%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%%
flowchart TB
    subgraph ha_host ["huitral 192.168.99.22 - network_mode: host"]
        direction TB

        subgraph ha_container ["Home Assistant - Docker"]
            direction TB
            ha_core["HA Core<br/>ghcr.io/home-assistant/<br/>home-assistant:stable<br/>Port: 8123"]
            ha_ws["WebSocket<br/>connexions longues"]
        end

        subgraph ha_config ["Configuration"]
            direction LR
            config_dir["/opt/homeassistant/config<br/>-> /config"]
            config_yaml["configuration.yaml<br/>internal_url: ha.arauco.online<br/>external_url: ha.arauco.online"]
            secrets["secrets.yaml"]
            config_dir --- config_yaml
            config_dir --- secrets
        end

        subgraph ha_proxy ["Reverse Proxy"]
            trusted["trusted_proxies<br/>192.168.99.0/24<br/>use_x_forwarded_for: true"]
        end

        subgraph ha_integrations ["Integrations"]
            direction TB

            subgraph hacs_int ["HACS"]
                direction LR
                oidc_comp["hass-oidc-auth<br/>Composant OIDC"]
                vikunja_int["Vikunja Todo<br/>Listes de taches"]
            end

            subgraph cameras ["Cameras"]
                direction LR
                onvif["ONVIF<br/>Decouverte auto + PTZ"]
                rtsp["RTSP / MJPEG<br/>Flux video"]
            end

            subgraph local_todo ["Todo local"]
                ha_todo["HA Shopping List<br/>Listes locales"]
            end
        end
    end

    subgraph oidc_auth ["Authentification OIDC"]
        direction TB
        auth_flow["auth_oidc:<br/>client_id: homeassistant<br/>discovery_url: kc.arauco.online<br/>/realms/chiruca/.well-known/<br/>openid-configuration"]
        login_btn["Bouton SSO<br/>OpenID Connect"]
        welcome["/auth/oidc/welcome<br/>Code unique 5 min"]
        auth_flow --> login_btn --> welcome
    end

    subgraph keycloak_ext ["Keycloak npagnun .35"]
        kc["Realm chiruca<br/>Client: homeassistant<br/>Redirect: ha.arauco.online<br/>/auth/oidc/callback"]
        google["-> Google IdP"]
        kc --> google
    end

    subgraph caddy_ext ["Caddy araucaria .50"]
        caddy["ha.arauco.online<br/>HTTPS -> :8123<br/>WebSocket: read_timeout 0"]
    end

    subgraph vikunja_ext ["Vikunja huitral .22"]
        vk["vk.arauco.online<br/>:3456<br/>API REST"]
    end

    subgraph users_ext ["Utilisateurs"]
        direction TB
        persons["Personnes HA<br/>paul, anne, toshiro..."]
        notify["Notifications mobiles<br/>notify.mobile_app_*"]
    end

    caddy -->|"HTTP + WS"| ha_core
    oidc_comp -->|"OIDC"| kc
    vikunja_int -->|"API"| vk
    ha_core --> ha_integrations
    users_ext --> ha_core
    persons -.-> notify

    classDef haStyle fill:#1e4a4a,stroke:#4a9a9a,color:#a8e0e0
    classDef configStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8
    classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
    classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
    classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
    classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
    classDef userStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0

    class ha_core,ha_ws haStyle
    class config_dir,config_yaml,secrets configStyle
    class trusted,auth_flow,login_btn,welcome secStyle
    class oidc_comp,vikunja_int,onvif,rtsp,ha_todo svcStyle
    class kc,google iamStyle
    class caddy netStyle
    class vk svcStyle
    class persons,notify userStyle