How We Automated a 200m2 Office with Home Assistant and 80+ Automations

When a client asked us to make their office smarter, the brief was simple: reduce energy waste, improve air quality, and add basic security, without replacing existing infrastructure or subscribing to expensive cloud platforms. We delivered a system with over 80 automations running on a Raspberry Pi, using off-the-shelf Xiaomi sensors and open-source software.

Here is how we did it, what worked, and what we learned along the way.

Why Home Assistant for Commercial Spaces

Commercial smart building platforms cost thousands per year in licensing. Home Assistant is free, runs on a Raspberry Pi, and integrates with hundreds of device brands. For small-to-medium offices, it is the sweet spot between DIY tinkering and enterprise building management.

The key advantages for our client:

• No cloud dependency - everything runs locally on-premise
• No monthly fees - one-time hardware cost only
• Full customization - automations tailored to actual work patterns
• Secure remote access - via Cloudflare Tunnel, no port forwarding needed

Hardware Setup

The Brain: Raspberry Pi 5

We deployed Home Assistant on a Raspberry Pi 5 (8GB) with a 64GB SD card. Earlier projects on Raspberry Pi 3 taught us that 1GB RAM is insufficient, the Cloudflare Tunnel addon alone consumes 200-300MB, leaving Home Assistant starved for memory. The RPi 5 handles everything comfortably with room to spare.

The Gateway: Xiaomi Smart Home Hub 2

The Xiaomi Smart Home Hub 2 connects via Ethernet and bridges all BLE (Bluetooth Low Energy) sensors to Home Assistant. Wired connectivity to the gateway is critical, WiFi-connected gateways suffer from intermittent drops that cascade into sensor unavailability.

Sensors and Devices

For a 200m2 office with 6 rooms, we deployed:

• Motion sensors in every room for occupancy detection
• Door contact sensor on the main entrance
• Temperature and humidity sensor for climate monitoring
• LED strip lighting in common areas with brightness and color temperature control
• Air purifier with built-in PM2.5 sensor
• Robot vacuum for after-hours cleaning
• Smart plugs on non-essential equipment for energy management
• Speaker for TTS announcements and alerts

Total hardware cost was around 1,200 EUR for the entire deployment.

Lighting: Motion-Activated, Schedule-Aware

Every room with a motion sensor has corresponding light automations. The pattern is consistent:

1. Motion detected: lights turn on at appropriate brightness
2. No motion for X minutes: lights dim as a warning
3. Still no motion: lights turn off completely

The dim-before-off pattern is important in office environments. Nobody wants lights cutting out during a focused work session where they happen to sit still for 15 minutes. The dim phase gives occupants a chance to wave and restore full brightness.

Schedule Awareness

The system knows the office schedule. During business hours, lights respond to motion immediately. After hours, only security lighting activates. On weekends, the system runs in minimal mode, security active, everything else off.

This schedule awareness extends to all automations. The vacuum only runs when the office is empty. Notifications are suppressed outside business hours. The air purifier switches to silent mode during meetings.

Air Quality: Hysteresis-Based PM2.5 Control

Indoor air quality in offices directly impacts productivity and well-being. The air purifier integration reads PM2.5 levels and adjusts fan speed automatically, but with an important design choice: hysteresis bands.

Without hysteresis, a purifier will rapidly toggle between modes when PM2.5 hovers near a threshold. We implemented bands with gaps between them:

• Above 80 ug/m3: Maximum speed
• 40-80 ug/m3: Auto mode
• Below 8 ug/m3 for 15 minutes: Silent mode
• Below 8 ug/m3 for 30 minutes on silent: Turn off

The 15 and 30 minute delays prevent the purifier from cycling during brief PM2.5 fluctuations, like when someone opens a window or walks past the sensor.

Security: No Commercial Alarm Needed

The client did not want to pay for a monitored alarm service. We built a security system using existing sensors:

Intrusion Detection

If the front door opens and no motion is detected anywhere in the office for a defined period, the system triggers an alarm:

1. All lights flash red
2. A TTS announcement plays on the speaker
3. Critical push notifications are sent to designated phones
4. An event log entry is created with timestamp

Door Monitoring

If the main door remains open longer than 5 minutes, a notification is sent. After 10 minutes, the lights flash as a visual reminder. This catches the common scenario of the last person leaving and not pulling the door fully closed.

After-Hours Activity Alerts

Any motion detected outside business hours triggers a silent push notification to management. No alarm, no drama, just awareness.

Cleaning Automation

The robot vacuum is integrated and scheduled to clean after business hours. But rather than a fixed schedule, we use an intelligent trigger:

• All motion sensors report no activity for 30 minutes during the cleaning window
• The vacuum starts automatically
• If it is still running past a cutoff time, it returns to dock

This approach handles variable office hours naturally. If people stay late, the vacuum waits. If everyone leaves early, it starts earlier.

Morning Briefing

When the first person arrives in the morning (detected by motion in the entrance area during business hours), the system delivers a spoken briefing through the office speaker:

• Indoor temperature and humidity
• Current PM2.5 level
• Outdoor temperature
• Any overnight alerts or events

This 15-second briefing gives the first arrival a snapshot of the office environment without checking any screens.

Remote Access

Cloudflare Tunnel

For secure remote monitoring, we deployed a Cloudflare Tunnel directly on the Raspberry Pi. This provides HTTPS access to the Home Assistant dashboard without exposing any ports on the office router or requiring a static IP.

Management can check office status, review security events, and control systems from anywhere. The tunnel runs reliably on the RPi 5, on our earlier RPi 3 deployments, the tunnel process would frequently crash due to memory pressure.

Mobile Dashboard

The Home Assistant dashboard is organized into purpose-specific tabs:

• Overview: Key metrics at a glance
• Lighting: Room-by-room light control
• Air Quality: PM2.5 graphs and purifier status
• Security: Door status, motion logs, alarm controls
• Energy: Smart plug power consumption
• System: RPi health, integration status

We use Mushroom cards for a clean, modern interface that non-technical users can operate without training.

Bonus: Pi-hole on a Separate RPi 5 for Guest WiFi

As an addition to the smart office project, we deployed a second Raspberry Pi 5 running Pi-hole, a network-wide ad blocker and DNS sinkhole, dedicated to a separate guest WiFi network.

The Problem

The client wanted employees to use their personal phones on WiFi for convenience, but mixing personal devices with the office network is a security risk. At the same time, guest visitors needed internet access without touching the corporate network at all.

The Solution: Isolated Guest Network with Pi-hole

We set up a separate VLAN and SSID for personal devices and visitors, completely isolated from the office production network. This guest network routes through a dedicated Raspberry Pi 5 running Pi-hole as its DNS server.

What this achieves:

• Ad blocking network-wide - every device on the guest WiFi gets ad-free browsing without installing anything. YouTube ads, tracking scripts, malware domains - all blocked at the DNS level.
• Network isolation - guest/personal devices cannot reach office systems, printers, file shares, or the Home Assistant deployment. Traffic is internet-only.
• Visibility - Pi-hole’s dashboard shows exactly what DNS queries are being made, which domains are blocked, and which devices are most active. This is valuable for detecting compromised devices or unusual activity.
• Malware protection - Pi-hole blocks known malware and phishing domains by default. Combined with regularly updated blocklists, it acts as a first line of defense for any device that connects.

Setup

The Pi-hole deployment took under an hour:

1. Flash Raspberry Pi OS Lite on a second RPi 5
2. Assign a static IP on the guest VLAN
3. Install Pi-hole (curl -sSL https://install.pi-hole.net | bash)
4. Configure the guest WiFi SSID to use the Pi-hole IP as its DNS server
5. Add community blocklists for ads, tracking, and malware domains

The router handles VLAN tagging and SSID-to-VLAN mapping. The office network uses the ISP’s DNS or a corporate DNS server, completely separate from Pi-hole.

Results

Within the first week, Pi-hole blocked over 35% of all DNS queries on the guest network. The majority were ad trackers, analytics beacons, and telemetry endpoints that phones constantly ping in the background.

Employees immediately noticed faster browsing and fewer ads. Visitors get clean, fast internet without any setup. And the office network remains completely untouched by personal device traffic.

Cost

One additional Raspberry Pi 5 (4GB is sufficient for Pi-hole): ~60 EUR. No subscriptions, no licensing, no ongoing costs.

Lessons Learned

BLE sensor reliability. Bluetooth Low Energy sensors occasionally drop to “unavailable” for 5-10 minutes due to normal advertisement gaps. This is not a bug, it is a protocol characteristic. The critical lesson: never treat “unavailable” as “no presence.” We learned this the hard way when a vacuum started cleaning while people were still in the office because all BLE sensors briefly went unavailable simultaneously.

Start with lighting. Of all the automations we deploy, motion-activated lighting delivers the most immediate and visible value. It is also the easiest to explain to non-technical stakeholders. Start here, prove the value, then expand.

Naming conventions matter. At 80+ automations, organization is everything. We use a strict area_device_action convention (e.g., kitchen_light_motion_on, entrance_door_open_alert). Without this, the automation list becomes unmanageable within weeks.

Budget for the RPi 5. The Raspberry Pi 3 is tempting at half the price, but the 1GB RAM limitation creates real reliability problems. The RPi 5 with 4GB or 8GB is the minimum we now recommend for any production deployment.

Cost Breakdown

Component	Cost
Raspberry Pi 5 (8GB) + case + power	~170 EUR
Xiaomi Smart Home Hub 2	~40 EUR
6x Motion sensors	~120 EUR
Door contact sensor	~20 EUR
Temp/humidity sensor	~15 EUR
3x LED strips	~180 EUR
Air purifier	~120 EUR
Robot vacuum	~350 EUR
Smart plugs (3x)	~30 EUR
Speaker for TTS	~30 EUR
RPi 5 (4GB) for Pi-hole	~120 EUR
Total	~1,195 EUR

No monthly fees. No cloud subscriptions. The entire system pays for itself in energy savings within the first year through automated lighting and equipment power management.

What We Would Add Next

• Shelly relay switches on existing wall switches for hardwired ceiling light control
• Water leak sensors under kitchen sink and server area
• Energy monitoring on the electrical panel for detailed consumption tracking
• Meeting room occupancy display outside conference rooms
• CO2 sensor for ventilation automation

Conclusion

Smart office automation does not require enterprise-grade building management systems or five-figure budgets. A Raspberry Pi, a handful of sensors, and well-designed automations can transform an office environment, reducing energy waste, improving air quality, and adding security that works silently in the background.

The best automation is the one nobody notices because it just works.

---

D2 Solutions designs and deploys smart office and smart home automation systems. From sensor selection to custom automation development, we handle the complete setup. Contact us to discuss your project.