz01G0JgYzDR1rPZWJLTpHenJOx6sjzRQukHHi1dK0aMaP9JNfuARAgx0/H4/xxRRsV6QTd6H7rbsMxPyXQMMeAjM9t1l0cnhxglR/wUiW6GJi3LnfXDvRVx2KQDetO605zI6O4ZDUtEgTNlZ2PotZ42/hhDRF56GmhF5z8XU1KLEhVG0N0rZXxB5NmNQtHbu5Wx9qpUHe7YgTvAHIbUzkvf4VZ0sTxuxMNYvXONEEu,iv:SG9Rjm6OO69IVNtdE6wtdqApW0svCUTYHtMH1/FxluA=,tag:+Zuaf+b7LaOlOUlgKyb0IA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2FNUlZqWFFtUGRPUE5o
+            Rm0zNmplVE9ocTVaQ3V4OFRwRDJXVkF2MEJjCjBZS1Y3RFFXcHVZQmU4ejV6QTlT
+            QVh0bXZzNy9aTTllQ1FaRGtwM25SaDgKLS0tIDd0U2Y1MU5oL0RsUjg0UHZleC9D
+            aVNLZzdlbmFHVXVQMldXa0VvRHJoU0EKWzThM5A/IjS4XBvmxHZFr3pywKitjbfK
+            CKnctMdz2AcJ224TUl6PEc7GVZdCycHZn9nK2zP6tcY8bPlX4VBP4Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-30T20:07:02Z"
+    mac: ENC[AES256_GCM,data:03LjoWfq3vWeQ2Fs24WDW6E4T/5WnRvdGmPuiVVWEqqpyn0qnAz92MIMPc7B7TCy6XzQ31GqacjK2dxM3o4sSAqET+yotpOOhTVRnxarJWOre8uzDK/8LnYzP3Jbd7DpueCTXNRkomk9OLMYElp8HRszbWr1rEVj4UG/nfCY1y4=,iv:WemTKSYH2Hp3m6JT9LMrlKXUkdcwDzEwLmXboAaZ0mc=,tag:x1iXanJE/PnlETI54gR+8g==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
diff --git a/kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml b/kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml
new file mode 100644
index 00000000..4848d2a8
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: ebusd-config-secret
+type: kubernetes.io/basic-auth
+stringData:
+    username: ENC[AES256_GCM,data:bRhNHEA=,iv:k4QlV2mvZiG1iTy3rXehRujru2dPtDtknRJxK0ddAeQ=,tag:NJzVjuc0rUUZxiBn1JsyWQ==,type:str]
+    password: ENC[AES256_GCM,data:Bggc/GLPLnnWEtIMlf9jDV/nUpoceBMvWqjw+NshjoZJNmifMF6DFw==,iv:CGF3ukNNssEm+1G5M6eG1/OtEaG63wpUs9gfY6+mdvk=,tag:LTLfFnOGOiKDNKjjhL5gSA==,type:str]
+    #ENC[AES256_GCM,data:bds89uaF6UDYI//rnTBbaZTh3zf/WAb79zancM8WVKoGfd+AMWEFZLMhJvA=,iv:+/8I2rJBSK4XC/sWo1/8Hdp6SWcsT7U8YPeduwB5lKM=,tag:KLaYACvrQHsufokXosf2zA==,type:comment]
+    #ENC[AES256_GCM,data:FwtxO7qk5bwnG1aJFYNr,iv:jFITOSG/J/42EHtwcgNiRXus+NxnRkXYkH2RylK3uNQ=,tag:oU2gzMiPY9APbEWk4DOklg==,type:comment]
+    #ENC[AES256_GCM,data:ufapEl++l2M2B7hBYaGg17nwrM6yELAu3IWrSRtqsS0=,iv:E74vX43/YyrTgT+xfu+0zVFpJR2LC0f+WeDTIsSOopw=,tag:XBuQAMIqy+RuJZ8VyJXEGw==,type:comment]
+    device: ENC[AES256_GCM,data:fAL248UkkabkaOnVKrZxGOO4rw/GJTn0,iv:pJOPSzjCrgwEzpgyK38OUwuqla0L8tCqr1RemulCnp0=,tag:PefdDw7dbcsNmxmYLQmA6Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVdKcTJuY1ZJL2l2Ni9Y
+            YVVSYi9xQ0hhYng4ZzMrVkVWb3cwalpSd2dnCktBNzFEZGJxRkFySVhBQ2RZdGJ4
+            bjlmVGxWUFZnT2tFUnBBd1ozZXdSdlEKLS0tIFd6K3h1OFZyY0xvc2VDL3diRlZB
+            cHdibGdzaHg0NnBMTXpYdGo1N3VCUG8Km3Pd+F+Dm0GYNr13rKykH0mLIJfZ7cw7
+            ubzfRKrO1TDud0Cd5WP3RaLKX+viux7Wq8LLfHena1DfaeAblP1mfA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-01T20:11:51Z"
+    mac: ENC[AES256_GCM,data:lA/shoJ+/giWS7QPoik2Etlmt7JfcHGhTjJwv84irOcbiMdrD+SbXQDcrX8/njuJFeXgnChGlVgI1o8RKa0gv4IvX48QIA1GgM/lNp/KY3HgKcgGU7ttBlEuVcaNZkg42fJEkZV+rK6uj15y0PaUv9Fx66PPaZs0EvifQU1q49o=,iv:RL1sTbV6jFDrH3UK9e+AnfN8HPtEUFPTEUYNFgA3HVo=,tag:TjASk8aWc+VS+aRjFPZPLQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
diff --git a/kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml b/kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml
new file mode 100644
index 00000000..ad53af98
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml
@@ -0,0 +1,40 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ebusd-emqx-init
+spec:
+  target:
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        INIT_EMQX_API_HOST: "{{ .emqx_api_host }}"
+        INIT_EMQX_API_PORT: "{{ .emqx_api_port }}"
+        INIT_EMQX_ACCESS_KEY: "{{ .emqx_username }}"
+        INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}"
+        INIT_EMQX_USER: "{{ .ebusd_username }}"
+        INIT_EMQX_PASS: "{{ .ebusd_password }}"
+        INIT_EMQX_TOPIC: "homeassistant/ebusd"
+  dataFrom:
+    - extract:
+        key: emqx-secret
+      rewrite:
+        - regexp:
+            source: "^(.*)$"
+            target: "emqx_$1"
+      sourceRef:
+        storeRef:
+          name: emqx-secret-store
+          kind: ClusterSecretStore
+    - extract:
+        key: ebusd-config-secret
+      rewrite:
+        - regexp:
+            source: "^(.*)$"
+            target: "ebusd_$1"
+      sourceRef:
+        storeRef:
+          name: home-automation-secret-store
+          kind: SecretStore
diff --git a/kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml b/kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml
new file mode 100644
index 00000000..828e440e
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml
@@ -0,0 +1,207 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app ebusd
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.2.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    - name: external-secrets
+      namespace: security
+    - name: multus
+      namespace: kube-system
+  values:
+    defaultPodOptions:
+      annotations:
+        secret.reloader.stakater.com/reload: "ebusd-emqx-init,ebusd-secret"
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        runAsGroup: 65534
+        seccompProfile: { type: RuntimeDefault }
+    controllers:
+      ebusd:
+        containers:
+          app:
+            image:
+              repository: docker.io/john30/ebusd
+              tag: 23.3
+            command: ["ebusd"]
+            args:
+              # https://github.com/john30/ebusd/wiki/2.-Run
+              # Message Configuration Options
+              - --config=/config
+              - --configlang=en
+              - --pollinterval=10
+              - --scanconfig
+              # Daemon Options
+              - --foreground
+              # Log Options
+              - --log=all:info
+              # MQTT Options
+              - --mqttint=/config/mqtt-hassio.cfg
+              - --mqttjson
+            envFrom:
+              - secretRef:
+                  name: ebusd-secret
+            # probes:
+            #   liveness: &probes
+            #     enabled: true
+            #     custom: true
+            #     spec:
+            #       httpGet:
+            #         path: /login
+            #         port: 80
+            #       initialDelaySeconds: 10
+            #       periodSeconds: 10
+            #       timeoutSeconds: 1
+            #       failureThreshold: 3
+            #   readiness: *probes
+            #   startup: *probes
+            # resources:
+            #   requests:
+            #     cpu: 100m
+            #     memory: 512Mi  # ????
+            #   limits:
+            #     cpu: 1000m
+            #     memory: 2Gi # ????
+          code-server:
+            image:
+              repository: ghcr.io/coder/code-server
+              tag: 4.90.3
+            args: [
+              "--auth", "none",
+              "--user-data-dir", "/config/.vscode",
+              "--extensions-dir", "/config/.vscode",
+              "--port", "80",
+              "/config"
+            ]
+            resources:
+              requests:
+                cpu: 10m
+                memory: 64Mi
+              limits:
+                cpu: 1000m
+                memory: 2Gi
+            lifecycle:
+              postStart:
+                exec:
+                  command:
+                    - /bin/sh
+                    - -c
+                    - |
+                        (
+                          set -ex
+                          apt update
+                          apt install --yes dnsutils
+                          apt install --yes iproute2
+                          apt install --yes inetutils-ping
+                          apt install --yes inetutils-telnet
+                          apt install --yes inetutils-traceroute
+                          apt install --yes net-tools
+                        ) > /tmp/postStart.log 2>&1 || true
+        initContainers:
+          emqx-init:
+            image:
+              repository: ghcr.io/prehor/emqx-init
+              tag: 1.0.0
+            envFrom:
+              - secretRef:
+                  name: ebusd-emqx-init
+          config:
+            image:
+              repository: docker.io/alpine/git
+              tag: 2.45.2
+            command: ["/bin/sh","-c"]
+            args: |
+              set -ex
+              if [ ! -e "/config/.git" ]; then
+                git clone git@github.com:prehor/ebusd-config.git /config/.ebusd-config
+                mv /config/.ebusd-config/* /config/.ebusd-config/.* /config
+                rmdir /config/.ebusd-config/
+              fi
+              if [ ! -e "/config/mqtt-hassio.cfg" ]; then
+                cp /etc/ebusd/mqtt-hassio.cfg /config/mqtt-hassio.cfg
+              fi
+              if [ ! -e "/root/.gitconfig" ]; then
+                cat > /root/.gitconfig <<EOF
+              [filter "lfs"]
+                process = git-lfs filter-process
+                required = true
+                clean = git-lfs clean -- %f
+                smudge = git-lfs smudge -- %f
+              [user]
+                email = rx@rx.cz
+                name = Petr Řehoř
+              EOF
+              fi
+    service:
+      app:
+        controller: ebusd
+        ports:
+          http:
+            port: 8888
+          code-server:
+            port: 80
+    ingress:
+      app:
+        enabled: true
+        className: internal
+        hosts:
+          - host: &host ebus.${SECRET_DOMAIN}
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+      code-server:
+        className: internal
+        hosts:
+          - host: &host "ebush.${SECRET_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: code-server
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        existingClaim: *app
+      deploy-key:
+        type: secret
+        name: ebusd-config-deploy-key
+        defaultMode: 0o400
+        globalMounts:
+          - path: /root/.ssh/id_ed25519
+            subPath: ssh-privatekey
+          - path: /root/.ssh/known_hosts2
+            subPath: ssh-known-hosts
+      logs:
+        type: emptyDir
+        globalMounts:
+          - path: /config/logs
+      tmp:
+        type: emptyDir
diff --git a/kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml b/kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml
new file mode 100644
index 00000000..d769bf66
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml
@@ -0,0 +1,11 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./config-deploy-key.sops.yaml
+  - ./config-secrets.sops.yaml
+  - ./emqx-init-secret.yaml
+  - ./helmrelease.yaml
+  - ./secret.yaml
+  - ../../../../templates/volsync
diff --git a/kubernetes/main/apps/home-automation/ebusd/app/secret.yaml b/kubernetes/main/apps/home-automation/ebusd/app/secret.yaml
new file mode 100644
index 00000000..cdd1c21d
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/app/secret.yaml
@@ -0,0 +1,36 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ebusd-secret
+stringData:
+  # https://github.com/john30/ebusd/wiki/2.-Run
+  # Device Options
+  EBUSD_DEVICE: "{{ .ebusd_device }}"
+  # MQTT Options
+  EBUSD_MQTTHOST: "{{ .emqx_host }}"
+  EBUSD_MQTTPORT: "{{ .emqx_port }}"
+  EBUSD_MQTTUSER: "{{ .ebusd_username }}"
+  EBUSD_MQTTPASS: "{{ .ebusd_password }}"
+dataFrom:
+  - extract:
+      key: ebusd-config-secret
+    rewrite:
+      - regexp:
+          source: "^(.*)$"
+          target: "ebusd_$1"
+    sourceRef:
+      storeRef:
+        name: home-automation-secret-store
+        kind: SecretStore
+  - extract:
+      key: emqx-secret
+    rewrite:
+      - regexp:
+          source: "^(.*)$"
+          target: "emqx_$1"
+    sourceRef:
+      storeRef:
+        name: emqx-secret-store
+        kind: ClusterSecretStore
diff --git a/kubernetes/main/apps/home-automation/ebusd/ks.yaml b/kubernetes/main/apps/home-automation/ebusd/ks.yaml
new file mode 100644
index 00000000..0d35f1b3
--- /dev/null
+++ b/kubernetes/main/apps/home-automation/ebusd/ks.yaml
@@ -0,0 +1,29 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app ebusd
+  namespace: flux-system
+spec:
+  targetNamespace: home-automation
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: home-automation-external-secrets-stores
+    - name: multus
+    - name: volsync
+  path: "./kubernetes/main/apps/home-automation/ebusd/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 100Mi
diff --git a/kubernetes/main/apps/home-automation/kustomization.yaml b/kubernetes/main/apps/home-automation/kustomization.yaml
index a6ab8d89..33829749 100644
--- a/kubernetes/main/apps/home-automation/kustomization.yaml
+++ b/kubernetes/main/apps/home-automation/kustomization.yaml
@@ -3,5 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./namespace.yaml
+  - ./ebusd/ks.yaml
   - ./external-secrets/ks.yaml
   - ./home-assistant/ks.yaml