Bump coverage from 7.6.11 to 7.6.12 (#5622)

* Delay inital version fetch until there is connectivity

* Add test

* Only mock get not whole websession object

* drive delayed fetch off of supervisor connectivity not host

* Fix test to not rely on sleep guessing to track tasks

* Use fixture to remove job throttle temporarily

.devcontainer/devcontainer.json

@@ -0,0 +1,51 @@
+{
+  "name": "Supervisor dev",
+  "image": "ghcr.io/home-assistant/devcontainer:2-supervisor",
+  "containerEnv": {
+    "WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
+  },
+  "remoteEnv": {
+    "PATH": "${containerEnv:VIRTUAL_ENV}/bin:${containerEnv:PATH}"
+  },
+  "appPort": ["9123:8123", "7357:4357"],
+  "postCreateCommand": "bash devcontainer_setup",
+  "postStartCommand": "bash devcontainer_bootstrap",
+  "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "charliermarsh.ruff",
+        "ms-python.pylint",
+        "ms-python.vscode-pylance",
+        "visualstudioexptteam.vscodeintellicode",
+        "redhat.vscode-yaml",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github"
+      ],
+      "settings": {
+        "python.defaultInterpreterPath": "/home/vscode/.local/ha-venv/bin/python",
+        "python.pythonPath": "/home/vscode/.local/ha-venv/bin/python",
+        "python.terminal.activateEnvInCurrentTerminal": true,
+        "python.testing.pytestArgs": ["--no-cov"],
+        "pylint.importStrategy": "fromEnvironment",
+        "editor.formatOnPaste": false,
+        "editor.formatOnSave": true,
+        "editor.formatOnType": true,
+        "files.trimTrailingWhitespace": true,
+        "terminal.integrated.profiles.linux": {
+          "zsh": {
+            "path": "/usr/bin/zsh"
+          }
+        },
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "[python]": {
+          "editor.defaultFormatter": "charliermarsh.ruff"
+        }
+      }
+    }
+  },
+  "mounts": [
+    "type=volume,target=/var/lib/docker",
+    "type=volume,target=/mnt/supervisor"
+  ]
+}

.dockerignore

@@ -0,0 +1,23 @@
+# General files
+.git
+.github
+.devcontainer
+.vscode
+
+# Test related files
+.tox
+
+# Temporary files
+**/__pycache__
+.pytest_cache
+
+# virtualenv
+venv/
+
+# Data
+home-assistant-polymer/
+script/
+tests/
+
+# Test ENV
+data/

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,69 @@
+---
+name: Report a bug with the Supervisor on a supported System
+about: Report an issue related to the Home Assistant Supervisor.
+labels: bug
+---
+
+<!-- READ THIS FIRST:
+- If you need additional help with this template please refer to https://www.home-assistant.io/help/reporting_issues/
+- This is for bugs only. Feature and enhancement requests should go in our community forum: https://community.home-assistant.io/c/feature-requests
+- Provide as many details as possible. Paste logs, configuration sample and code into the backticks. Do not delete any text from this template!
+- If you have a problem with an add-on, make an issue in it's repository.
+-->
+
+<!--
+Important: You can only fill a bug repport for an supported system! If you run an unsupported installation. This report would be closed without comment.
+-->
+
+### Describe the issue
+
+<!-- Provide as many details as possible. -->
+
+### Steps to reproduce
+
+<!-- What do you do to encounter the issue. -->
+
+1. ...
+2. ...
+3. ...
+
+### Enviroment details
+
+<!-- You can find these details in the system tab of the supervisor panel, or by using the `ha` CLI. -->
+
+- **Operating System:**: xxx
+- **Supervisor version:**: xxx
+- **Home Assistant version**: xxx
+
+### Supervisor logs
+
+<details>
+<summary>Supervisor logs</summary>
+<!--
+- Frontend -> Supervisor -> System
+- Or use this command: ha supervisor logs
+- Logs are more than just errors, even if you don't think it's important, it is.
+-->
+
+```
+Paste supervisor logs here
+
+```
+
+</details>
+
+### System Information
+
+<details>
+<summary>System Information</summary>
+<!--
+- Use this command: ha info
+-->
+
+```
+Paste system info here
+
+```
+
+</details>
+

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,96 @@
+name: Bug Report Form
+description: Report an issue related to the Home Assistant Supervisor.
+labels: bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This issue form is for reporting bugs with **supported** setups only!
+
+        If you have a feature or enhancement request, please use the [feature request][fr] section of our [Community Forum][fr].
+
+        [fr]: https://community.home-assistant.io/c/feature-requests
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Describe the issue you are experiencing
+      description: Provide a clear and concise description of what the bug is.
+  - type: markdown
+    attributes:
+      value: |
+        ## Environment
+  - type: dropdown
+    validations:
+      required: true
+    attributes:
+      label: What type of installation are you running?
+      description: >
+        If you don't know, can be found in [Settings -> System -> Repairs -> System Information](https://my.home-assistant.io/redirect/system_health/).
+        It is listed as the `Installation Type` value.
+      options:
+        - Home Assistant OS
+        - Home Assistant Supervised
+  - type: dropdown
+    validations:
+      required: true
+    attributes:
+      label: Which operating system are you running on?
+      options:
+        - Home Assistant Operating System
+        - Debian
+        - Other (e.g., Raspbian/Raspberry Pi OS/Fedora)
+  - type: markdown
+    attributes:
+      value: |
+        # Details
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Steps to reproduce the issue
+      description: |
+        Please tell us exactly how to reproduce your issue.
+        Provide clear and concise step by step instructions and add code snippets if needed.
+      value: |
+        1.
+        2.
+        3.
+        ...
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Anything in the Supervisor logs that might be useful for us?
+      description: >
+        Supervisor Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/)
+        then choose `Supervisor` in the top right.
+
+        [![Open your Home Assistant instance and show your Supervisor system logs.](https://my.home-assistant.io/badges/supervisor_logs.svg)](https://my.home-assistant.io/redirect/supervisor_logs/)
+      render: txt
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: System Health information
+      description: >
+        System Health information can be found in the top right menu in [Settings -> System -> Repairs](https://my.home-assistant.io/redirect/repairs/).
+        Click the copy button at the bottom of the pop-up and paste it here.
+        
+        [![Open your Home Assistant instance and show health information about your system.](https://my.home-assistant.io/badges/system_health.svg)](https://my.home-assistant.io/redirect/system_health/)
+  - type: textarea
+    attributes:
+      label: Supervisor diagnostics
+      placeholder: "drag-and-drop the diagnostics data file here (do not copy-and-paste the content)"
+      description: >-
+        Supervisor diagnostics can be found in [Settings -> Integrations](https://my.home-assistant.io/redirect/integrations/).
+        Find the card that says `Home Assistant Supervisor`, open its menu and select 'Download diagnostics'.
+        
+        **Please drag-and-drop the downloaded file into the textbox below. Do not copy and paste its contents.**
+  - type: textarea
+    attributes:
+      label: Additional information
+      description: >
+        If you have any additional information for us, use the field below.
+        Please note, you can attach screenshots or screen recordings here, by
+        dragging and dropping files in the field below.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,25 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Report a bug/issues with an unsupported Supervisor
+    url: https://community.home-assistant.io
+    about: The Community guide can help or was updated to solve your issue
+
+  - name: Report a bug for the Supervisor panel
+    url: https://github.com/home-assistant/frontend/issues
+    about: The Supervisor panel is a part of the Home Assistant frontend
+
+  - name: Report incorrect or missing information on our developer documentation
+    url: https://github.com/home-assistant/developers.home-assistant.io/issues
+    about: Our documentation has its own issue tracker. Please report issues with the website there.
+
+  - name: Request a feature for the Supervisor
+    url: https://community.home-assistant.io/c/feature-requests
+    about: Request an new feature for the Supervisor.
+
+  - name: I have a question or need support
+    url: https://www.home-assistant.io/help
+    about: We use GitHub for tracking bugs, check our website for resources on getting help.
+
+  - name: I'm unsure where to go?
+    url: https://www.home-assistant.io/join-chat
+    about: If you are unsure where to go, then joining our chat is recommended; Just ask!

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,74 @@
+<!--
+  You are amazing! Thanks for contributing to our project!
+  Please, DO NOT DELETE ANY TEXT from this template! (unless instructed).
+-->
+
+## Proposed change
+
+<!--
+  Describe the big picture of your changes here to communicate to the
+  maintainers why we should accept this pull request. If it fixes a bug
+  or resolves a feature request, be sure to link to that issue in the
+  additional information section.
+-->
+
+## Type of change
+
+<!--
+  What type of change does your PR introduce to Home Assistant?
+  NOTE: Please, check only 1! box!
+  If your PR requires multiple boxes to be checked, you'll most likely need to
+  split it into multiple PRs. This makes things easier and faster to code review.
+-->
+
+- [ ] Dependency upgrade
+- [ ] Bugfix (non-breaking change which fixes an issue)
+- [ ] New feature (which adds functionality to the supervisor)
+- [ ] Breaking change (fix/feature causing existing functionality to break)
+- [ ] Code quality improvements to existing code or addition of tests
+
+## Additional information
+
+<!--
+  Details are important, and help maintainers processing your PR.
+  Please be sure to fill out additional details, if applicable.
+-->
+
+- This PR fixes or closes issue: fixes #
+- This PR is related to issue:
+- Link to documentation pull request:
+- Link to cli pull request:
+- Link to client library pull request:
+
+## Checklist
+
+<!--
+  Put an `x` in the boxes that apply. You can also fill these out after
+  creating the PR. If you're unsure about any of them, don't hesitate to ask.
+  We're here to help! This is simply a reminder of what we are going to look
+  for before merging your code.
+-->
+
+- [ ] The code change is tested and works locally.
+- [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
+- [ ] There is no commented out code in this PR.
+- [ ] I have followed the [development checklist][dev-checklist]
+- [ ] The code has been formatted using Ruff (`ruff format supervisor tests`)
+- [ ] Tests have been added to verify that the new code works.
+
+If API endpoints or add-on configuration are added/changed:
+
+- [ ] Documentation added/updated for [developers.home-assistant.io][docs-repository]
+- [ ] [CLI][cli-repository] updated (if necessary)
+- [ ] [Client library][client-library-repository] updated (if necessary)
+
+<!--
+  Thank you for contributing <3
+
+  Below, some useful links you could explore:
+-->
+
+[dev-checklist]: https://developers.home-assistant.io/docs/en/development_checklist.html
+[docs-repository]: https://github.com/home-assistant/developers.home-assistant
+[cli-repository]: https://github.com/home-assistant/cli
+[client-library-repository]: https://github.com/home-assistant-libs/python-supervisor-client/

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "06:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "06:00"
+  open-pull-requests-limit: 10

.github/move.yml

@@ -0,0 +1,13 @@
+# Configuration for move-issues - https://github.com/dessant/move-issues
+
+# Delete the command comment. Ignored when the comment also contains other content
+deleteCommand: true
+# Close the source issue after moving
+closeSourceIssue: true
+# Lock the source issue after moving
+lockSourceIssue: false
+# Set custom aliases for targets
+# aliases:
+#   r: repo
+#   or: owner/repo
+

.github/release-drafter.yml

@@ -0,0 +1,50 @@
+change-template: "- #$NUMBER $TITLE @$AUTHOR"
+sort-direction: ascending
+
+categories:
+  - title: ":boom: Breaking Changes"
+    label: "breaking-change"
+
+  - title: ":wrench: Build"
+    label: "build"
+
+  - title: ":boar: Chore"
+    label: "chore"
+
+  - title: ":sparkles: New Features"
+    label: "new-feature"
+
+  - title: ":zap: Performance"
+    label: "performance"
+
+  - title: ":recycle: Refactor"
+    label: "refactor"
+
+  - title: ":green_heart: CI"
+    label: "ci"
+
+  - title: ":bug: Bug Fixes"
+    label: "bugfix"
+
+  - title: ":white_check_mark: Test"
+    label: "test"
+
+  - title: ":arrow_up: Dependency Updates"
+    label: "dependencies"
+    collapse-after: 1
+
+include-labels:
+  - "breaking-change"
+  - "build"
+  - "chore"
+  - "performance"
+  - "refactor"
+  - "new-feature"
+  - "bugfix"
+  - "dependencies"
+  - "test"
+  - "ci"
+
+template: |
+
+  $CHANGES

.github/workflows/builder.yml

@@ -0,0 +1,380 @@
+name: Build supervisor
+
+on:
+  workflow_dispatch:
+    inputs:
+      channel:
+        description: "Channel"
+        required: true
+        default: "dev"
+      version:
+        description: "Version"
+        required: true
+      publish:
+        description: "Publish"
+        required: true
+        default: "false"
+      stable:
+        description: "Stable"
+        required: true
+        default: "false"
+  pull_request:
+    branches: ["main"]
+  release:
+    types: ["published"]
+  push:
+    branches: ["main"]
+    paths:
+      - "rootfs/**"
+      - "supervisor/**"
+      - build.yaml
+      - Dockerfile
+      - requirements.txt
+      - setup.py
+
+env:
+  DEFAULT_PYTHON: "3.13"
+  BUILD_NAME: supervisor
+  BUILD_TYPE: supervisor
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  init:
+    name: Initialize build
+    runs-on: ubuntu-latest
+    outputs:
+      architectures: ${{ steps.info.outputs.architectures }}
+      version: ${{ steps.version.outputs.version }}
+      channel: ${{ steps.version.outputs.channel }}
+      publish: ${{ steps.version.outputs.publish }}
+      requirements: ${{ steps.requirements.outputs.changed }}
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Get information
+        id: info
+        uses: home-assistant/actions/helpers/info@master
+
+      - name: Get version
+        id: version
+        uses: home-assistant/actions/helpers/version@master
+        with:
+          type: ${{ env.BUILD_TYPE }}
+
+      - name: Get changed files
+        id: changed_files
+        if: steps.version.outputs.publish == 'false'
+        uses: masesgroup/retrieve-changed-files@v3.0.0
+
+      - name: Check if requirements files changed
+        id: requirements
+        run: |
+          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.yaml) ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+  build:
+    name: Build ${{ matrix.arch }} supervisor
+    needs: init
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    strategy:
+      matrix:
+        arch: ${{ fromJson(needs.init.outputs.architectures) }}
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Write env-file
+        if: needs.init.outputs.requirements == 'true'
+        run: |
+          (
+            # Fix out of memory issues with rust
+            echo "CARGO_NET_GIT_FETCH_WITH_CLI=true"
+          ) > .env_file
+
+      - name: Build wheels
+        if: needs.init.outputs.requirements == 'true'
+        uses: home-assistant/wheels@2024.11.0
+        with:
+          abi: cp312
+          tag: musllinux_1_2
+          arch: ${{ matrix.arch }}
+          wheels-key: ${{ secrets.WHEELS_KEY }}
+          apk: "libffi-dev;openssl-dev;yaml-dev"
+          skip-binary: aiohttp
+          env-file: true
+          requirements: "requirements.txt"
+
+      - name: Set version
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/version@master
+        with:
+          type: ${{ env.BUILD_TYPE }}
+
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        if: needs.init.outputs.publish == 'true'
+        uses: actions/setup-python@v5.4.0
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+
+      - name: Install Cosign
+        if: needs.init.outputs.publish == 'true'
+        uses: sigstore/cosign-installer@v3.8.0
+        with:
+          cosign-release: "v2.4.0"
+
+      - name: Install dirhash and calc hash
+        if: needs.init.outputs.publish == 'true'
+        run: |
+          pip3 install setuptools dirhash
+          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
+          echo "${dir_hash}" > rootfs/supervisor.sha256
+
+      - name: Sign supervisor SHA256
+        if: needs.init.outputs.publish == 'true'
+        run: |
+          cosign sign-blob --yes rootfs/supervisor.sha256 --bundle rootfs/supervisor.sha256.sig
+
+      - name: Login to GitHub Container Registry
+        if: needs.init.outputs.publish == 'true'
+        uses: docker/login-action@v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set build arguments
+        if: needs.init.outputs.publish == 'false'
+        run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
+
+      - name: Build supervisor
+        uses: home-assistant/builder@2024.08.2
+        with:
+          args: |
+            $BUILD_ARGS \
+            --${{ matrix.arch }} \
+            --target /data \
+            --cosign \
+            --generic ${{ needs.init.outputs.version }}
+        env:
+          CAS_API_KEY: ${{ secrets.CAS_TOKEN }}
+
+  version:
+    name: Update version
+    needs: ["init", "run_supervisor"]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        if: needs.init.outputs.publish == 'true'
+        uses: actions/checkout@v4.2.2
+
+      - name: Initialize git
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/git-init@master
+        with:
+          name: ${{ secrets.GIT_NAME }}
+          email: ${{ secrets.GIT_EMAIL }}
+          token: ${{ secrets.GIT_TOKEN }}
+
+      - name: Update version file
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/version-push@master
+        with:
+          key: ${{ env.BUILD_NAME }}
+          version: ${{ needs.init.outputs.version }}
+          channel: ${{ needs.init.outputs.channel }}
+
+  run_supervisor:
+    runs-on: ubuntu-latest
+    name: Run the Supervisor
+    needs: ["build", "init"]
+    timeout-minutes: 60
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4.2.2
+
+      - name: Build the Supervisor
+        if: needs.init.outputs.publish != 'true'
+        uses: home-assistant/builder@2024.08.2
+        with:
+          args: |
+            --test \
+            --amd64 \
+            --target /data \
+            --generic runner
+
+      - name: Pull Supervisor
+        if: needs.init.outputs.publish == 'true'
+        run: |
+          docker pull ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
+          docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} ghcr.io/home-assistant/amd64-hassio-supervisor:runner
+
+      - name: Create the Supervisor
+        run: |
+          mkdir -p /tmp/supervisor/data
+          docker create --name hassio_supervisor \
+            --privileged \
+            --security-opt seccomp=unconfined \
+            --security-opt apparmor=unconfined \
+            -v /run/docker.sock:/run/docker.sock \
+            -v /run/dbus:/run/dbus \
+            -v /tmp/supervisor/data:/data \
+            -v /etc/machine-id:/etc/machine-id:ro \
+            -e SUPERVISOR_SHARE="/tmp/supervisor/data" \
+            -e SUPERVISOR_NAME=hassio_supervisor \
+            -e SUPERVISOR_DEV=1 \
+            -e SUPERVISOR_MACHINE="qemux86-64" \
+          ghcr.io/home-assistant/amd64-hassio-supervisor:runner
+
+      - name: Start the Supervisor
+        run: docker start hassio_supervisor
+
+      - name: Wait for Supervisor to come up
+        run: |
+          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
+          ping="error"
+          while [ "$ping" != "ok" ]; do
+            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
+            sleep 5
+          done
+
+      - name: Check the Supervisor
+        run: |
+          echo "Checking supervisor info"
+          test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          echo "Checking supervisor network info"
+          test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Check the Store / Addon
+        run: |
+          echo "Install Core SSH Add-on"
+          test=$(docker exec hassio_cli ha addons install core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure it actually installed
+          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
+          if [[ "$test" == "null" ]]; then
+            exit 1
+          fi
+
+          echo "Start Core SSH Add-on"
+          test=$(docker exec hassio_cli ha addons start core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure its state is started
+          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
+          if [ "$test" != "started" ]; then
+            exit 1
+          fi
+
+      - name: Check the Supervisor code sign
+        if: needs.init.outputs.publish == 'true'
+        run: |
+          echo "Enable Content-Trust"
+          test=$(docker exec hassio_cli ha security options --content-trust=true --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          echo "Run supervisor health check"
+          test=$(docker exec hassio_cli ha resolution healthcheck --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          echo "Check supervisor unhealthy"
+          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unhealthy[]')
+          if [ "$test" != "" ]; then
+            exit 1
+          fi
+
+          echo "Check supervisor supported"
+          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unsupported[]')
+          if [[ "$test" =~ source_mods ]]; then
+            exit 1
+          fi
+
+      - name: Create full backup
+        id: backup
+        run: |
+          test=$(docker exec hassio_cli ha backups new --no-progress --raw-json)
+          if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
+            exit 1
+          fi
+          echo "slug=$(echo $test | jq -r '.data.slug')" >> "$GITHUB_OUTPUT"
+
+      - name: Uninstall SSH add-on
+        run: |
+          test=$(docker exec hassio_cli ha addons uninstall core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Restart supervisor
+        run: |
+          test=$(docker exec hassio_cli ha supervisor restart --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Wait for Supervisor to come up
+        run: |
+          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
+          ping="error"
+          while [ "$ping" != "ok" ]; do
+            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
+            sleep 5
+          done
+
+      - name: Restore SSH add-on from backup
+        run: |
+          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --addons core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure it actually installed
+          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
+          if [[ "$test" == "null" ]]; then
+            exit 1
+          fi
+
+          # Make sure its state is started
+          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
+          if [ "$test" != "started" ]; then
+            exit 1
+          fi
+
+      - name: Restore SSL directory from backup
+        run: |
+          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --folders ssl --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Get supervisor logs on failiure
+        if: ${{ cancelled() || failure() }}
+        run: docker logs hassio_supervisor

.github/workflows/check_pr_labels.yml

@@ -0,0 +1,19 @@
+name: Check PR
+
+on:
+  pull_request:
+    branches: ["main"]
+    types: [labeled, unlabeled, synchronize]
+
+jobs:
+  init:
+    name: Check labels
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check labels
+        run: |
+          labels=$(jq -r '.pull_request.labels[] | .name' ${{github.event_path }})
+          echo "$labels"
+          if [ "$labels" == "cla-signed" ]; then
+            exit 1
+          fi

.github/workflows/ci.yaml

@@ -0,0 +1,381 @@
+name: CI
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - main
+  pull_request: ~
+
+env:
+  DEFAULT_PYTHON: "3.13"
+  PRE_COMMIT_CACHE: ~/.cache/pre-commit
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  # Separate job to pre-populate the base dependency cache
+  # This prevent upcoming jobs to do the same individually
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      python-version: ${{ steps.python.outputs.python-version }}
+    name: Prepare Python dependencies
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python
+        id: python
+        uses: actions/setup-python@v5.4.0
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Create Python virtual environment
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          python -m venv venv
+          . venv/bin/activate
+          pip install -U pip setuptools
+          pip install -r requirements.txt -r requirements_tests.txt
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.0
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          lookup-only: true
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pre-commit-
+      - name: Install pre-commit dependencies
+        if: steps.cache-precommit.outputs.cache-hit != 'true'
+        run: |
+          . venv/bin/activate
+          pre-commit install-hooks
+
+  lint-ruff-format:
+    name: Check ruff-format
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.0
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run ruff-format
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual ruff-format --all-files --show-diff-on-failure
+        env:
+          RUFF_OUTPUT_FORMAT: github
+
+  lint-ruff:
+    name: Check ruff
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.0
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run ruff
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual ruff --all-files --show-diff-on-failure
+        env:
+          RUFF_OUTPUT_FORMAT: github
+
+  lint-dockerfile:
+    name: Check Dockerfile
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Register hadolint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/hadolint.json"
+      - name: Check Dockerfile
+        uses: docker://hadolint/hadolint:v1.18.0
+        with:
+          args: hadolint Dockerfile
+
+  lint-executable-shebangs:
+    name: Check executables
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.0
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Register check executables problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json"
+      - name: Run executables check
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
+
+  lint-json:
+    name: Check JSON
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.0
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Register check-json problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/check-json.json"
+      - name: Run check-json
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual check-json --all-files
+
+  lint-pylint:
+    name: Check pylint
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Install additional system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends libpulse0
+      - name: Register pylint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/pylint.json"
+      - name: Run pylint
+        run: |
+          . venv/bin/activate
+          pylint supervisor tests
+
+  pytest:
+    runs-on: ubuntu-latest
+    needs: prepare
+    name: Run tests Python ${{ needs.prepare.outputs.python-version }}
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.8.0
+        with:
+          cosign-release: "v2.4.0"
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Install additional system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus-daemon
+      - name: Register Python problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/python.json"
+      - name: Install Pytest Annotation plugin
+        run: |
+          . venv/bin/activate
+          # Ideally this should be part of our dependencies
+          # However this plugin is fairly new and doesn't run correctly
+          # on a non-GitHub environment.
+          pip install pytest-github-actions-annotate-failures
+      - name: Run pytest
+        run: |
+          . venv/bin/activate
+          pytest \
+            -qq \
+            --timeout=10 \
+            --durations=10 \
+            --cov supervisor \
+            -o console_output_style=count \
+            tests
+      - name: Upload coverage artifact
+        uses: actions/upload-artifact@v4.6.0
+        with:
+          name: coverage-${{ matrix.python-version }}
+          path: .coverage
+          include-hidden-files: true
+
+  coverage:
+    name: Process test coverage
+    runs-on: ubuntu-latest
+    needs: ["pytest", "prepare"]
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.4.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.0
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Download all coverage artifacts
+        uses: actions/download-artifact@v4.1.8
+      - name: Combine coverage results
+        run: |
+          . venv/bin/activate
+          coverage combine coverage*/.coverage*
+          coverage report
+          coverage xml
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5.3.1

.github/workflows/lock.yml

@@ -0,0 +1,20 @@
+name: Lock
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v5.0.1
+        with:
+          github-token: ${{ github.token }}
+          issue-inactive-days: "30"
+          exclude-issue-created-before: "2020-10-01T00:00:00Z"
+          issue-lock-reason: ""
+          pr-inactive-days: "1"
+          exclude-pr-created-before: "2020-11-01T00:00:00Z"
+          pr-lock-reason: ""

.github/workflows/matchers/check-executables-have-shebangs.json

@@ -0,0 +1,14 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "check-executables-have-shebangs",
+      "pattern": [
+        {
+          "regexp": "^(.+):\\s(.+)$",
+          "file": 1,
+          "message": 2
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/check-json.json

@@ -0,0 +1,16 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "check-json",
+      "pattern": [
+        {
+          "regexp": "^(.+):\\s(.+\\sline\\s(\\d+)\\scolumn\\s(\\d+).+)$",
+          "file": 1,
+          "message": 2,
+          "line": 3,
+          "column": 4
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/hadolint.json

@@ -0,0 +1,16 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "hadolint",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+)\\s+((DL\\d{4}).+)$",
+          "file": 1,
+          "line": 2,
+          "message": 3,
+          "code": 4
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/pylint.json

@@ -0,0 +1,32 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "pylint-error",
+      "severity": "error",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+):(\\d+):\\s(([EF]\\d{4}):\\s.+)$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    },
+    {
+      "owner": "pylint-warning",
+      "severity": "warning",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+):(\\d+):\\s(([CRW]\\d{4}):\\s.+)$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/python.json

@@ -0,0 +1,18 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "python",
+      "pattern": [
+        {
+          "regexp": "^\\s*File\\s\\\"(.*)\\\",\\sline\\s(\\d+),\\sin\\s(.*)$",
+          "file": 1,
+          "line": 2
+        },
+        {
+          "regexp": "^\\s*raise\\s(.*)\\(\\'(.*)\\'\\)$",
+          "message": 2
+        }
+      ]
+    }
+  ]
+}

.github/workflows/release-drafter.yml

@@ -0,0 +1,44 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    name: Release Drafter
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Find Next Version
+        id: version
+        run: |
+          declare -i newpost
+          latest=$(git describe --tags $(git rev-list --tags --max-count=1))
+          latestpre=$(echo "$latest" | awk '{split($0,a,"."); print a[1] "." a[2]}')
+          datepre=$(date --utc '+%Y.%m')
+
+
+          if [[ "$latestpre" == "$datepre" ]]; then
+              latestpost=$(echo "$latest" | awk '{split($0,a,"."); print a[3]}')
+              newpost=$latestpost+1
+          else
+              newpost=0
+          fi
+
+          echo Current version:    $latest
+          echo New target version: $datepre.$newpost
+          echo "version=$datepre.$newpost" >> "$GITHUB_OUTPUT"
+
+      - name: Run Release Drafter
+        uses: release-drafter/release-drafter@v6.1.0
+        with:
+          tag: ${{ steps.version.outputs.version }}
+          name: ${{ steps.version.outputs.version }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/sentry.yaml

@@ -0,0 +1,21 @@
+name: Sentry Release
+
+# yamllint disable-line rule:truthy
+on:
+  release:
+    types: [published, prereleased]
+
+jobs:
+  createSentryRelease:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Sentry Release
+        uses: getsentry/action-release@v1.10.4
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+        with:
+          environment: production

.github/workflows/stale.yml

@@ -0,0 +1,39 @@
+name: Stale
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: "0 * * * *"
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9.1.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 7
+          stale-issue-label: "stale"
+          exempt-issue-labels: "no-stale,Help%20wanted,help-wanted,pinned,rfc,security"
+          stale-issue-message: >
+            There hasn't been any activity on this issue recently. Due to the
+            high number of incoming GitHub notifications, we have to clean some
+            of the old issues, as many of them have already been resolved with
+            the latest updates.
+
+            Please make sure to update to the latest version and check if that
+            solves the issue. Let us know if that works for you by
+            adding a comment 👍
+
+            This issue has now been marked as stale and will be closed if no
+            further activity occurs. Thank you for your contributions.
+
+          stale-pr-label: "stale"
+          exempt-pr-labels: "no-stale,pinned,rfc,security"
+          stale-pr-message: >
+            There hasn't been any activity on this pull request recently. This
+            pull request has been automatically marked as stale because of that
+            and will be closed if no further activity occurs within 7 days.
+
+            Thank you for your contributions.

.github/workflows/update_frontend.yml

@@ -0,0 +1,74 @@
+name: Update frontend
+
+on:
+  schedule: # once a day
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  check-version:
+    runs-on: ubuntu-latest
+    outputs:
+      skip: ${{ steps.check_version.outputs.skip || steps.check_existing_pr.outputs.skip }}
+      latest_tag: ${{ steps.latest_frontend_version.outputs.latest_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Get latest frontend release
+        id: latest_frontend_version
+        uses: abatilo/release-info-action@v1.3.3
+        with:
+          owner: home-assistant
+          repo: frontend
+      - name: Check if version is up to date
+        id: check_version
+        run: |
+          SUPERVISOR_VERSION=$(cat .ha-frontend-version)
+          LATEST_VERSION=${{ steps.latest_frontend_version.outputs.latest_tag }}
+          echo "SUPERVISOR_VERSION=$SUPERVISOR_VERSION" >> $GITHUB_ENV
+          echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_ENV
+          if [[ ! "$SUPERVISOR_VERSION" < "$LATEST_VERSION" ]]; then
+            echo "Frontend version is up to date"
+            echo "skip=true" >> $GITHUB_OUTPUT
+          fi
+      - name: Check if there is no open PR with this version
+        if: steps.check_version.outputs.skip != 'true'
+        id: check_existing_pr
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR=$(gh pr list --state open --base main --json title --search "Autoupdate frontend to version $LATEST_VERSION")
+          if [[ "$PR" != "[]" ]]; then
+            echo "Skipping - There is already a PR open for version $LATEST_VERSION"
+            echo "skip=true" >> $GITHUB_OUTPUT
+          fi
+  create-pr:
+    runs-on: ubuntu-latest
+    needs: check-version
+    if: needs.check-version.outputs.skip != 'true'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Clear www folder
+        run: |
+          rm -rf supervisor/api/panel/*
+      - name: Update version file
+        run: |
+          echo "${{ needs.check-version.outputs.latest_tag }}" > .ha-frontend-version
+      - name: Download release assets
+        uses: robinraju/release-downloader@v1
+        with:
+          repository: 'home-assistant/frontend'
+          tag: ${{ needs.check-version.outputs.latest_tag }}
+          fileName: home_assistant_frontend_supervisor-${{ needs.check-version.outputs.latest_tag }}.tar.gz
+          extract: true
+          out-file-path: supervisor/api/panel/
+      - name: Create PR
+        uses: peter-evans/create-pull-request@v7
+        with:
+          commit-message: "Autoupdate frontend to version ${{ needs.check-version.outputs.latest_tag }}"
+          branch: autoupdate-frontend
+          base: main
+          draft: true
+          sign-commits: true
+          title: "Autoupdate frontend to version ${{ needs.check-version.outputs.latest_tag }}"

.gitignore

@@ -90,3 +90,13 @@ ENV/
 
 # pylint
 .pylint.d/
+
+# VS Code
+.vscode/*
+!.vscode/cSpell.json
+!.vscode/tasks.json
+!.vscode/launch.json
+
+# mypy
+/.mypy_cache/*
+/.dmypy.json

.ha-frontend-version

@@ -0,0 +1 @@
+20250205.0

.hadolint.yaml

@@ -0,0 +1,7 @@
+ignored:
+  - DL3003
+  - DL3006
+  - DL3013
+  - DL3018
+  - DL3042
+  - SC2155

.pre-commit-config.yaml

@@ -0,0 +1,15 @@
+repos:
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.9.1
+    hooks:
+      - id: ruff
+        args:
+          - --fix
+      - id: ruff-format
+        files: ^((supervisor|tests)/.+)?[^/]+\.py$
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-executables-have-shebangs
+        stages: [manual]
+      - id: check-json

.travis.yml

@@ -1,12 +0,0 @@
-sudo: false
-matrix:
-  fast_finish: true
-  include:
-    - python: "3.5"
-
-cache:
-  directories:
-    - $HOME/.cache/pip
-install: pip install -U tox
-language: python
-script: tox

.vcnignore

@@ -0,0 +1,21 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+*.egg-info/
+
+# General files
+.git
+.github
+.devcontainer
+.vscode
+.tox
+
+# Data
+home-assistant-polymer/
+script/
+tests/
+data/
+venv/

.vscode/launch.json

@@ -0,0 +1,25 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Supervisor remote debug",
+      "type": "python",
+      "request": "attach",
+      "port": 33333,
+      "host": "172.30.32.2",
+      "pathMappings": [
+        {
+          "localRoot": "${workspaceFolder}",
+          "remoteRoot": "/usr/src/supervisor"
+        }
+      ]
+    },
+    {
+      "name": "Debug Tests",
+      "type": "python",
+      "request": "test",
+      "console": "internalConsole",
+      "justMyCode": false
+    }
+  ]
+}

.vscode/tasks.json

@@ -0,0 +1,111 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Run Supervisor",
+      "type": "shell",
+      "command": "supervisor_run",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Run Supervisor CLI",
+      "type": "shell",
+      "command": "docker exec -ti hassio_cli /usr/bin/cli.sh",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Update Supervisor Panel",
+      "type": "shell",
+      "command": "LOKALISE_TOKEN='${input:localiseToken}' ./scripts/update-frontend.sh",
+      "group": {
+        "kind": "build",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Pytest",
+      "type": "shell",
+      "command": "pytest --timeout=10 tests",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Ruff Check",
+      "type": "shell",
+      "command": "ruff check --fix supervisor tests",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Ruff Format",
+      "type": "shell",
+      "command": "ruff format supervisor tests",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Pylint",
+      "type": "shell",
+      "command": "pylint supervisor",
+      "dependsOn": ["Install all Requirements"],
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    }
+  ],
+  "inputs": [
+    {
+      "id": "localiseToken",
+      "type": "promptString",
+      "description": "Paste your lokalise token to download frontend translations"
+    }
+  ]
+}

API.md

@@ -1,303 +0,0 @@
-# HassIO Server
-
-## HassIO REST API
-
-Interface for HomeAssistant to control things from supervisor.
-
-On error:
-```json
-{
-    "result": "error",
-    "message": ""
-}
-```
-
-On success
-```json
-{
-    "result": "ok",
-    "data": { }
-}
-```
-
-### HassIO
-
-- GET `/supervisor/ping`
-
-- GET `/supervisor/info`
-
-The addons from `addons` are only installed one.
-
-```json
-{
-    "version": "INSTALL_VERSION",
-    "last_version": "LAST_VERSION",
-    "arch": "armhf|aarch64|i386|amd64",
-    "beta_channel": "true|false",
-    "addons": [
-        {
-            "name": "xy bla",
-            "slug": "xy",
-            "description": "description",
-            "arch": ["armhf", "aarch64", "i386", "amd64"],
-            "repository": "12345678|null",
-            "version": "LAST_VERSION",
-            "installed": "INSTALL_VERSION",
-            "detached": "bool"
-        }
-    ],
-    "addons_repositories": [
-        "REPO_URL"
-    ]
-}
-```
-
-- GET `/supervisor/addons`
-
-Get all available addons
-
-```json
-{
-    "addons": [
-        {
-            "name": "xy bla",
-            "slug": "xy",
-            "description": "description",
-            "arch": ["armhf", "aarch64", "i386", "amd64"],
-            "repository": "core|local|REP_ID",
-            "version": "LAST_VERSION",
-            "installed": "none|INSTALL_VERSION",
-            "detached": "bool"
-        }
-    ],
-    "repositories": [
-        {
-            "slug": "12345678",
-            "name": "Repitory Name",
-            "source": "URL_OF_REPOSITORY",
-            "url": "null|WEBSITE",
-            "maintainer": "null|BLA BLU <fla@dld.ch>"
-        }
-    ]
-}
-```
-
-- POST `/supervisor/update`
-Optional:
-```json
-{
-    "version": "VERSION"
-}
-```
-
-- POST `/supervisor/options`
-```json
-{
-    "beta_channel": "true|false",
-    "addons_repositories": [
-        "REPO_URL"
-    ]
-}
-```
-
-- POST `/supervisor/reload`
-
-Reload addons/version.
-
-- GET `/supervisor/logs`
-
-Output the raw docker log
-
-### Security
-
-- GET `/security/info`
-```json
-{
-    "initialize": "bool",
-    "totp": "bool"
-}
-```
-
-- POST `/security/options`
-```json
-{
-    "password": "xy"
-}
-```
-
-- POST `/security/totp`
-```json
-{
-    "password": "xy"
-}
-```
-
-Return QR-Code
-
-- POST `/security/session`
-```json
-{
-    "password": "xy",
-    "totp": "null|123456"
-}
-```
-
-### Host
-
-- POST `/host/shutdown`
-
-- POST `/host/reboot`
-
-- GET `/host/info`
-See HostControl info command.
-```json
-{
-    "type": "",
-    "version": "",
-    "last_version": "",
-    "features": ["shutdown", "reboot", "update", "network_info", "network_control"],
-    "hostname": "",
-    "os": ""
-}
-```
-
-- POST `/host/update`
-Optional:
-```json
-{
-    "version": "VERSION"
-}
-```
-
-### Network
-
-- GET `/network/info`
-
-- POST `/network/options`
-```json
-{
-    "hostname": "",
-    "mode": "dhcp|fixed",
-    "ssid": "",
-    "ip": "",
-    "netmask": "",
-    "gateway": ""
-}
-```
-
-### HomeAssistant
-
-- GET `/homeassistant/info`
-
-```json
-{
-    "version": "INSTALL_VERSION",
-    "last_version": "LAST_VERSION"
-}
-```
-
-- POST `/homeassistant/update`
-Optional:
-```json
-{
-    "version": "VERSION"
-}
-```
-
-- GET `/homeassistant/logs`
-
-Output the raw docker log
-
-- POST `/homeassistant/restart`
-
-### REST API addons
-
-- GET `/addons/{addon}/info`
-```json
-{
-    "name": "xy bla",
-    "description": "description",
-    "url": "null|url of addon",
-    "detached": "bool",
-    "repository": "12345678|null",
-    "version": "VERSION",
-    "last_version": "LAST_VERSION",
-    "state": "started|stopped",
-    "boot": "auto|manual",
-    "options": {},
-}
-```
-
-- POST `/addons/{addon}/options`
-```json
-{
-    "boot": "auto|manual",
-    "options": {},
-}
-```
-
-- POST `/addons/{addon}/start`
-
-- POST `/addons/{addon}/stop`
-
-- POST `/addons/{addon}/install`
-Optional:
-```json
-{
-    "version": "VERSION"
-}
-```
-
-- POST `/addons/{addon}/uninstall`
-
-- POST `/addons/{addon}/update`
-Optional:
-```json
-{
-    "version": "VERSION"
-}
-```
-
-- GET `/addons/{addon}/logs`
-
-Output the raw docker log
-
-- POST `/addons/{addon}/restart`
-
-## Host Control
-
-Communicate over unix socket with a host daemon.
-
-- commands
-```
-# info
--> {'type', 'version', 'last_version', 'features', 'hostname'}
-# reboot
-# shutdown
-# host-update [v]
-
-# network info
-# network hostname xy
-# network wlan ssd xy
-# network wlan password xy
-# network int ip xy
-# network int netmask xy
-# network int route xy
-```
-
-features:
-- shutdown
-- reboot
-- update
-- network_info
-- network_control
-
-Answer:
-```
-{}|OK|ERROR|WRONG
-```
-
-- {}: json
-- OK: call was successfully
-- ERROR: error on call
-- WRONG: not supported

Dockerfile

@@ -0,0 +1,51 @@
+ARG BUILD_FROM
+FROM ${BUILD_FROM}
+
+ENV \
+    S6_SERVICES_GRACETIME=10000 \
+    SUPERVISOR_API=http://localhost \
+    CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 \
+    UV_SYSTEM_PYTHON=true
+
+ARG \
+    COSIGN_VERSION \
+    BUILD_ARCH
+
+# Install base
+WORKDIR /usr/src
+RUN \
+    set -x \
+    && apk add --no-cache \
+        findutils \
+        eudev \
+        eudev-libs \
+        git \
+        libffi \
+        libpulse \
+        musl \
+        openssl \
+        yaml \
+    \
+    && curl -Lso /usr/bin/cosign "https://github.com/home-assistant/cosign/releases/download/${COSIGN_VERSION}/cosign_${BUILD_ARCH}" \
+    && chmod a+x /usr/bin/cosign \
+    && pip3 install uv==0.2.21
+
+# Install requirements
+COPY requirements.txt .
+RUN \
+    if [ "${BUILD_ARCH}" = "i386" ]; then \
+        linux32 uv pip install --no-build -r requirements.txt; \
+    else \
+        uv pip install --no-build -r requirements.txt; \
+    fi \
+    && rm -f requirements.txt
+
+# Install Home Assistant Supervisor
+COPY . supervisor
+RUN \
+    pip3 install -e ./supervisor \
+    && python3 -m compileall ./supervisor/supervisor
+
+
+WORKDIR /
+COPY rootfs /

LICENSE

@@ -1,29 +1,201 @@
-BSD 3-Clause License
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
 
-Copyright (c) 2017, Pascal Vizeli
-All rights reserved.
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+   1. Definitions.
 
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
 
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
 
-* Neither the name of the copyright holder nor the names of its
-  contributors may be used to endorse or promote products derived from
-  this software without specific prior written permission.
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

MANIFEST.in

@@ -1,3 +1,3 @@
 include LICENSE.md
-graft hassio
+graft supervisor
 recursive-exclude * *.py[co]

README.md

@@ -1,26 +1,34 @@
-# HassIO
-### First private cloud solution for home automation.
+# Home Assistant Supervisor
 
-Hass.io is a Docker based system for managing your Home Assistant installation and related applications. The system is controlled via Home Assistant which communicates with the supervisor. The supervisor provides an API to manage the installation. This includes changing network settings or installing and updating software.
+## First private cloud solution for home automation
 
-![](misc/hassio.png?raw=true)
+Home Assistant (former Hass.io) is a container-based system for managing your
+Home Assistant Core installation and related applications. The system is
+controlled via Home Assistant which communicates with the Supervisor. The
+Supervisor provides an API to manage the installation. This includes changing
+network settings or installing and updating software.
 
-[HassIO-Addons](https://github.com/home-assistant/hassio-addons) | [HassIO-Build](https://github.com/home-assistant/hassio-build)
+## Installation
 
-**HassIO is under active development and is not ready yet for production use.**
+Installation instructions can be found at https://home-assistant.io/getting-started.
 
-## Installing Hass.io
+## Development
 
-Looks to our [website](https://home-assistant.io/hassio).
+For small changes and bugfixes you can just follow this, but for significant changes open a RFC first.
+Development instructions can be found [here][development].
 
-# HomeAssistant
+## Release
 
-## SSL
+Releases are done in 3 stages (channels) with this structure:
 
-All addons that create SSL certs follow the same file structure. If you use one, put follow lines in your `configuration.yaml`.
+1. Pull requests are merged to the `main` branch.
+2. A new build is pushed to the `dev` stage.
+3. Releases are published.
+4. A new build is pushed to the `beta` stage.
+5. The [`stable.json`][stable] file is updated.
+6. The build that was pushed to `beta` will now be pushed to `stable`.
 
-```yaml
-http:
-  ssl_certificate: /ssl/fullchain.pem
-  ssl_key: /ssl/privkey.pem
-```
+[development]: https://developers.home-assistant.io/docs/supervisor/development
+[stable]: https://github.com/home-assistant/version/blob/master/stable.json
+
+[![Home Assistant - A project from the Open Home Foundation](https://www.openhomefoundation.org/badges/home-assistant.png)](https://www.openhomefoundation.org/)

build.yaml

@@ -0,0 +1,24 @@
+image: ghcr.io/home-assistant/{arch}-hassio-supervisor
+build_from:
+  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.13-alpine3.21
+  armhf: ghcr.io/home-assistant/armhf-base-python:3.13-alpine3.21
+  armv7: ghcr.io/home-assistant/armv7-base-python:3.13-alpine3.21
+  amd64: ghcr.io/home-assistant/amd64-base-python:3.13-alpine3.21
+  i386: ghcr.io/home-assistant/i386-base-python:3.13-alpine3.21
+codenotary:
+  signer: notary@home-assistant.io
+  base_image: notary@home-assistant.io
+cosign:
+  base_identity: https://github.com/home-assistant/docker-base/.*
+  identity: https://github.com/home-assistant/supervisor/.*
+args:
+  COSIGN_VERSION: 2.4.0
+labels:
+  io.hass.type: supervisor
+  org.opencontainers.image.title: Home Assistant Supervisor
+  org.opencontainers.image.description: Container-based system for managing Home Assistant Core installation
+  org.opencontainers.image.source: https://github.com/home-assistant/supervisor
+  org.opencontainers.image.authors: The Home Assistant Authors
+  org.opencontainers.image.url: https://www.home-assistant.io/
+  org.opencontainers.image.documentation: https://www.home-assistant.io/docs/
+  org.opencontainers.image.licenses: Apache License 2.0

codecov.yaml

@@ -0,0 +1,11 @@
+codecov:
+  branch: dev
+coverage:
+  status:
+    project:
+      default:
+        target: 40
+        threshold: 0.09
+comment: false
+github_checks:
+    annotations: false

hassio/__init__.py

@@ -1 +0,0 @@
-"""Init file for HassIO."""

hassio/__main__.py

@@ -1,33 +0,0 @@
-"""Main file for HassIO."""
-import asyncio
-import logging
-import sys
-
-import hassio.bootstrap as bootstrap
-import hassio.core as core
-
-_LOGGER = logging.getLogger(__name__)
-
-
-# pylint: disable=invalid-name
-if __name__ == "__main__":
-    bootstrap.initialize_logging()
-
-    if not bootstrap.check_environment():
-        exit(1)
-
-    loop = asyncio.get_event_loop()
-    hassio = core.HassIO(loop)
-
-    _LOGGER.info("Run Hassio setup")
-    loop.run_until_complete(hassio.setup())
-
-    _LOGGER.info("Start Hassio task")
-    loop.call_soon_threadsafe(loop.create_task, hassio.start())
-    loop.call_soon_threadsafe(bootstrap.reg_signal, loop, hassio)
-
-    loop.run_forever()
-    loop.close()
-
-    _LOGGER.info("Close Hassio")
-    sys.exit(hassio.exit_code)

hassio/addons/__init__.py

@@ -1,218 +0,0 @@
-"""Init file for HassIO addons."""
-import asyncio
-import logging
-import shutil
-
-from .data import AddonsData
-from .git import AddonsRepoHassIO, AddonsRepoCustom
-from ..const import STATE_STOPPED, STATE_STARTED
-from ..dock.addon import DockerAddon
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class AddonManager(AddonsData):
-    """Manage addons inside HassIO."""
-
-    def __init__(self, config, loop, dock):
-        """Initialize docker base wrapper."""
-        super().__init__(config)
-
-        self.loop = loop
-        self.dock = dock
-        self.repositories = []
-        self.dockers = {}
-
-    async def prepare(self, arch):
-        """Startup addon management."""
-        self.arch = arch
-
-        # init hassio repository
-        self.repositories.append(AddonsRepoHassIO(self.config, self.loop))
-
-        # init custom repositories
-        for url in self.config.addons_repositories:
-            self.repositories.append(
-                AddonsRepoCustom(self.config, self.loop, url))
-
-        # load addon repository
-        tasks = [addon.load() for addon in self.repositories]
-        if tasks:
-            await asyncio.wait(tasks, loop=self.loop)
-
-            # read data from repositories
-            self.read_data_from_repositories()
-            self.merge_update_config()
-
-        # load installed addons
-        for addon in self.list_installed:
-            self.dockers[addon] = DockerAddon(
-                self.config, self.loop, self.dock, self, addon)
-            await self.dockers[addon].attach()
-
-    async def add_git_repository(self, url):
-        """Add a new custom repository."""
-        if url in self.config.addons_repositories:
-            _LOGGER.warning("Repository already exists %s", url)
-            return False
-
-        repo = AddonsRepoCustom(self.config, self.loop, url)
-
-        if not await repo.load():
-            _LOGGER.error("Can't load from repository %s", url)
-            return False
-
-        self.config.addons_repositories = url
-        self.repositories.append(repo)
-        return True
-
-    def drop_git_repository(self, url):
-        """Remove a custom repository."""
-        for repo in self.repositories:
-            if repo.url == url:
-                self.repositories.remove(repo)
-                self.config.drop_addon_repository(url)
-                repo.remove()
-                return True
-
-        return False
-
-    async def reload(self):
-        """Update addons from repo and reload list."""
-        tasks = [addon.pull() for addon in self.repositories]
-        if not tasks:
-            return
-
-        await asyncio.wait(tasks, loop=self.loop)
-
-        # read data from repositories
-        self.read_data_from_repositories()
-        self.merge_update_config()
-
-        # remove stalled addons
-        for addon in self.list_detached:
-            _LOGGER.warning("Dedicated addon '%s' found!", addon)
-
-    async def auto_boot(self, start_type):
-        """Boot addons with mode auto."""
-        boot_list = self.list_startup(start_type)
-        tasks = [self.start(addon) for addon in boot_list]
-
-        _LOGGER.info("Startup %s run %d addons", start_type, len(tasks))
-        if tasks:
-            await asyncio.wait(tasks, loop=self.loop)
-
-    async def install(self, addon, version=None):
-        """Install a addon."""
-        if not self.exists_addon(addon):
-            _LOGGER.error("Addon %s not exists for install", addon)
-            return False
-
-        if self.arch not in self.get_arch(addon):
-            _LOGGER.error("Addon %s not supported on %s", addon, self.arch)
-            return False
-
-        if self.is_installed(addon):
-            _LOGGER.error("Addon %s is already installed", addon)
-            return False
-
-        if not self.path_data(addon).is_dir():
-            _LOGGER.info("Create Home-Assistant addon data folder %s",
-                         self.path_data(addon))
-            self.path_data(addon).mkdir()
-
-        addon_docker = DockerAddon(
-            self.config, self.loop, self.dock, self, addon)
-
-        version = version or self.get_last_version(addon)
-        if not await addon_docker.install(version):
-            return False
-
-        self.dockers[addon] = addon_docker
-        self.set_addon_install(addon, version)
-        return True
-
-    async def uninstall(self, addon):
-        """Remove a addon."""
-        if not self.is_installed(addon):
-            _LOGGER.error("Addon %s is already uninstalled", addon)
-            return False
-
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return False
-
-        if not await self.dockers[addon].remove():
-            return False
-
-        if self.path_data(addon).is_dir():
-            _LOGGER.info("Remove Home-Assistant addon data folder %s",
-                         self.path_data(addon))
-            shutil.rmtree(str(self.path_data(addon)))
-
-        self.dockers.pop(addon)
-        self.set_addon_uninstall(addon)
-        return True
-
-    async def state(self, addon):
-        """Return running state of addon."""
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return
-
-        if await self.dockers[addon].is_running():
-            return STATE_STARTED
-        return STATE_STOPPED
-
-    async def start(self, addon):
-        """Set options and start addon."""
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return False
-
-        if not self.write_addon_options(addon):
-            _LOGGER.error("Can't write options for addon %s", addon)
-            return False
-
-        return await self.dockers[addon].run()
-
-    async def stop(self, addon):
-        """Stop addon."""
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return False
-
-        return await self.dockers[addon].stop()
-
-    async def update(self, addon, version=None):
-        """Update addon."""
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return False
-
-        version = version or self.get_last_version(addon)
-        is_running = self.dockers[addon].is_running()
-
-        # update
-        if await self.dockers[addon].update(version):
-            self.set_addon_update(addon, version)
-            if is_running:
-                await self.start(addon)
-            return True
-        return False
-
-    async def restart(self, addon):
-        """Restart addon."""
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return False
-
-        return await self.dockers[addon].restart()
-
-    async def logs(self, addon):
-        """Return addons log output."""
-        if addon not in self.dockers:
-            _LOGGER.error("No docker found for addon %s", addon)
-            return False
-
-        return await self.dockers[addon].logs()

hassio/addons/built-in.json

@@ -1,14 +0,0 @@
-{
-    "local": {
-        "slug": "local",
-        "name": "Local Add-Ons",
-        "url": "https://home-assistant.io/hassio",
-        "maintainer": "By our self"
-    },
-    "core": {
-        "slug": "core",
-        "name": "Built-in Add-Ons",
-        "url": "https://home-assistant.io/addons",
-        "maintainer": "Home Assistant authors"
-    }
-}

hassio/addons/data.py

@@ -1,384 +0,0 @@
-"""Init file for HassIO addons."""
-import copy
-import logging
-import json
-from pathlib import Path, PurePath
-
-import voluptuous as vol
-from voluptuous.humanize import humanize_error
-
-from .util import extract_hash_from_path
-from .validate import (
-    validate_options, SCHEMA_ADDON_CONFIG, SCHEMA_REPOSITORY_CONFIG)
-from ..const import (
-    FILE_HASSIO_ADDONS, ATTR_NAME, ATTR_VERSION, ATTR_SLUG, ATTR_DESCRIPTON,
-    ATTR_STARTUP, ATTR_BOOT, ATTR_MAP, ATTR_OPTIONS, ATTR_PORTS, BOOT_AUTO,
-    DOCKER_REPO, ATTR_SCHEMA, ATTR_IMAGE, MAP_CONFIG, MAP_SSL, MAP_ADDONS,
-    MAP_BACKUP, ATTR_REPOSITORY, ATTR_URL, ATTR_ARCH, ATTR_LOCATON)
-from ..config import Config
-from ..tools import read_json_file, write_json_file
-
-_LOGGER = logging.getLogger(__name__)
-
-SYSTEM = 'system'
-USER = 'user'
-
-REPOSITORY_CORE = 'core'
-REPOSITORY_LOCAL = 'local'
-
-
-class AddonsData(Config):
-    """Hold data for addons inside HassIO."""
-
-    def __init__(self, config):
-        """Initialize data holder."""
-        super().__init__(FILE_HASSIO_ADDONS)
-        self.config = config
-        self._system_data = self._data.get(SYSTEM, {})
-        self._user_data = self._data.get(USER, {})
-        self._addons_cache = {}
-        self._repositories_data = {}
-        self.arch = None
-
-    def save(self):
-        """Store data to config file."""
-        self._data = {
-            USER: self._user_data,
-            SYSTEM: self._system_data,
-        }
-        super().save()
-
-    def read_data_from_repositories(self):
-        """Read data from addons repository."""
-        self._addons_cache = {}
-        self._repositories_data = {}
-
-        # read core repository
-        self._read_addons_folder(
-            self.config.path_addons_core, REPOSITORY_CORE)
-
-        # read local repository
-        self._read_addons_folder(
-            self.config.path_addons_local, REPOSITORY_LOCAL)
-
-        # add built-in repositories information
-        self._set_builtin_repositories()
-
-        # read custom git repositories
-        for repository_element in self.config.path_addons_git.iterdir():
-            if repository_element.is_dir():
-                self._read_git_repository(repository_element)
-
-    def _read_git_repository(self, path):
-        """Process a custom repository folder."""
-        slug = extract_hash_from_path(path)
-        repository_info = {ATTR_SLUG: slug}
-
-        # exists repository json
-        repository_file = Path(path, "repository.json")
-        try:
-            repository_info.update(SCHEMA_REPOSITORY_CONFIG(
-                read_json_file(repository_file)
-            ))
-
-        except OSError:
-            _LOGGER.warning("Can't read repository information from %s",
-                            repository_file)
-            return
-
-        except vol.Invalid:
-            _LOGGER.warning("Repository parse error %s", repository_file)
-            return
-
-        # process data
-        self._repositories_data[slug] = repository_info
-        self._read_addons_folder(path, slug)
-
-    def _read_addons_folder(self, path, repository):
-        """Read data from addons folder."""
-        for addon in path.glob("**/config.json"):
-            try:
-                addon_config = read_json_file(addon)
-
-                # validate
-                addon_config = SCHEMA_ADDON_CONFIG(addon_config)
-
-                # Generate slug
-                addon_slug = "{}_{}".format(
-                    repository, addon_config[ATTR_SLUG])
-
-                # store
-                addon_config[ATTR_REPOSITORY] = repository
-                addon_config[ATTR_LOCATON] = str(addon.parent)
-                self._addons_cache[addon_slug] = addon_config
-
-            except OSError:
-                _LOGGER.warning("Can't read %s", addon)
-
-            except vol.Invalid as ex:
-                _LOGGER.warning("Can't read %s -> %s", addon,
-                                humanize_error(addon_config, ex))
-
-    def _set_builtin_repositories(self):
-        """Add local built-in repository into dataset."""
-        try:
-            builtin_file = Path(__file__).parent.joinpath('built-in.json')
-            builtin_data = read_json_file(builtin_file)
-        except (OSError, json.JSONDecodeError) as err:
-            _LOGGER.warning("Can't read built-in.json -> %s", err)
-            return
-
-        # if core addons are available
-        for data in self._addons_cache.values():
-            if data[ATTR_REPOSITORY] == REPOSITORY_CORE:
-                self._repositories_data[REPOSITORY_CORE] = \
-                    builtin_data[REPOSITORY_CORE]
-                break
-
-        # if local addons are available
-        for data in self._addons_cache.values():
-            if data[ATTR_REPOSITORY] == REPOSITORY_LOCAL:
-                self._repositories_data[REPOSITORY_LOCAL] = \
-                    builtin_data[REPOSITORY_LOCAL]
-                break
-
-    def merge_update_config(self):
-        """Update local config if they have update.
-
-        It need to be the same version as the local version is.
-        """
-        have_change = False
-
-        for addon, data in self._system_data.items():
-            # detached
-            if addon not in self._addons_cache:
-                continue
-
-            cache = self._addons_cache[addon]
-            if data[ATTR_VERSION] == cache[ATTR_VERSION]:
-                if data != cache:
-                    self._system_data[addon] = copy.deepcopy(cache)
-                    have_change = True
-
-        if have_change:
-            self.save()
-
-    @property
-    def list_installed(self):
-        """Return a list of installed addons."""
-        return set(self._system_data.keys())
-
-    @property
-    def data_all(self):
-        """Return a dict of all addons."""
-        return {
-            **self._system_data,
-            **self._addons_cache
-        }
-
-    @property
-    def data_installed(self):
-        """Return a dict of installed addons."""
-        return self._system_data.copy()
-
-    def list_startup(self, start_type):
-        """Get list of installed addon with need start by type."""
-        addon_list = set()
-        for addon in self._system_data.keys():
-            if self.get_boot(addon) != BOOT_AUTO:
-                continue
-
-            try:
-                if self._system_data[addon][ATTR_STARTUP] == start_type:
-                    addon_list.add(addon)
-            except KeyError:
-                _LOGGER.warning("Orphaned addon detect %s", addon)
-                continue
-
-        return addon_list
-
-    @property
-    def list_detached(self):
-        """Return local addons they not support from repo."""
-        addon_list = set()
-        for addon in self._system_data.keys():
-            if addon not in self._addons_cache:
-                addon_list.add(addon)
-
-        return addon_list
-
-    @property
-    def list_repositories(self):
-        """Return list of addon repositories."""
-        return list(self._repositories_data.values())
-
-    def exists_addon(self, addon):
-        """Return True if a addon exists."""
-        return addon in self._addons_cache or addon in self._system_data
-
-    def is_installed(self, addon):
-        """Return True if a addon is installed."""
-        return addon in self._system_data
-
-    def version_installed(self, addon):
-        """Return installed version."""
-        return self._user_data.get(addon, {}).get(ATTR_VERSION)
-
-    def set_addon_install(self, addon, version):
-        """Set addon as installed."""
-        self._system_data[addon] = copy.deepcopy(self._addons_cache[addon])
-        self._user_data[addon] = {
-            ATTR_OPTIONS: {},
-            ATTR_VERSION: version,
-        }
-        self.save()
-
-    def set_addon_uninstall(self, addon):
-        """Set addon as uninstalled."""
-        self._system_data.pop(addon, None)
-        self._user_data.pop(addon, None)
-        self.save()
-
-    def set_addon_update(self, addon, version):
-        """Update version of addon."""
-        self._system_data[addon] = copy.deepcopy(self._addons_cache[addon])
-        self._user_data[addon][ATTR_VERSION] = version
-        self.save()
-
-    def set_options(self, addon, options):
-        """Store user addon options."""
-        self._user_data[addon][ATTR_OPTIONS] = copy.deepcopy(options)
-        self.save()
-
-    def set_boot(self, addon, boot):
-        """Store user boot options."""
-        self._user_data[addon][ATTR_BOOT] = boot
-        self.save()
-
-    def get_options(self, addon):
-        """Return options with local changes."""
-        return {
-            **self._system_data[addon][ATTR_OPTIONS],
-            **self._user_data[addon][ATTR_OPTIONS],
-        }
-
-    def get_boot(self, addon):
-        """Return boot config with prio local settings."""
-        if ATTR_BOOT in self._user_data[addon]:
-            return self._user_data[addon][ATTR_BOOT]
-
-        return self._system_data[addon][ATTR_BOOT]
-
-    def get_name(self, addon):
-        """Return name of addon."""
-        return self._system_data[addon][ATTR_NAME]
-
-    def get_description(self, addon):
-        """Return description of addon."""
-        return self._system_data[addon][ATTR_DESCRIPTON]
-
-    def get_repository(self, addon):
-        """Return repository of addon."""
-        return self._system_data[addon][ATTR_REPOSITORY]
-
-    def get_last_version(self, addon):
-        """Return version of addon."""
-        if addon not in self._addons_cache:
-            return self.version_installed(addon)
-        return self._addons_cache[addon][ATTR_VERSION]
-
-    def get_ports(self, addon):
-        """Return ports of addon."""
-        return self._system_data[addon].get(ATTR_PORTS)
-
-    def get_url(self, addon):
-        """Return url of addon."""
-        return self._system_data[addon].get(ATTR_URL)
-
-    def get_arch(self, addon):
-        """Return list of supported arch."""
-        if addon not in self._addons_cache:
-            return self._system_data[addon][ATTR_ARCH]
-        return self._addons_cache[addon][ATTR_ARCH]
-
-    def get_image(self, addon):
-        """Return image name of addon."""
-        addon_data = self._system_data.get(
-            addon, self._addons_cache.get(addon)
-        )
-
-        # core repository
-        if addon_data[ATTR_REPOSITORY] == REPOSITORY_CORE:
-            return "{}/{}-addon-{}".format(
-                DOCKER_REPO, self.arch, addon_data[ATTR_SLUG])
-
-        # Repository with dockerhub images
-        if ATTR_IMAGE in addon_data:
-            return addon_data[ATTR_IMAGE].format(arch=self.arch)
-
-        # Local build addon
-        if addon_data[ATTR_REPOSITORY] == REPOSITORY_LOCAL:
-            return "local/{}-addon-{}".format(self.arch, addon_data[ATTR_SLUG])
-
-        _LOGGER.error("No image for %s", addon)
-
-    def need_build(self, addon):
-        """Return True if this addon need a local build."""
-        addon_data = self._system_data.get(
-            addon, self._addons_cache.get(addon)
-        )
-        return addon_data[ATTR_REPOSITORY] == REPOSITORY_LOCAL \
-            and not addon_data.get(ATTR_IMAGE)
-
-    def map_config(self, addon):
-        """Return True if config map is needed."""
-        return MAP_CONFIG in self._system_data[addon][ATTR_MAP]
-
-    def map_ssl(self, addon):
-        """Return True if ssl map is needed."""
-        return MAP_SSL in self._system_data[addon][ATTR_MAP]
-
-    def map_addons(self, addon):
-        """Return True if addons map is needed."""
-        return MAP_ADDONS in self._system_data[addon][ATTR_MAP]
-
-    def map_backup(self, addon):
-        """Return True if backup map is needed."""
-        return MAP_BACKUP in self._system_data[addon][ATTR_MAP]
-
-    def path_data(self, addon):
-        """Return addon data path inside supervisor."""
-        return Path(self.config.path_addons_data, addon)
-
-    def path_extern_data(self, addon):
-        """Return addon data path external for docker."""
-        return PurePath(self.config.path_extern_addons_data, addon)
-
-    def path_addon_options(self, addon):
-        """Return path to addons options."""
-        return Path(self.path_data(addon), "options.json")
-
-    def path_addon_location(self, addon):
-        """Return path to this addon."""
-        return Path(self._addons_cache[addon][ATTR_LOCATON])
-
-    def write_addon_options(self, addon):
-        """Return True if addon options is written to data."""
-        schema = self.get_schema(addon)
-        options = self.get_options(addon)
-
-        try:
-            schema(options)
-            return write_json_file(self.path_addon_options(addon), options)
-        except vol.Invalid as ex:
-            _LOGGER.error("Addon %s have wrong options -> %s", addon,
-                          humanize_error(options, ex))
-
-        return False
-
-    def get_schema(self, addon):
-        """Create a schema for addon options."""
-        raw_schema = self._system_data[addon][ATTR_SCHEMA]
-
-        schema = vol.Schema(vol.All(dict, validate_options(raw_schema)))
-        return schema

hassio/addons/git.py

@@ -1,107 +0,0 @@
-"""Init file for HassIO addons git."""
-import asyncio
-import logging
-from pathlib import Path
-import shutil
-
-import git
-
-from .util import get_hash_from_repository
-from ..const import URL_HASSIO_ADDONS
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class AddonsRepo(object):
-    """Manage addons git repo."""
-
-    def __init__(self, config, loop, path, url):
-        """Initialize git base wrapper."""
-        self.config = config
-        self.loop = loop
-        self.repo = None
-        self.path = path
-        self.url = url
-        self._lock = asyncio.Lock(loop=loop)
-
-    async def load(self):
-        """Init git addon repo."""
-        if not self.path.is_dir():
-            return await self.clone()
-
-        async with self._lock:
-            try:
-                _LOGGER.info("Load addon %s repository", self.path)
-                self.repo = await self.loop.run_in_executor(
-                    None, git.Repo, str(self.path))
-
-            except (git.InvalidGitRepositoryError, git.NoSuchPathError,
-                    git.GitCommandError) as err:
-                _LOGGER.error("Can't load %s repo: %s.", self.path, err)
-                return False
-
-            return True
-
-    async def clone(self):
-        """Clone git addon repo."""
-        async with self._lock:
-            try:
-                _LOGGER.info("Clone addon %s repository", self.url)
-                self.repo = await self.loop.run_in_executor(
-                    None, git.Repo.clone_from, self.url, str(self.path))
-
-            except (git.InvalidGitRepositoryError, git.NoSuchPathError,
-                    git.GitCommandError) as err:
-                _LOGGER.error("Can't clone %s repo: %s.", self.url, err)
-                return False
-
-            return True
-
-    async def pull(self):
-        """Pull git addon repo."""
-        if self._lock.locked():
-            _LOGGER.warning("It is already a task in progress.")
-            return False
-
-        async with self._lock:
-            try:
-                _LOGGER.info("Pull addon %s repository", self.url)
-                await self.loop.run_in_executor(
-                    None, self.repo.remotes.origin.pull)
-
-            except (git.InvalidGitRepositoryError, git.NoSuchPathError,
-                    git.exc.GitCommandError) as err:
-                _LOGGER.error("Can't pull %s repo: %s.", self.url, err)
-                return False
-
-            return True
-
-
-class AddonsRepoHassIO(AddonsRepo):
-    """HassIO addons repository."""
-
-    def __init__(self, config, loop):
-        """Initialize git hassio addon repository."""
-        super().__init__(
-            config, loop, config.path_addons_core, URL_HASSIO_ADDONS)
-
-
-class AddonsRepoCustom(AddonsRepo):
-    """Custom addons repository."""
-
-    def __init__(self, config, loop, url):
-        """Initialize git hassio addon repository."""
-        path = Path(config.path_addons_git, get_hash_from_repository(url))
-
-        super().__init__(config, loop, path, url)
-
-    def remove(self):
-        """Remove a custom addon."""
-        if self.path.is_dir():
-            _LOGGER.info("Remove custom addon repository %s", self.url)
-
-            def log_err(funct, path, _):
-                """Log error."""
-                _LOGGER.warning("Can't remove %s", path)
-
-            shutil.rmtree(str(self.path), onerror=log_err)

hassio/addons/util.py

@@ -1,26 +0,0 @@
-"""Util addons functions."""
-import hashlib
-import re
-
-RE_SLUGIFY = re.compile(r'[^a-z0-9_]+')
-RE_SHA1 = re.compile(r"[a-f0-9]{8}")
-
-
-def get_hash_from_repository(name):
-    """Generate a hash from repository."""
-    key = name.lower().encode()
-    return hashlib.sha1(key).hexdigest()[:8]
-
-
-def extract_hash_from_path(path):
-    """Extract repo id from path."""
-    repo_dir = path.parts[-1]
-
-    if not RE_SHA1.match(repo_dir):
-        return get_hash_from_repository(repo_dir)
-    return repo_dir
-
-
-def create_hash_index_list(name_list):
-    """Create a dict with hash from repositories list."""
-    return {get_hash_from_repository(repo): repo for repo in name_list}

hassio/addons/validate.py

@@ -1,132 +0,0 @@
-"""Validate addons options schema."""
-import voluptuous as vol
-
-from ..const import (
-    ATTR_NAME, ATTR_VERSION, ATTR_SLUG, ATTR_DESCRIPTON, ATTR_STARTUP,
-    ATTR_BOOT, ATTR_MAP, ATTR_OPTIONS, ATTR_PORTS, STARTUP_ONCE, STARTUP_AFTER,
-    STARTUP_BEFORE, BOOT_AUTO, BOOT_MANUAL, ATTR_SCHEMA, ATTR_IMAGE, MAP_SSL,
-    MAP_CONFIG, MAP_ADDONS, MAP_BACKUP, ATTR_URL, ATTR_MAINTAINER, ATTR_ARCH,
-    ARCH_ARMHF, ARCH_AARCH64, ARCH_AMD64, ARCH_I386)
-
-V_STR = 'str'
-V_INT = 'int'
-V_FLOAT = 'float'
-V_BOOL = 'bool'
-V_EMAIL = 'email'
-V_URL = 'url'
-
-ADDON_ELEMENT = vol.In([V_STR, V_INT, V_FLOAT, V_BOOL, V_EMAIL, V_URL])
-
-ARCH_ALL = [
-    ARCH_ARMHF, ARCH_AARCH64, ARCH_AMD64, ARCH_I386
-]
-
-# pylint: disable=no-value-for-parameter
-SCHEMA_ADDON_CONFIG = vol.Schema({
-    vol.Required(ATTR_NAME): vol.Coerce(str),
-    vol.Required(ATTR_VERSION): vol.Coerce(str),
-    vol.Required(ATTR_SLUG): vol.Coerce(str),
-    vol.Required(ATTR_DESCRIPTON): vol.Coerce(str),
-    vol.Optional(ATTR_URL): vol.Url(),
-    vol.Optional(ATTR_ARCH, default=ARCH_ALL): [vol.In(ARCH_ALL)],
-    vol.Required(ATTR_STARTUP):
-        vol.In([STARTUP_BEFORE, STARTUP_AFTER, STARTUP_ONCE]),
-    vol.Required(ATTR_BOOT):
-        vol.In([BOOT_AUTO, BOOT_MANUAL]),
-    vol.Optional(ATTR_PORTS): dict,
-    vol.Optional(ATTR_MAP, default=[]): [
-        vol.In([MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP])
-    ],
-    vol.Required(ATTR_OPTIONS): dict,
-    vol.Required(ATTR_SCHEMA): {
-        vol.Coerce(str): vol.Any(ADDON_ELEMENT, [
-            vol.Any(ADDON_ELEMENT, {vol.Coerce(str): ADDON_ELEMENT})
-        ])
-    },
-    vol.Optional(ATTR_IMAGE): vol.Match(r"\w*/\w*"),
-}, extra=vol.ALLOW_EXTRA)
-
-
-# pylint: disable=no-value-for-parameter
-SCHEMA_REPOSITORY_CONFIG = vol.Schema({
-    vol.Required(ATTR_NAME): vol.Coerce(str),
-    vol.Optional(ATTR_URL): vol.Url(),
-    vol.Optional(ATTR_MAINTAINER): vol.Coerce(str),
-}, extra=vol.ALLOW_EXTRA)
-
-
-def validate_options(raw_schema):
-    """Validate schema."""
-    def validate(struct):
-        """Create schema validator for addons options."""
-        options = {}
-
-        # read options
-        for key, value in struct.items():
-            if key not in raw_schema:
-                raise vol.Invalid("Unknown options {}.".format(key))
-
-            typ = raw_schema[key]
-            try:
-                if isinstance(typ, list):
-                    # nested value
-                    options[key] = _nested_validate(typ[0], value)
-                else:
-                    # normal value
-                    options[key] = _single_validate(typ, value)
-            except (IndexError, KeyError):
-                raise vol.Invalid(
-                    "Type error for {}.".format(key)) from None
-
-        return options
-
-    return validate
-
-
-# pylint: disable=no-value-for-parameter
-def _single_validate(typ, value):
-    """Validate a single element."""
-    try:
-        # if required argument
-        if value is None:
-            raise vol.Invalid("A required argument is not set!")
-
-        if typ == V_STR:
-            return str(value)
-        elif typ == V_INT:
-            return int(value)
-        elif typ == V_FLOAT:
-            return float(value)
-        elif typ == V_BOOL:
-            return vol.Boolean()(value)
-        elif typ == V_EMAIL:
-            return vol.Email()(value)
-        elif typ == V_URL:
-            return vol.Url()(value)
-
-        raise vol.Invalid("Fatal error for {}.".format(value))
-    except ValueError:
-        raise vol.Invalid(
-            "Type {} error for {}.".format(typ, value)) from None
-
-
-def _nested_validate(typ, data_list):
-    """Validate nested items."""
-    options = []
-
-    for element in data_list:
-        # dict list
-        if isinstance(typ, dict):
-            c_options = {}
-            for c_key, c_value in element.items():
-                if c_key not in typ:
-                    raise vol.Invalid(
-                        "Unknown nested options {}.".format(c_key))
-
-                c_options[c_key] = _single_validate(typ[c_key], c_value)
-            options.append(c_options)
-        # normal list
-        else:
-            options.append(_single_validate(typ, element))
-
-    return options

hassio/api/__init__.py

@@ -1,119 +0,0 @@
-"""Init file for HassIO rest api."""
-import logging
-
-from aiohttp import web
-
-from .addons import APIAddons
-from .homeassistant import APIHomeAssistant
-from .host import APIHost
-from .network import APINetwork
-from .supervisor import APISupervisor
-from .security import APISecurity
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class RestAPI(object):
-    """Handle rest api for hassio."""
-
-    def __init__(self, config, loop):
-        """Initialize docker base wrapper."""
-        self.config = config
-        self.loop = loop
-        self.webapp = web.Application(loop=self.loop)
-
-        # service stuff
-        self._handler = None
-        self.server = None
-
-    def register_host(self, host_control):
-        """Register hostcontrol function."""
-        api_host = APIHost(self.config, self.loop, host_control)
-
-        self.webapp.router.add_get('/host/info', api_host.info)
-        self.webapp.router.add_post('/host/reboot', api_host.reboot)
-        self.webapp.router.add_post('/host/shutdown', api_host.shutdown)
-        self.webapp.router.add_post('/host/update', api_host.update)
-
-    def register_network(self, host_control):
-        """Register network function."""
-        api_net = APINetwork(self.config, self.loop, host_control)
-
-        self.webapp.router.add_get('/network/info', api_net.info)
-        self.webapp.router.add_post('/network/options', api_net.options)
-
-    def register_supervisor(self, supervisor, addons, host_control):
-        """Register supervisor function."""
-        api_supervisor = APISupervisor(
-            self.config, self.loop, supervisor, addons, host_control)
-
-        self.webapp.router.add_get('/supervisor/ping', api_supervisor.ping)
-        self.webapp.router.add_get('/supervisor/info', api_supervisor.info)
-        self.webapp.router.add_get(
-            '/supervisor/addons', api_supervisor.available_addons)
-        self.webapp.router.add_post(
-            '/supervisor/update', api_supervisor.update)
-        self.webapp.router.add_post(
-            '/supervisor/reload', api_supervisor.reload)
-        self.webapp.router.add_post(
-            '/supervisor/options', api_supervisor.options)
-        self.webapp.router.add_get('/supervisor/logs', api_supervisor.logs)
-
-    def register_homeassistant(self, dock_homeassistant):
-        """Register homeassistant function."""
-        api_hass = APIHomeAssistant(self.config, self.loop, dock_homeassistant)
-
-        self.webapp.router.add_get('/homeassistant/info', api_hass.info)
-        self.webapp.router.add_post('/homeassistant/update', api_hass.update)
-        self.webapp.router.add_post('/homeassistant/restart', api_hass.restart)
-        self.webapp.router.add_get('/homeassistant/logs', api_hass.logs)
-
-    def register_addons(self, addons):
-        """Register homeassistant function."""
-        api_addons = APIAddons(self.config, self.loop, addons)
-
-        self.webapp.router.add_get('/addons/{addon}/info', api_addons.info)
-        self.webapp.router.add_post(
-            '/addons/{addon}/install', api_addons.install)
-        self.webapp.router.add_post(
-            '/addons/{addon}/uninstall', api_addons.uninstall)
-        self.webapp.router.add_post('/addons/{addon}/start', api_addons.start)
-        self.webapp.router.add_post('/addons/{addon}/stop', api_addons.stop)
-        self.webapp.router.add_post(
-            '/addons/{addon}/restart', api_addons.restart)
-        self.webapp.router.add_post(
-            '/addons/{addon}/update', api_addons.update)
-        self.webapp.router.add_post(
-            '/addons/{addon}/options', api_addons.options)
-        self.webapp.router.add_get('/addons/{addon}/logs', api_addons.logs)
-
-    def register_security(self):
-        """Register security function."""
-        api_security = APISecurity(self.config, self.loop)
-
-        self.webapp.router.add_get('/security/info', api_security.info)
-        self.webapp.router.add_post('/security/options', api_security.options)
-        self.webapp.router.add_post('/security/totp', api_security.totp)
-        self.webapp.router.add_post('/security/session', api_security.session)
-
-    async def start(self):
-        """Run rest api webserver."""
-        self._handler = self.webapp.make_handler(loop=self.loop)
-
-        try:
-            self.server = await self.loop.create_server(
-                self._handler, "0.0.0.0", "80")
-        except OSError as err:
-            _LOGGER.fatal(
-                "Failed to create HTTP server at 0.0.0.0:80 -> %s", err)
-
-    async def stop(self):
-        """Stop rest api webserver."""
-        if self.server:
-            self.server.close()
-            await self.server.wait_closed()
-        await self.webapp.shutdown()
-
-        if self._handler:
-            await self._handler.finish_connections(60)
-        await self.webapp.cleanup()

hassio/api/addons.py

@@ -1,161 +0,0 @@
-"""Init file for HassIO homeassistant rest api."""
-import asyncio
-import logging
-
-import voluptuous as vol
-from voluptuous.humanize import humanize_error
-
-from .util import api_process, api_process_raw, api_validate
-from ..const import (
-    ATTR_VERSION, ATTR_LAST_VERSION, ATTR_STATE, ATTR_BOOT, ATTR_OPTIONS,
-    ATTR_URL, ATTR_DESCRIPTON, ATTR_DETACHED, ATTR_NAME, ATTR_REPOSITORY,
-    STATE_STOPPED, STATE_STARTED, BOOT_AUTO, BOOT_MANUAL)
-
-_LOGGER = logging.getLogger(__name__)
-
-SCHEMA_VERSION = vol.Schema({
-    vol.Optional(ATTR_VERSION): vol.Coerce(str),
-})
-
-SCHEMA_OPTIONS = vol.Schema({
-    vol.Optional(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL])
-})
-
-
-class APIAddons(object):
-    """Handle rest api for addons functions."""
-
-    def __init__(self, config, loop, addons):
-        """Initialize homeassistant rest api part."""
-        self.config = config
-        self.loop = loop
-        self.addons = addons
-
-    def _extract_addon(self, request, check_installed=True):
-        """Return addon and if not exists trow a exception."""
-        addon = request.match_info.get('addon')
-
-        # check data
-        if not self.addons.exists_addon(addon):
-            raise RuntimeError("Addon not exists")
-        if check_installed and not self.addons.is_installed(addon):
-            raise RuntimeError("Addon is not installed")
-
-        return addon
-
-    @api_process
-    async def info(self, request):
-        """Return addon information."""
-        addon = self._extract_addon(request)
-
-        return {
-            ATTR_NAME: self.addons.get_name(addon),
-            ATTR_DESCRIPTON: self.addons.get_description(addon),
-            ATTR_VERSION: self.addons.version_installed(addon),
-            ATTR_REPOSITORY: self.addons.get_repository(addon),
-            ATTR_LAST_VERSION: self.addons.get_last_version(addon),
-            ATTR_STATE: await self.addons.state(addon),
-            ATTR_BOOT: self.addons.get_boot(addon),
-            ATTR_OPTIONS: self.addons.get_options(addon),
-            ATTR_URL: self.addons.get_url(addon),
-            ATTR_DETACHED: addon in self.addons.list_detached,
-        }
-
-    @api_process
-    async def options(self, request):
-        """Store user options for addon."""
-        addon = self._extract_addon(request)
-        options_schema = self.addons.get_schema(addon)
-
-        addon_schema = SCHEMA_OPTIONS.extend({
-            vol.Optional(ATTR_OPTIONS): options_schema,
-        })
-
-        body = await api_validate(addon_schema, request)
-
-        if ATTR_OPTIONS in body:
-            self.addons.set_options(addon, body[ATTR_OPTIONS])
-        if ATTR_BOOT in body:
-            self.addons.set_boot(addon, body[ATTR_BOOT])
-
-        return True
-
-    @api_process
-    async def install(self, request):
-        """Install addon."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        addon = self._extract_addon(request, check_installed=False)
-        version = body.get(
-            ATTR_VERSION, self.addons.get_last_version(addon))
-
-        # check if arch supported
-        if self.addons.arch not in self.addons.get_arch(addon):
-            raise RuntimeError(
-                "Addon is not supported on {}".format(self.addons.arch))
-
-        return await asyncio.shield(
-            self.addons.install(addon, version), loop=self.loop)
-
-    @api_process
-    async def uninstall(self, request):
-        """Uninstall addon."""
-        addon = self._extract_addon(request)
-
-        return await asyncio.shield(
-            self.addons.uninstall(addon), loop=self.loop)
-
-    @api_process
-    async def start(self, request):
-        """Start addon."""
-        addon = self._extract_addon(request)
-
-        if await self.addons.state(addon) == STATE_STARTED:
-            raise RuntimeError("Addon is already running")
-
-        # validate options
-        try:
-            schema = self.addons.get_schema(addon)
-            options = self.addons.get_options(addon)
-            schema(options)
-        except vol.Invalid as ex:
-            raise RuntimeError(humanize_error(options, ex)) from None
-
-        return await asyncio.shield(
-            self.addons.start(addon), loop=self.loop)
-
-    @api_process
-    async def stop(self, request):
-        """Stop addon."""
-        addon = self._extract_addon(request)
-
-        if await self.addons.state(addon) == STATE_STOPPED:
-            raise RuntimeError("Addon is already stoped")
-
-        return await asyncio.shield(
-            self.addons.stop(addon), loop=self.loop)
-
-    @api_process
-    async def update(self, request):
-        """Update addon."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        addon = self._extract_addon(request)
-        version = body.get(
-            ATTR_VERSION, self.addons.get_last_version(addon))
-
-        if version == self.addons.version_installed(addon):
-            raise RuntimeError("Version is already in use")
-
-        return await asyncio.shield(
-            self.addons.update(addon, version), loop=self.loop)
-
-    @api_process
-    async def restart(self, request):
-        """Restart addon."""
-        addon = self._extract_addon(request)
-        return await asyncio.shield(self.addons.restart(addon), loop=self.loop)
-
-    @api_process_raw
-    def logs(self, request):
-        """Return logs from addon."""
-        addon = self._extract_addon(request)
-        return self.addons.logs(addon)

hassio/api/homeassistant.py

@@ -1,64 +0,0 @@
-"""Init file for HassIO homeassistant rest api."""
-import asyncio
-import logging
-
-import voluptuous as vol
-
-from .util import api_process, api_process_raw, api_validate
-from ..const import ATTR_VERSION, ATTR_LAST_VERSION
-
-_LOGGER = logging.getLogger(__name__)
-
-SCHEMA_VERSION = vol.Schema({
-    vol.Optional(ATTR_VERSION): vol.Coerce(str),
-})
-
-
-class APIHomeAssistant(object):
-    """Handle rest api for homeassistant functions."""
-
-    def __init__(self, config, loop, homeassistant):
-        """Initialize homeassistant rest api part."""
-        self.config = config
-        self.loop = loop
-        self.homeassistant = homeassistant
-
-    @api_process
-    async def info(self, request):
-        """Return host information."""
-        return {
-            ATTR_VERSION: self.homeassistant.version,
-            ATTR_LAST_VERSION: self.config.last_homeassistant,
-        }
-
-    @api_process
-    async def update(self, request):
-        """Update homeassistant."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.config.last_homeassistant)
-
-        if self.homeassistant.in_progress:
-            raise RuntimeError("Other task is in progress")
-
-        if version == self.homeassistant.version:
-            raise RuntimeError("Version is already in use")
-
-        return await asyncio.shield(
-            self.homeassistant.update(version), loop=self.loop)
-
-    @api_process
-    async def restart(self, request):
-        """Restart homeassistant."""
-        if self.homeassistant.in_progress:
-            raise RuntimeError("Other task is in progress")
-
-        return await asyncio.shield(
-            self.homeassistant.restart(), loop=self.loop)
-
-    @api_process_raw
-    def logs(self, request):
-        """Return homeassistant docker logs.
-
-        Return a coroutine.
-        """
-        return self.homeassistant.logs()

hassio/api/host.py

@@ -1,60 +0,0 @@
-"""Init file for HassIO host rest api."""
-import asyncio
-import logging
-
-import voluptuous as vol
-
-from .util import api_process_hostcontrol, api_process, api_validate
-from ..const import (
-    ATTR_VERSION, ATTR_LAST_VERSION, ATTR_TYPE, ATTR_HOSTNAME, ATTR_FEATURES,
-    ATTR_OS)
-
-_LOGGER = logging.getLogger(__name__)
-
-SCHEMA_VERSION = vol.Schema({
-    vol.Optional(ATTR_VERSION): vol.Coerce(str),
-})
-
-
-class APIHost(object):
-    """Handle rest api for host functions."""
-
-    def __init__(self, config, loop, host_control):
-        """Initialize host rest api part."""
-        self.config = config
-        self.loop = loop
-        self.host_control = host_control
-
-    @api_process
-    async def info(self, request):
-        """Return host information."""
-        return {
-            ATTR_TYPE: self.host_control.type,
-            ATTR_VERSION: self.host_control.version,
-            ATTR_LAST_VERSION: self.host_control.last_version,
-            ATTR_FEATURES: self.host_control.features,
-            ATTR_HOSTNAME: self.host_control.hostname,
-            ATTR_OS: self.host_control.os_info,
-        }
-
-    @api_process_hostcontrol
-    def reboot(self, request):
-        """Reboot host."""
-        return self.host_control.reboot()
-
-    @api_process_hostcontrol
-    def shutdown(self, request):
-        """Poweroff host."""
-        return self.host_control.shutdown()
-
-    @api_process_hostcontrol
-    async def update(self, request):
-        """Update host OS."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.host_control.last_version)
-
-        if version == self.host_control.version:
-            raise RuntimeError("Version is already in use")
-
-        return await asyncio.shield(
-            self.host_control.update(version=version), loop=self.loop)

hassio/api/network.py

@@ -1,26 +0,0 @@
-"""Init file for HassIO network rest api."""
-import logging
-
-from .util import api_process_hostcontrol
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class APINetwork(object):
-    """Handle rest api for network functions."""
-
-    def __init__(self, config, loop, host_control):
-        """Initialize network rest api part."""
-        self.config = config
-        self.loop = loop
-        self.host_control = host_control
-
-    @api_process_hostcontrol
-    def info(self, request):
-        """Show network settings."""
-        pass
-
-    @api_process_hostcontrol
-    def options(self, request):
-        """Edit network settings."""
-        pass

hassio/api/security.py

@@ -1,102 +0,0 @@
-"""Init file for HassIO security rest api."""
-from datetime import datetime, timedelta
-import io
-import logging
-import hashlib
-import os
-
-from aiohttp import web
-import voluptuous as vol
-import pyotp
-import pyqrcode
-
-from .util import api_process, api_validate, hash_password
-from ..const import ATTR_INITIALIZE, ATTR_PASSWORD, ATTR_TOTP, ATTR_SESSION
-
-_LOGGER = logging.getLogger(__name__)
-
-SCHEMA_PASSWORD = vol.Schema({
-    vol.Required(ATTR_PASSWORD): vol.Coerce(str),
-})
-
-SCHEMA_SESSION = SCHEMA_PASSWORD.extend({
-    vol.Optional(ATTR_TOTP, default=None): vol.Coerce(str),
-})
-
-
-class APISecurity(object):
-    """Handle rest api for security functions."""
-
-    def __init__(self, config, loop):
-        """Initialize security rest api part."""
-        self.config = config
-        self.loop = loop
-
-    def _check_password(self, body):
-        """Check if password is valid and security is initialize."""
-        if not self.config.security_initialize:
-            raise RuntimeError("First set a password")
-
-        password = hash_password(body[ATTR_PASSWORD])
-        if password != self.config.security_password:
-            raise RuntimeError("Wrong password")
-
-    @api_process
-    async def info(self, request):
-        """Return host information."""
-        return {
-            ATTR_INITIALIZE: self.config.security_initialize,
-            ATTR_TOTP: self.config.security_totp is not None,
-        }
-
-    @api_process
-    async def options(self, request):
-        """Set options / password."""
-        body = await api_validate(SCHEMA_PASSWORD, request)
-
-        if self.config.security_initialize:
-            raise RuntimeError("Password is already set!")
-
-        self.config.security_password = hash_password(body[ATTR_PASSWORD])
-        self.config.security_initialize = True
-        return True
-
-    @api_process
-    async def totp(self, request):
-        """Set and initialze TOTP."""
-        body = await api_validate(SCHEMA_PASSWORD, request)
-        self._check_password(body)
-
-        # generate TOTP
-        totp_init_key = pyotp.random_base32()
-        totp = pyotp.TOTP(totp_init_key)
-
-        # init qrcode
-        buff = io.BytesIO()
-
-        qrcode = pyqrcode.create(totp.provisioning_uri("Hass.IO"))
-        qrcode.svg(buff)
-
-        # finish
-        self.config.security_totp = totp_init_key
-        return web.Response(body=buff.getvalue(), content_type='image/svg+xml')
-
-    @api_process
-    async def session(self, request):
-        """Set and initialze session."""
-        body = await api_validate(SCHEMA_SESSION, request)
-        self._check_password(body)
-
-        # check TOTP
-        if self.config.security_totp:
-            totp = pyotp.TOTP(self.config.security_totp)
-            if body[ATTR_TOTP] != totp.now():
-                raise RuntimeError("Invalid TOTP token!")
-
-        # create session
-        valid_until = datetime.now() + timedelta(days=1)
-        session = hashlib.sha256(os.urandom(54)).hexdigest()
-
-        # store session
-        self.config.security_sessions = (session, valid_until)
-        return {ATTR_SESSION: session}

hassio/api/supervisor.py

@@ -1,168 +0,0 @@
-"""Init file for HassIO supervisor rest api."""
-import asyncio
-import logging
-
-import voluptuous as vol
-
-from .util import api_process, api_process_raw, api_validate
-from ..addons.util import create_hash_index_list
-from ..const import (
-    ATTR_ADDONS, ATTR_VERSION, ATTR_LAST_VERSION, ATTR_BETA_CHANNEL,
-    HASSIO_VERSION, ATTR_ADDONS_REPOSITORIES, ATTR_REPOSITORIES,
-    ATTR_REPOSITORY, ATTR_DESCRIPTON, ATTR_NAME, ATTR_SLUG, ATTR_INSTALLED,
-    ATTR_DETACHED, ATTR_SOURCE, ATTR_MAINTAINER, ATTR_URL, ATTR_ARCH)
-
-_LOGGER = logging.getLogger(__name__)
-
-SCHEMA_OPTIONS = vol.Schema({
-    # pylint: disable=no-value-for-parameter
-    vol.Optional(ATTR_BETA_CHANNEL): vol.Boolean(),
-    vol.Optional(ATTR_ADDONS_REPOSITORIES): [vol.Url()],
-})
-
-SCHEMA_VERSION = vol.Schema({
-    vol.Optional(ATTR_VERSION): vol.Coerce(str),
-})
-
-
-class APISupervisor(object):
-    """Handle rest api for supervisor functions."""
-
-    def __init__(self, config, loop, supervisor, addons, host_control):
-        """Initialize supervisor rest api part."""
-        self.config = config
-        self.loop = loop
-        self.supervisor = supervisor
-        self.addons = addons
-        self.host_control = host_control
-
-    def _addons_list(self, only_installed=False):
-        """Return a list of addons."""
-        detached = self.addons.list_detached
-
-        if only_installed:
-            addons = self.addons.data_installed
-        else:
-            addons = self.addons.data_all
-
-        data = []
-        for addon, values in addons.items():
-            i_version = self.addons.version_installed(addon)
-
-            data.append({
-                ATTR_NAME: values[ATTR_NAME],
-                ATTR_SLUG: addon,
-                ATTR_DESCRIPTON: values[ATTR_DESCRIPTON],
-                ATTR_VERSION: values[ATTR_VERSION],
-                ATTR_INSTALLED: i_version,
-                ATTR_ARCH: values[ATTR_ARCH],
-                ATTR_DETACHED: addon in detached,
-                ATTR_REPOSITORY: values[ATTR_REPOSITORY],
-            })
-
-        return data
-
-    def _repositories_list(self):
-        """Return a list of addons repositories."""
-        data = []
-        list_id = create_hash_index_list(self.config.addons_repositories)
-
-        for repository in self.addons.list_repositories:
-            data.append({
-                ATTR_SLUG: repository[ATTR_SLUG],
-                ATTR_NAME: repository[ATTR_NAME],
-                ATTR_SOURCE: list_id.get(repository[ATTR_SLUG]),
-                ATTR_URL: repository.get(ATTR_URL),
-                ATTR_MAINTAINER: repository.get(ATTR_MAINTAINER),
-            })
-
-        return data
-
-    @api_process
-    async def ping(self, request):
-        """Return ok for signal that the api is ready."""
-        return True
-
-    @api_process
-    async def info(self, request):
-        """Return host information."""
-        return {
-            ATTR_VERSION: HASSIO_VERSION,
-            ATTR_LAST_VERSION: self.config.last_hassio,
-            ATTR_BETA_CHANNEL: self.config.upstream_beta,
-            ATTR_ARCH: self.addons.arch,
-            ATTR_ADDONS: self._addons_list(only_installed=True),
-            ATTR_ADDONS_REPOSITORIES: self.config.addons_repositories,
-        }
-
-    @api_process
-    async def available_addons(self, request):
-        """Return information for all available addons."""
-        return {
-            ATTR_ADDONS: self._addons_list(),
-            ATTR_REPOSITORIES: self._repositories_list(),
-        }
-
-    @api_process
-    async def options(self, request):
-        """Set supervisor options."""
-        body = await api_validate(SCHEMA_OPTIONS, request)
-
-        if ATTR_BETA_CHANNEL in body:
-            self.config.upstream_beta = body[ATTR_BETA_CHANNEL]
-
-        if ATTR_ADDONS_REPOSITORIES in body:
-            new = set(body[ATTR_ADDONS_REPOSITORIES])
-            old = set(self.config.addons_repositories)
-
-            # add new repositories
-            tasks = [self.addons.add_git_repository(url) for url in
-                     set(new - old)]
-            if tasks:
-                await asyncio.shield(
-                    asyncio.wait(tasks, loop=self.loop), loop=self.loop)
-
-            # remove old repositories
-            for url in set(old - new):
-                self.addons.drop_git_repository(url)
-
-            # read repository
-            self.addons.read_data_from_repositories()
-
-        return True
-
-    @api_process
-    async def update(self, request):
-        """Update supervisor OS."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.config.last_hassio)
-
-        if version == self.supervisor.version:
-            raise RuntimeError("Version is already in use")
-
-        return await asyncio.shield(
-            self.supervisor.update(version), loop=self.loop)
-
-    @api_process
-    async def reload(self, request):
-        """Reload addons, config ect."""
-        tasks = [
-            self.addons.reload(), self.config.fetch_update_infos(),
-            self.host_control.load()
-        ]
-        results, _ = await asyncio.shield(
-            asyncio.wait(tasks, loop=self.loop), loop=self.loop)
-
-        for result in results:
-            if result.exception() is not None:
-                raise RuntimeError("Some reload task fails!")
-
-        return True
-
-    @api_process_raw
-    def logs(self, request):
-        """Return supervisor docker logs.
-
-        Return a coroutine.
-        """
-        return self.supervisor.logs()

hassio/api/util.py

@@ -1,112 +0,0 @@
-"""Init file for HassIO util for rest api."""
-import json
-import hashlib
-import logging
-
-from aiohttp import web
-from aiohttp.web_exceptions import HTTPServiceUnavailable
-import voluptuous as vol
-from voluptuous.humanize import humanize_error
-
-from ..const import (
-    JSON_RESULT, JSON_DATA, JSON_MESSAGE, RESULT_OK, RESULT_ERROR)
-
-_LOGGER = logging.getLogger(__name__)
-
-
-def json_loads(data):
-    """Extract json from string with support for '' and None."""
-    try:
-        return json.loads(data)
-    except json.JSONDecodeError:
-        return {}
-
-
-def api_process(method):
-    """Wrap function with true/false calls to rest api."""
-    async def wrap_api(api, *args, **kwargs):
-        """Return api information."""
-        try:
-            answer = await method(api, *args, **kwargs)
-        except RuntimeError as err:
-            return api_return_error(message=str(err))
-
-        if isinstance(answer, dict):
-            return api_return_ok(data=answer)
-        if isinstance(answer, web.Response):
-            return answer
-        elif answer:
-            return api_return_ok()
-        return api_return_error()
-
-    return wrap_api
-
-
-def api_process_hostcontrol(method):
-    """Wrap HostControl calls to rest api."""
-    async def wrap_hostcontrol(api, *args, **kwargs):
-        """Return host information."""
-        if not api.host_control.active:
-            raise HTTPServiceUnavailable()
-
-        try:
-            answer = await method(api, *args, **kwargs)
-        except RuntimeError as err:
-            return api_return_error(message=str(err))
-
-        if isinstance(answer, dict):
-            return api_return_ok(data=answer)
-        elif answer is None:
-            return api_return_error("Function is not supported")
-        elif answer:
-            return api_return_ok()
-        return api_return_error()
-
-    return wrap_hostcontrol
-
-
-def api_process_raw(method):
-    """Wrap function with raw output to rest api."""
-    async def wrap_api(api, *args, **kwargs):
-        """Return api information."""
-        try:
-            message = await method(api, *args, **kwargs)
-        except RuntimeError as err:
-            message = str(err).encode()
-
-        return web.Response(body=message)
-
-    return wrap_api
-
-
-def api_return_error(message=None):
-    """Return a API error message."""
-    return web.json_response({
-        JSON_RESULT: RESULT_ERROR,
-        JSON_MESSAGE: message,
-    }, status=400)
-
-
-def api_return_ok(data=None):
-    """Return a API ok answer."""
-    return web.json_response({
-        JSON_RESULT: RESULT_OK,
-        JSON_DATA: data or {},
-    })
-
-
-async def api_validate(schema, request):
-    """Validate request data with schema."""
-    data = await request.json(loads=json_loads)
-    try:
-        data = schema(data)
-    except vol.Invalid as ex:
-        raise RuntimeError(humanize_error(data, ex)) from None
-
-    return data
-
-
-def hash_password(password):
-    """Hash and salt our passwords."""
-    key = ")*()*SALT_HASSIO2123{}6554547485HSKA!!*JSLAfdasda$".format(password)
-    return hashlib.sha256(key.encode()).hexdigest()

hassio/bootstrap.py

@@ -1,119 +0,0 @@
-"""Bootstrap HassIO."""
-import logging
-import os
-import signal
-
-from colorlog import ColoredFormatter
-
-from .const import SOCKET_DOCKER
-from .config import CoreConfig
-
-_LOGGER = logging.getLogger(__name__)
-
-
-def initialize_system_data(websession):
-    """Setup default config and create folders."""
-    config = CoreConfig(websession)
-
-    # homeassistant config folder
-    if not config.path_config.is_dir():
-        _LOGGER.info(
-            "Create Home-Assistant config folder %s", config.path_config)
-        config.path_config.mkdir()
-
-    # homeassistant ssl folder
-    if not config.path_ssl.is_dir():
-        _LOGGER.info("Create Home-Assistant ssl folder %s", config.path_ssl)
-        config.path_ssl.mkdir()
-
-    # homeassistant addon data folder
-    if not config.path_addons_data.is_dir():
-        _LOGGER.info("Create Home-Assistant addon data folder %s",
-                     config.path_addons_data)
-        config.path_addons_data.mkdir(parents=True)
-
-    if not config.path_addons_local.is_dir():
-        _LOGGER.info("Create Home-Assistant addon local repository folder %s",
-                     config.path_addons_local)
-        config.path_addons_local.mkdir(parents=True)
-
-    if not config.path_addons_git.is_dir():
-        _LOGGER.info("Create Home-Assistant addon git repositories folder %s",
-                     config.path_addons_git)
-        config.path_addons_git.mkdir(parents=True)
-
-    if not config.path_addons_build.is_dir():
-        _LOGGER.info("Create Home-Assistant addon build folder %s",
-                     config.path_addons_build)
-        config.path_addons_build.mkdir(parents=True)
-
-    # homeassistant backup folder
-    if not config.path_backup.is_dir():
-        _LOGGER.info("Create Home-Assistant backup folder %s",
-                     config.path_backup)
-        config.path_backup.mkdir()
-
-    return config
-
-
-def initialize_logging():
-    """Setup the logging."""
-    logging.basicConfig(level=logging.INFO)
-    fmt = ("%(asctime)s %(levelname)s (%(threadName)s) "
-           "[%(name)s] %(message)s")
-    colorfmt = "%(log_color)s{}%(reset)s".format(fmt)
-    datefmt = '%y-%m-%d %H:%M:%S'
-
-    # suppress overly verbose logs from libraries that aren't helpful
-    logging.getLogger("aiohttp.access").setLevel(logging.WARNING)
-
-    logging.getLogger().handlers[0].setFormatter(ColoredFormatter(
-        colorfmt,
-        datefmt=datefmt,
-        reset=True,
-        log_colors={
-            'DEBUG': 'cyan',
-            'INFO': 'green',
-            'WARNING': 'yellow',
-            'ERROR': 'red',
-            'CRITICAL': 'red',
-        }
-    ))
-
-
-def check_environment():
-    """Check if all environment are exists."""
-    for key in ('SUPERVISOR_SHARE', 'SUPERVISOR_NAME',
-                'HOMEASSISTANT_REPOSITORY'):
-        try:
-            os.environ[key]
-        except KeyError:
-            _LOGGER.fatal("Can't find %s in env!", key)
-            return False
-
-    if not SOCKET_DOCKER.is_socket():
-        _LOGGER.fatal("Can't find docker socket!")
-        return False
-
-    return True
-
-
-def reg_signal(loop, hassio):
-    """Register SIGTERM, SIGKILL to stop system."""
-    try:
-        loop.add_signal_handler(
-            signal.SIGTERM, lambda: loop.create_task(hassio.stop()))
-    except (ValueError, RuntimeError):
-        _LOGGER.warning("Could not bind to SIGTERM")
-
-    try:
-        loop.add_signal_handler(
-            signal.SIGHUP, lambda: loop.create_task(hassio.stop()))
-    except (ValueError, RuntimeError):
-        _LOGGER.warning("Could not bind to SIGHUP")
-
-    try:
-        loop.add_signal_handler(
-            signal.SIGINT, lambda: loop.create_task(hassio.stop()))
-    except (ValueError, RuntimeError):
-        _LOGGER.warning("Could not bind to SIGINT")

hassio/config.py

@@ -1,308 +0,0 @@
-"""Bootstrap HassIO."""
-from datetime import datetime
-import logging
-import json
-import os
-from pathlib import Path, PurePath
-
-import voluptuous as vol
-from voluptuous.humanize import humanize_error
-
-from .const import FILE_HASSIO_CONFIG, HASSIO_SHARE
-from .tools import (
-    fetch_last_versions, write_json_file, read_json_file)
-
-_LOGGER = logging.getLogger(__name__)
-
-DATETIME_FORMAT = "%Y%m%d %H:%M:%S"
-
-HOMEASSISTANT_CONFIG = PurePath("homeassistant")
-HOMEASSISTANT_LAST = 'homeassistant_last'
-
-HASSIO_SSL = PurePath("ssl")
-HASSIO_LAST = 'hassio_last'
-HASSIO_CLEANUP = 'hassio_cleanup'
-
-ADDONS_CORE = PurePath("addons/core")
-ADDONS_LOCAL = PurePath("addons/local")
-ADDONS_GIT = PurePath("addons/git")
-ADDONS_DATA = PurePath("addons/data")
-ADDONS_BUILD = PurePath("addons/build")
-ADDONS_CUSTOM_LIST = 'addons_custom_list'
-
-BACKUP_DATA = PurePath("backup")
-
-UPSTREAM_BETA = 'upstream_beta'
-
-API_ENDPOINT = 'api_endpoint'
-
-SECURITY_INITIALIZE = 'security_initialize'
-SECURITY_TOTP = 'security_totp'
-SECURITY_PASSWORD = 'security_password'
-SECURITY_SESSIONS = 'security_sessions'
-
-
-# pylint: disable=no-value-for-parameter
-SCHEMA_CONFIG = vol.Schema({
-    vol.Optional(UPSTREAM_BETA, default=False): vol.Boolean(),
-    vol.Optional(API_ENDPOINT): vol.Coerce(str),
-    vol.Optional(HOMEASSISTANT_LAST): vol.Coerce(str),
-    vol.Optional(HASSIO_LAST): vol.Coerce(str),
-    vol.Optional(HASSIO_CLEANUP): vol.Coerce(str),
-    vol.Optional(ADDONS_CUSTOM_LIST, default=[]): [vol.Url()],
-    vol.Optional(SECURITY_INITIALIZE, default=False): vol.Boolean(),
-    vol.Optional(SECURITY_TOTP): vol.Coerce(str),
-    vol.Optional(SECURITY_PASSWORD): vol.Coerce(str),
-    vol.Optional(SECURITY_SESSIONS, default={}):
-        {vol.Coerce(str): vol.Coerce(str)},
-}, extra=vol.REMOVE_EXTRA)
-
-
-class Config(object):
-    """Hold all config data."""
-
-    def __init__(self, config_file):
-        """Initialize config object."""
-        self._file = config_file
-        self._data = {}
-
-        # init or load data
-        if self._file.is_file():
-            try:
-                self._data = read_json_file(self._file)
-            except (OSError, json.JSONDecodeError):
-                _LOGGER.warning("Can't read %s", self._file)
-                self._data = {}
-
-    def save(self):
-        """Store data to config file."""
-        if not write_json_file(self._file, self._data):
-            _LOGGER.error("Can't store config in %s", self._file)
-            return False
-        return True
-
-
-class CoreConfig(Config):
-    """Hold all core config data."""
-
-    def __init__(self, websession):
-        """Initialize config object."""
-        self.websession = websession
-
-        super().__init__(FILE_HASSIO_CONFIG)
-
-        # validate data
-        try:
-            self._data = SCHEMA_CONFIG(self._data)
-            self.save()
-        except vol.Invalid as ex:
-            _LOGGER.warning(
-                "Invalid config %s", humanize_error(self._data, ex))
-
-    async def fetch_update_infos(self):
-        """Read current versions from web."""
-        last = await fetch_last_versions(
-            self.websession, beta=self.upstream_beta)
-
-        if last:
-            self._data.update({
-                HOMEASSISTANT_LAST: last.get('homeassistant'),
-                HASSIO_LAST: last.get('hassio'),
-            })
-            self.save()
-            return True
-
-        return False
-
-    @property
-    def api_endpoint(self):
-        """Return IP address of api endpoint."""
-        return self._data[API_ENDPOINT]
-
-    @api_endpoint.setter
-    def api_endpoint(self, value):
-        """Store IP address of api endpoint."""
-        self._data[API_ENDPOINT] = value
-
-    @property
-    def upstream_beta(self):
-        """Return True if we run in beta upstream."""
-        return self._data[UPSTREAM_BETA]
-
-    @upstream_beta.setter
-    def upstream_beta(self, value):
-        """Set beta upstream mode."""
-        self._data[UPSTREAM_BETA] = bool(value)
-
-    @property
-    def hassio_cleanup(self):
-        """Return Version they need to cleanup."""
-        return self._data.get(HASSIO_CLEANUP)
-
-    @hassio_cleanup.setter
-    def hassio_cleanup(self, version):
-        """Set or remove cleanup flag."""
-        if version is None:
-            self._data.pop(HASSIO_CLEANUP, None)
-        else:
-            self._data[HASSIO_CLEANUP] = version
-        self.save()
-
-    @property
-    def homeassistant_image(self):
-        """Return docker homeassistant repository."""
-        return os.environ['HOMEASSISTANT_REPOSITORY']
-
-    @property
-    def last_homeassistant(self):
-        """Actual version of homeassistant."""
-        return self._data.get(HOMEASSISTANT_LAST)
-
-    @property
-    def last_hassio(self):
-        """Actual version of hassio."""
-        return self._data.get(HASSIO_LAST)
-
-    @property
-    def path_extern_hassio(self):
-        """Return hassio data path extern for docker."""
-        return PurePath(os.environ['SUPERVISOR_SHARE'])
-
-    @property
-    def path_extern_config(self):
-        """Return config path extern for docker."""
-        return str(PurePath(self.path_extern_hassio, HOMEASSISTANT_CONFIG))
-
-    @property
-    def path_config(self):
-        """Return config path inside supervisor."""
-        return Path(HASSIO_SHARE, HOMEASSISTANT_CONFIG)
-
-    @property
-    def path_extern_ssl(self):
-        """Return SSL path extern for docker."""
-        return str(PurePath(self.path_extern_hassio, HASSIO_SSL))
-
-    @property
-    def path_ssl(self):
-        """Return SSL path inside supervisor."""
-        return Path(HASSIO_SHARE, HASSIO_SSL)
-
-    @property
-    def path_addons_core(self):
-        """Return git path for core addons."""
-        return Path(HASSIO_SHARE, ADDONS_CORE)
-
-    @property
-    def path_addons_git(self):
-        """Return path for git addons."""
-        return Path(HASSIO_SHARE, ADDONS_GIT)
-
-    @property
-    def path_addons_local(self):
-        """Return path for customs addons."""
-        return Path(HASSIO_SHARE, ADDONS_LOCAL)
-
-    @property
-    def path_extern_addons_local(self):
-        """Return path for customs addons."""
-        return PurePath(self.path_extern_hassio, ADDONS_LOCAL)
-
-    @property
-    def path_addons_data(self):
-        """Return root addon data folder."""
-        return Path(HASSIO_SHARE, ADDONS_DATA)
-
-    @property
-    def path_extern_addons_data(self):
-        """Return root addon data folder extern for docker."""
-        return PurePath(self.path_extern_hassio, ADDONS_DATA)
-
-    @property
-    def path_addons_build(self):
-        """Return root addon build folder."""
-        return Path(HASSIO_SHARE, ADDONS_BUILD)
-
-    @property
-    def path_backup(self):
-        """Return root backup data folder."""
-        return Path(HASSIO_SHARE, BACKUP_DATA)
-
-    @property
-    def path_extern_backup(self):
-        """Return root backup data folder extern for docker."""
-        return PurePath(self.path_extern_hassio, BACKUP_DATA)
-
-    @property
-    def addons_repositories(self):
-        """Return list of addons custom repositories."""
-        return self._data[ADDONS_CUSTOM_LIST]
-
-    @addons_repositories.setter
-    def addons_repositories(self, repo):
-        """Add a custom repository to list."""
-        if repo in self._data[ADDONS_CUSTOM_LIST]:
-            return
-
-        self._data[ADDONS_CUSTOM_LIST].append(repo)
-        self.save()
-
-    def drop_addon_repository(self, repo):
-        """Remove a custom repository from list."""
-        if repo not in self._data[ADDONS_CUSTOM_LIST]:
-            return
-
-        self._data[ADDONS_CUSTOM_LIST].remove(repo)
-        self.save()
-
-    @property
-    def security_initialize(self):
-        """Return is security was initialize."""
-        return self._data[SECURITY_INITIALIZE]
-
-    @security_initialize.setter
-    def security_initialize(self, value):
-        """Set is security initialize."""
-        self._data[SECURITY_INITIALIZE] = value
-        self.save()
-
-    @property
-    def security_totp(self):
-        """Return the TOTP key."""
-        return self._data.get(SECURITY_TOTP)
-
-    @security_totp.setter
-    def security_totp(self, value):
-        """Set the TOTP key."""
-        self._data[SECURITY_TOTP] = value
-        self.save()
-
-    @property
-    def security_password(self):
-        """Return the password key."""
-        return self._data.get(SECURITY_PASSWORD)
-
-    @security_password.setter
-    def security_password(self, value):
-        """Set the password key."""
-        self._data[SECURITY_PASSWORD] = value
-        self.save()
-
-    @property
-    def security_sessions(self):
-        """Return api sessions."""
-        return {session: datetime.strptime(until, DATETIME_FORMAT) for
-                session, until in self._data[SECURITY_SESSIONS].items()}
-
-    @security_sessions.setter
-    def security_sessions(self, value):
-        """Set the a new session."""
-        session, valid = value
-        if valid is None:
-            self._data[SECURITY_SESSIONS].pop(session, None)
-        else:
-            self._data[SECURITY_SESSIONS].update(
-                {session: valid.strftime(DATETIME_FORMAT)}
-            )
-
-        self.save()

hassio/const.py

@@ -1,90 +0,0 @@
-"""Const file for HassIO."""
-from pathlib import Path
-
-HASSIO_VERSION = '0.24'
-
-URL_HASSIO_VERSION = ('https://raw.githubusercontent.com/home-assistant/'
-                      'hassio/master/version.json')
-URL_HASSIO_VERSION_BETA = ('https://raw.githubusercontent.com/home-assistant/'
-                           'hassio/dev/version.json')
-
-URL_HASSIO_ADDONS = 'https://github.com/home-assistant/hassio-addons'
-
-DOCKER_REPO = "homeassistant"
-
-HASSIO_SHARE = Path("/data")
-
-RUN_UPDATE_INFO_TASKS = 28800
-RUN_UPDATE_SUPERVISOR_TASKS = 29100
-RUN_RELOAD_ADDONS_TASKS = 28800
-RUN_WATCHDOG_HOMEASSISTANT = 15
-RUN_CLEANUP_API_SESSIONS = 900
-
-RESTART_EXIT_CODE = 100
-
-FILE_HASSIO_ADDONS = Path(HASSIO_SHARE, "addons.json")
-FILE_HASSIO_CONFIG = Path(HASSIO_SHARE, "config.json")
-
-SOCKET_DOCKER = Path("/var/run/docker.sock")
-SOCKET_HC = Path("/var/run/hassio-hc.sock")
-
-JSON_RESULT = 'result'
-JSON_DATA = 'data'
-JSON_MESSAGE = 'message'
-
-RESULT_ERROR = 'error'
-RESULT_OK = 'ok'
-
-ATTR_ARCH = 'arch'
-ATTR_HOSTNAME = 'hostname'
-ATTR_OS = 'os'
-ATTR_TYPE = 'type'
-ATTR_SOURCE = 'source'
-ATTR_FEATURES = 'features'
-ATTR_ADDONS = 'addons'
-ATTR_VERSION = 'version'
-ATTR_LAST_VERSION = 'last_version'
-ATTR_BETA_CHANNEL = 'beta_channel'
-ATTR_NAME = 'name'
-ATTR_SLUG = 'slug'
-ATTR_DESCRIPTON = 'description'
-ATTR_STARTUP = 'startup'
-ATTR_BOOT = 'boot'
-ATTR_PORTS = 'ports'
-ATTR_MAP = 'map'
-ATTR_OPTIONS = 'options'
-ATTR_INSTALLED = 'installed'
-ATTR_DETACHED = 'detached'
-ATTR_STATE = 'state'
-ATTR_SCHEMA = 'schema'
-ATTR_IMAGE = 'image'
-ATTR_ADDONS_REPOSITORIES = 'addons_repositories'
-ATTR_REPOSITORY = 'repository'
-ATTR_REPOSITORIES = 'repositories'
-ATTR_URL = 'url'
-ATTR_MAINTAINER = 'maintainer'
-ATTR_PASSWORD = 'password'
-ATTR_TOTP = 'totp'
-ATTR_INITIALIZE = 'initialize'
-ATTR_SESSION = 'session'
-ATTR_LOCATON = 'location'
-
-STARTUP_BEFORE = 'before'
-STARTUP_AFTER = 'after'
-STARTUP_ONCE = 'once'
-
-BOOT_AUTO = 'auto'
-BOOT_MANUAL = 'manual'
-
-STATE_STARTED = 'started'
-STATE_STOPPED = 'stopped'
-
-MAP_CONFIG = 'config'
-MAP_SSL = 'ssl'
-MAP_ADDONS = 'addons'
-MAP_BACKUP = 'backup'
-
-ARCH_ARMHF = 'armhf'
-ARCH_AARCH64 = 'aarch64'
-ARCH_AMD64 = 'amd64'
-ARCH_I386 = 'i386'

hassio/core.py

@@ -1,144 +0,0 @@
-"""Main file for HassIO."""
-import asyncio
-import logging
-
-import aiohttp
-import docker
-
-from . import bootstrap
-from .addons import AddonManager
-from .api import RestAPI
-from .host_control import HostControl
-from .const import (
-    SOCKET_DOCKER, RUN_UPDATE_INFO_TASKS, RUN_RELOAD_ADDONS_TASKS,
-    RUN_UPDATE_SUPERVISOR_TASKS, RUN_WATCHDOG_HOMEASSISTANT,
-    RUN_CLEANUP_API_SESSIONS, STARTUP_AFTER, STARTUP_BEFORE)
-from .scheduler import Scheduler
-from .dock.homeassistant import DockerHomeAssistant
-from .dock.supervisor import DockerSupervisor
-from .tasks import (
-    hassio_update, homeassistant_watchdog, homeassistant_setup,
-    api_sessions_cleanup)
-from .tools import get_arch_from_image, get_local_ip
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class HassIO(object):
-    """Main object of hassio."""
-
-    def __init__(self, loop):
-        """Initialize hassio object."""
-        self.exit_code = 0
-        self.loop = loop
-        self.websession = aiohttp.ClientSession(loop=self.loop)
-        self.config = bootstrap.initialize_system_data(self.websession)
-        self.scheduler = Scheduler(self.loop)
-        self.api = RestAPI(self.config, self.loop)
-        self.dock = docker.DockerClient(
-            base_url="unix:/{}".format(str(SOCKET_DOCKER)), version='auto')
-
-        # init basic docker container
-        self.supervisor = DockerSupervisor(
-            self.config, self.loop, self.dock, self)
-        self.homeassistant = DockerHomeAssistant(
-            self.config, self.loop, self.dock)
-
-        # init HostControl
-        self.host_control = HostControl(self.loop)
-
-        # init addon system
-        self.addons = AddonManager(self.config, self.loop, self.dock)
-
-    async def setup(self):
-        """Setup HassIO orchestration."""
-        # supervisor
-        await self.supervisor.attach()
-        await self.supervisor.cleanup()
-
-        # set api endpoint
-        self.config.api_endpoint = await get_local_ip(self.loop)
-
-        # hostcontrol
-        await self.host_control.load()
-
-        # schedule update info tasks
-        self.scheduler.register_task(
-            self.host_control.load, RUN_UPDATE_INFO_TASKS)
-
-        # rest api views
-        self.api.register_host(self.host_control)
-        self.api.register_network(self.host_control)
-        self.api.register_supervisor(
-            self.supervisor, self.addons, self.host_control)
-        self.api.register_homeassistant(self.homeassistant)
-        self.api.register_addons(self.addons)
-        self.api.register_security()
-
-        # schedule api session cleanup
-        self.scheduler.register_task(
-            api_sessions_cleanup(self.config), RUN_CLEANUP_API_SESSIONS,
-            now=True)
-
-        # schedule update info tasks
-        self.scheduler.register_task(
-            self.config.fetch_update_infos, RUN_UPDATE_INFO_TASKS,
-            now=True)
-
-        # first start of supervisor?
-        if not await self.homeassistant.exists():
-            _LOGGER.info("No HomeAssistant docker found.")
-            await homeassistant_setup(
-                self.config, self.loop, self.homeassistant)
-
-        # Load addons
-        arch = get_arch_from_image(self.supervisor.image)
-        await self.addons.prepare(arch)
-
-        # schedule addon update task
-        self.scheduler.register_task(
-            self.addons.reload, RUN_RELOAD_ADDONS_TASKS, now=True)
-
-        # schedule self update task
-        self.scheduler.register_task(
-            hassio_update(self.config, self.supervisor),
-            RUN_UPDATE_SUPERVISOR_TASKS)
-
-    async def start(self):
-        """Start HassIO orchestration."""
-        # start api
-        await self.api.start()
-        _LOGGER.info("Start hassio api on %s", self.config.api_endpoint)
-
-        try:
-            # HomeAssistant is already running / supervisor have only reboot
-            if await self.homeassistant.is_running():
-                _LOGGER.info("HassIO reboot detected")
-                return
-
-            # start addon mark as before
-            await self.addons.auto_boot(STARTUP_BEFORE)
-
-            # run HomeAssistant
-            await self.homeassistant.run()
-
-            # start addon mark as after
-            await self.addons.auto_boot(STARTUP_AFTER)
-
-        finally:
-            # schedule homeassistant watchdog
-            self.scheduler.register_task(
-                homeassistant_watchdog(self.loop, self.homeassistant),
-                RUN_WATCHDOG_HOMEASSISTANT)
-
-    async def stop(self, exit_code=0):
-        """Stop a running orchestration."""
-        # don't process scheduler anymore
-        self.scheduler.stop()
-
-        # process stop task pararell
-        tasks = [self.websession.close(), self.api.stop()]
-        await asyncio.wait(tasks, loop=self.loop)
-
-        self.exit_code = exit_code
-        self.loop.stop()

hassio/dock/__init__.py

@@ -1,293 +0,0 @@
-"""Init file for HassIO docker object."""
-import asyncio
-from contextlib import suppress
-import logging
-
-import docker
-
-from ..tools import get_version_from_env
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class DockerBase(object):
-    """Docker hassio wrapper."""
-
-    def __init__(self, config, loop, dock, image=None):
-        """Initialize docker base wrapper."""
-        self.config = config
-        self.loop = loop
-        self.dock = dock
-        self.image = image
-        self.container = None
-        self.version = None
-        self._lock = asyncio.Lock(loop=loop)
-
-    @property
-    def docker_name(self):
-        """Return name of docker container."""
-        return None
-
-    @property
-    def in_progress(self):
-        """Return True if a task is in progress."""
-        return self._lock.locked()
-
-    async def install(self, tag):
-        """Pull docker image."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute install while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._install, tag)
-
-    def _install(self, tag):
-        """Pull docker image.
-
-        Need run inside executor.
-        """
-        try:
-            _LOGGER.info("Pull image %s tag %s.", self.image, tag)
-            image = self.dock.images.pull("{}:{}".format(self.image, tag))
-
-            image.tag(self.image, tag='latest')
-            self.version = get_version_from_env(image.attrs['Config']['Env'])
-            _LOGGER.info("Tag image %s with version %s as latest",
-                         self.image, self.version)
-        except docker.errors.APIError as err:
-            _LOGGER.error("Can't install %s:%s -> %s.", self.image, tag, err)
-            return False
-        return True
-
-    def exists(self):
-        """Return True if docker image exists in local repo.
-
-        Return a Future.
-        """
-        return self.loop.run_in_executor(None, self._exists)
-
-    def _exists(self):
-        """Return True if docker image exists in local repo.
-
-        Need run inside executor.
-        """
-        try:
-            image = self.dock.images.get(self.image)
-            self.version = get_version_from_env(image.attrs['Config']['Env'])
-        except docker.errors.DockerException:
-            return False
-
-        return True
-
-    def is_running(self):
-        """Return True if docker is Running.
-
-        Return a Future.
-        """
-        return self.loop.run_in_executor(None, self._is_running)
-
-    def _is_running(self):
-        """Return True if docker is Running.
-
-        Need run inside executor.
-        """
-        if not self.container:
-            try:
-                self.container = self.dock.containers.get(self.docker_name)
-                self.version = get_version_from_env(
-                    self.container.attrs['Config']['Env'])
-            except docker.errors.DockerException:
-                return False
-        else:
-            self.container.reload()
-
-        return self.container.status == 'running'
-
-    async def attach(self):
-        """Attach to running docker container."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute attach while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._attach)
-
-    def _attach(self):
-        """Attach to running docker container.
-
-        Need run inside executor.
-        """
-        try:
-            self.container = self.dock.containers.get(self.docker_name)
-            self.image = self.container.attrs['Config']['Image']
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
-            _LOGGER.info("Attach to image %s with version %s",
-                         self.image, self.version)
-        except (docker.errors.DockerException, KeyError):
-            _LOGGER.fatal(
-                "Can't attach to %s docker container!", self.docker_name)
-            return False
-
-        return True
-
-    async def run(self):
-        """Run docker image."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute run while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._run)
-
-    def _run(self):
-        """Run docker image.
-
-        Need run inside executor.
-        """
-        raise NotImplementedError()
-
-    async def stop(self):
-        """Stop/remove docker container."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute stop while a task is in progress")
-            return False
-
-        async with self._lock:
-            await self.loop.run_in_executor(None, self._stop)
-            return True
-
-    def _stop(self):
-        """Stop/remove and remove docker container.
-
-        Need run inside executor.
-        """
-        if not self.container:
-            return
-
-        _LOGGER.info("Stop %s docker application", self.image)
-
-        self.container.reload()
-        if self.container.status == 'running':
-            with suppress(docker.errors.DockerException):
-                self.container.stop()
-
-        with suppress(docker.errors.DockerException):
-            self.container.remove(force=True)
-
-        self.container = None
-
-    async def remove(self):
-        """Remove docker container."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute remove while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._remove)
-
-    def _remove(self):
-        """remove docker container.
-
-        Need run inside executor.
-        """
-        if self._is_running():
-            self._stop()
-
-        _LOGGER.info("Remove docker %s with latest and %s",
-                     self.image, self.version)
-
-        try:
-            self.dock.images.remove(
-                image="{}:latest".format(self.image), force=True)
-            self.dock.images.remove(
-                image="{}:{}".format(self.image, self.version), force=True)
-        except docker.errors.ImageNotFound:
-            return True
-        except docker.errors.DockerException as err:
-            _LOGGER.warning("Can't remove image %s -> %s", self.image, err)
-            return False
-
-        return True
-
-    async def update(self, tag):
-        """Update a docker image."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute update while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._update, tag)
-
-    def _update(self, tag):
-        """Update a docker image.
-
-        Need run inside executor.
-        """
-        old_image = "{}:{}".format(self.image, self.version)
-
-        _LOGGER.info("Update docker %s with %s:%s",
-                     old_image, self.image, tag)
-
-        # update docker image
-        if self._install(tag):
-            _LOGGER.info("Cleanup old %s docker", old_image)
-            self._stop()
-            try:
-                self.dock.images.remove(image=old_image, force=True)
-            except docker.errors.DockerException as err:
-                _LOGGER.warning(
-                    "Can't remove old image %s -> %s", old_image, err)
-            return True
-
-        return False
-
-    async def logs(self):
-        """Return docker logs of container."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute logs while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._logs)
-
-    def _logs(self):
-        """Return docker logs of container.
-
-        Need run inside executor.
-        """
-        if not self.container:
-            return
-
-        try:
-            return self.container.logs(tail=100, stdout=True, stderr=True)
-        except docker.errors.DockerException as err:
-            _LOGGER.warning("Can't grap logs from %s -> %s", self.image, err)
-
-    async def restart(self):
-        """Restart docker container."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute restart while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._restart)
-
-    def _restart(self):
-        """Restart docker container.
-
-        Need run inside executor.
-        """
-        if not self.container:
-            return False
-
-        _LOGGER.info("Restart %s", self.image)
-
-        try:
-            self.container.restart(timeout=30)
-        except docker.errors.DockerException as err:
-            _LOGGER.warning("Can't restart %s -> %s", self.image, err)
-            return False
-
-        return True

hassio/dock/addon.py

@@ -1,171 +0,0 @@
-"""Init file for HassIO addon docker object."""
-import logging
-from pathlib import Path
-import shutil
-
-import docker
-
-from . import DockerBase
-from .util import dockerfile_template
-from ..tools import get_version_from_env
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class DockerAddon(DockerBase):
-    """Docker hassio wrapper for HomeAssistant."""
-
-    def __init__(self, config, loop, dock, addons_data, addon):
-        """Initialize docker homeassistant wrapper."""
-        super().__init__(
-            config, loop, dock, image=addons_data.get_image(addon))
-        self.addon = addon
-        self.addons_data = addons_data
-
-    @property
-    def docker_name(self):
-        """Return name of docker container."""
-        return "addon_{}".format(self.addon)
-
-    @property
-    def volumes(self):
-        """Generate volumes for mappings."""
-        volumes = {
-            str(self.addons_data.path_extern_data(self.addon)): {
-                'bind': '/data', 'mode': 'rw'
-            }}
-
-        if self.addons_data.map_config(self.addon):
-            volumes.update({
-                str(self.config.path_extern_config): {
-                    'bind': '/config', 'mode': 'rw'
-                }})
-
-        if self.addons_data.map_ssl(self.addon):
-            volumes.update({
-                str(self.config.path_extern_ssl): {
-                    'bind': '/ssl', 'mode': 'rw'
-                }})
-
-        if self.addons_data.map_addons(self.addon):
-            volumes.update({
-                str(self.config.path_extern_addons_local): {
-                    'bind': '/addons', 'mode': 'rw'
-                }})
-
-        if self.addons_data.map_backup(self.addon):
-            volumes.update({
-                str(self.config.path_extern_backup): {
-                    'bind': '/backup', 'mode': 'rw'
-                }})
-
-        return volumes
-
-    def _run(self):
-        """Run docker image.
-
-        Need run inside executor.
-        """
-        if self._is_running():
-            return
-
-        # cleanup old container
-        self._stop()
-
-        try:
-            self.container = self.dock.containers.run(
-                self.image,
-                name=self.docker_name,
-                detach=True,
-                network_mode='bridge',
-                ports=self.addons_data.get_ports(self.addon),
-                volumes=self.volumes,
-            )
-
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
-
-            _LOGGER.info("Start docker addon %s with version %s",
-                         self.image, self.version)
-
-        except docker.errors.DockerException as err:
-            _LOGGER.error("Can't run %s -> %s", self.image, err)
-            return False
-
-        return True
-
-    def _attach(self):
-        """Attach to running docker container.
-
-        Need run inside executor.
-        """
-        try:
-            self.container = self.dock.containers.get(self.docker_name)
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
-
-            _LOGGER.info(
-                "Attach to image %s with version %s", self.image, self.version)
-        except (docker.errors.DockerException, KeyError):
-            pass
-
-    def _install(self, tag):
-        """Pull docker image or build it.
-
-        Need run inside executor.
-        """
-        if self.addons_data.need_build(self.addon):
-            return self._build(tag)
-
-        return super()._install(tag)
-
-    async def build(self, tag):
-        """Build a docker container."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute build while a task is in progress")
-            return False
-
-        async with self._lock:
-            return await self.loop.run_in_executor(None, self._build, tag)
-
-    def _build(self, tag):
-        """Build a docker container.
-
-        Need run inside executor.
-        """
-        build_dir = Path(self.config.path_addons_build, self.addon)
-        try:
-            # prepare temporary addon build folder
-            try:
-                source = self.addons_data.path_addon_location(self.addon)
-                shutil.copytree(str(source), str(build_dir))
-            except shutil.Error as err:
-                _LOGGER.error("Can't copy %s to temporary build folder -> %s",
-                              source, build_dir)
-                return False
-
-            # prepare Dockerfile
-            try:
-                dockerfile_template(
-                    Path(build_dir, 'Dockerfile'), self.addons_data.arch, tag)
-            except OSError as err:
-                _LOGGER.error("Can't prepare dockerfile -> %s", err)
-
-            # run docker build
-            try:
-                build_tag = "{}:{}".format(self.image, tag)
-
-                _LOGGER.info("Start build %s on %s", build_tag, build_dir)
-                image = self.dock.images.build(
-                    path=str(build_dir), tag=build_tag, pull=True)
-
-                _LOGGER.info("Build %s done", build_tag)
-                image.tag(self.image, tag='latest')
-            except (docker.errors.DockerException, TypeError) as err:
-                _LOGGER.error("Can't build %s -> %s", build_tag, err)
-                return False
-
-            return True
-
-        finally:
-            shutil.rmtree(str(build_dir), ignore_errors=True)

hassio/dock/homeassistant.py

@@ -1,77 +0,0 @@
-"""Init file for HassIO docker object."""
-import logging
-
-import docker
-
-from . import DockerBase
-from ..tools import get_version_from_env
-
-_LOGGER = logging.getLogger(__name__)
-
-HASS_DOCKER_NAME = 'homeassistant'
-
-
-class DockerHomeAssistant(DockerBase):
-    """Docker hassio wrapper for HomeAssistant."""
-
-    def __init__(self, config, loop, dock):
-        """Initialize docker homeassistant wrapper."""
-        super().__init__(config, loop, dock, image=config.homeassistant_image)
-
-    @property
-    def docker_name(self):
-        """Return name of docker container."""
-        return HASS_DOCKER_NAME
-
-    def _run(self):
-        """Run docker image.
-
-        Need run inside executor.
-        """
-        if self._is_running():
-            return
-
-        # cleanup old container
-        self._stop()
-
-        try:
-            self.container = self.dock.containers.run(
-                self.image,
-                name=self.docker_name,
-                detach=True,
-                privileged=True,
-                network_mode='host',
-                environment={
-                    'HASSIO': self.config.api_endpoint,
-                },
-                volumes={
-                    str(self.config.path_extern_config):
-                        {'bind': '/config', 'mode': 'rw'},
-                    str(self.config.path_extern_ssl):
-                        {'bind': '/ssl', 'mode': 'rw'},
-                })
-
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
-
-            _LOGGER.info("Start docker addon %s with version %s",
-                         self.image, self.version)
-
-        except docker.errors.DockerException as err:
-            _LOGGER.error("Can't run %s -> %s", self.image, err)
-            return False
-
-        return True
-
-    async def update(self, tag):
-        """Update homeassistant docker image."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute update while a task is in progress")
-            return False
-
-        async with self._lock:
-            if await self.loop.run_in_executor(None, self._update, tag):
-                await self.loop.run_in_executor(None, self._run)
-                return True
-
-            return False

hassio/dock/supervisor.py

@@ -1,87 +0,0 @@
-"""Init file for HassIO docker object."""
-import logging
-import os
-
-import docker
-
-from . import DockerBase
-from ..const import RESTART_EXIT_CODE
-
-_LOGGER = logging.getLogger(__name__)
-
-
-class DockerSupervisor(DockerBase):
-    """Docker hassio wrapper for HomeAssistant."""
-
-    def __init__(self, config, loop, dock, hassio, image=None):
-        """Initialize docker base wrapper."""
-        super().__init__(config, loop, dock, image=image)
-
-        self.hassio = hassio
-
-    @property
-    def docker_name(self):
-        """Return name of docker container."""
-        return os.environ['SUPERVISOR_NAME']
-
-    async def update(self, tag):
-        """Update a supervisor docker image."""
-        if self._lock.locked():
-            _LOGGER.error("Can't excute update while a task is in progress")
-            return False
-
-        _LOGGER.info("Update supervisor docker to %s:%s", self.image, tag)
-        old_version = self.version
-
-        async with self._lock:
-            if await self.loop.run_in_executor(None, self._install, tag):
-                self.config.hassio_cleanup = old_version
-                self.loop.create_task(self.hassio.stop(RESTART_EXIT_CODE))
-                return True
-
-            return False
-
-    async def cleanup(self):
-        """Check if old supervisor version exists and cleanup."""
-        if not self.config.hassio_cleanup:
-            return
-
-        async with self._lock:
-            if await self.loop.run_in_executor(None, self._cleanup):
-                self.config.hassio_cleanup = None
-
-    def _cleanup(self):
-        """Remove old image.
-
-        Need run inside executor.
-        """
-        old_image = "{}:{}".format(self.image, self.config.hassio_cleanup)
-
-        _LOGGER.info("Old supervisor docker found %s", old_image)
-        try:
-            self.dock.images.remove(image=old_image, force=True)
-        except docker.errors.DockerException as err:
-            _LOGGER.warning("Can't remove old image %s -> %s", old_image, err)
-            return False
-
-        return True
-
-    async def run(self):
-        """Run docker image."""
-        raise RuntimeError("Not support on supervisor docker container!")
-
-    async def install(self, tag):
-        """Pull docker image."""
-        raise RuntimeError("Not support on supervisor docker container!")
-
-    async def stop(self):
-        """Stop/remove docker container."""
-        raise RuntimeError("Not support on supervisor docker container!")
-
-    async def remove(self):
-        """Remove docker image."""
-        raise RuntimeError("Not support on supervisor docker container!")
-
-    async def restart(self):
-        """Restart docker container."""
-        raise RuntimeError("Not support on supervisor docker container!")

hassio/dock/util.py

@@ -1,32 +0,0 @@
-"""HassIO docker utilitys."""
-import re
-
-from ..const import ARCH_AARCH64, ARCH_ARMHF, ARCH_I386, ARCH_AMD64
-
-
-RESIN_BASE_IMAGE = {
-    ARCH_ARMHF: "resin/armhf-alpine:3.5",
-    ARCH_AARCH64: "resin/aarch64-alpine:3.5",
-    ARCH_I386: "resin/i386-alpine:3.5",
-    ARCH_AMD64: "resin/amd64-alpine:3.5",
-}
-
-TMPL_VERSION = re.compile(r"%%VERSION%%")
-TMPL_IMAGE = re.compile(r"%%BASE_IMAGE%%")
-
-
-def dockerfile_template(dockerfile, arch, version):
-    """Prepare a Hass.IO dockerfile."""
-    buff = []
-    resin_image = RESIN_BASE_IMAGE[arch]
-
-    # read docker
-    with dockerfile.open('r') as dock_input:
-        for line in dock_input:
-            line = TMPL_VERSION.sub(version, line)
-            line = TMPL_IMAGE.sub(resin_image, line)
-            buff.append(line)
-
-    # write docker
-    with dockerfile.open('w') as dock_output:
-        dock_output.writelines(buff)

hassio/host_control.py

@@ -1,119 +0,0 @@
-"""Host control for HassIO."""
-import asyncio
-import json
-import logging
-
-import async_timeout
-
-from .const import (
-    SOCKET_HC, ATTR_LAST_VERSION, ATTR_VERSION, ATTR_TYPE, ATTR_FEATURES,
-    ATTR_HOSTNAME, ATTR_OS)
-
-_LOGGER = logging.getLogger(__name__)
-
-TIMEOUT = 15
-UNKNOWN = 'unknown'
-
-FEATURES_SHUTDOWN = 'shutdown'
-FEATURES_REBOOT = 'reboot'
-FEATURES_UPDATE = 'update'
-FEATURES_NETWORK_INFO = 'network_info'
-FEATURES_NETWORK_CONTROL = 'network_control'
-
-
-class HostControl(object):
-    """Client for host control."""
-
-    def __init__(self, loop):
-        """Initialize HostControl socket client."""
-        self.loop = loop
-        self.active = False
-        self.version = UNKNOWN
-        self.last_version = UNKNOWN
-        self.type = UNKNOWN
-        self.features = []
-        self.hostname = UNKNOWN
-        self.os_info = UNKNOWN
-
-        if SOCKET_HC.is_socket():
-            self.active = True
-
-    async def _send_command(self, command):
-        """Send command to host.
-
-        Is a coroutine.
-        """
-        if not self.active:
-            return
-
-        reader, writer = await asyncio.open_unix_connection(
-            str(SOCKET_HC), loop=self.loop)
-
-        try:
-            # send
-            _LOGGER.info("Send '%s' to HostControl.", command)
-
-            with async_timeout.timeout(TIMEOUT, loop=self.loop):
-                writer.write("{}\n".format(command).encode())
-                data = await reader.readline()
-
-            response = data.decode().rstrip()
-            _LOGGER.info("Receive from HostControl: %s.", response)
-
-            if response == "OK":
-                return True
-            elif response == "ERROR":
-                return False
-            elif response == "WRONG":
-                return None
-            else:
-                try:
-                    return json.loads(response)
-                except json.JSONDecodeError:
-                    _LOGGER.warning("Json parse error from HostControl '%s'.",
-                                    response)
-
-        except asyncio.TimeoutError:
-            _LOGGER.error("Timeout from HostControl!")
-
-        finally:
-            writer.close()
-
-    async def load(self):
-        """Load Info from host.
-
-        Return a coroutine.
-        """
-        info = await self._send_command("info")
-        if not info:
-            return
-
-        self.version = info.get(ATTR_VERSION, UNKNOWN)
-        self.last_version = info.get(ATTR_LAST_VERSION, UNKNOWN)
-        self.type = info.get(ATTR_TYPE, UNKNOWN)
-        self.features = info.get(ATTR_FEATURES, [])
-        self.hostname = info.get(ATTR_HOSTNAME, UNKNOWN)
-        self.os_info = info.get(ATTR_OS, UNKNOWN)
-
-    def reboot(self):
-        """Reboot the host system.
-
-        Return a coroutine.
-        """
-        return self._send_command("reboot")
-
-    def shutdown(self):
-        """Shutdown the host system.
-
-        Return a coroutine.
-        """
-        return self._send_command("shutdown")
-
-    def update(self, version=None):
-        """Update the host system.
-
-        Return a coroutine.
-        """
-        if version:
-            return self._send_command("update {}".format(version))
-        return self._send_command("update")

hassio/scheduler.py

@@ -1,63 +0,0 @@
-"""Schedule for HassIO."""
-import logging
-
-_LOGGER = logging.getLogger(__name__)
-
-SEC = 'seconds'
-REPEAT = 'repeat'
-CALL = 'callback'
-TASK = 'task'
-
-
-class Scheduler(object):
-    """Schedule task inside HassIO."""
-
-    def __init__(self, loop):
-        """Initialize task schedule."""
-        self.loop = loop
-        self._data = {}
-        self._stop = False
-
-    def stop(self):
-        """Stop to execute tasks in scheduler."""
-        self._stop = True
-
-    def register_task(self, coro_callback, seconds, repeat=True,
-                      now=False):
-        """Schedule a coroutine.
-
-        The coroutien need to be a callback without arguments.
-        """
-        idx = hash(coro_callback)
-
-        # generate data
-        opts = {
-            CALL: coro_callback,
-            SEC: seconds,
-            REPEAT: repeat,
-        }
-        self._data[idx] = opts
-
-        # schedule task
-        if now:
-            self._run_task(idx)
-        else:
-            task = self.loop.call_later(seconds, self._run_task, idx)
-            self._data[idx][TASK] = task
-
-        return idx
-
-    def _run_task(self, idx):
-        """Run a scheduled task."""
-        data = self._data.pop(idx)
-
-        # stop execute tasks
-        if self._stop:
-            return
-
-        self.loop.create_task(data[CALL]())
-
-        if data[REPEAT]:
-            task = self.loop.call_later(data[SEC], self._run_task, idx)
-            data[TASK] = task
-            self._data[idx] = data

hassio/tasks.py

@@ -1,60 +0,0 @@
-"""Multible tasks."""
-import asyncio
-from datetime import datetime
-import logging
-
-_LOGGER = logging.getLogger(__name__)
-
-
-def api_sessions_cleanup(config):
-    """Create scheduler task for cleanup api sessions."""
-    async def _api_sessions_cleanup():
-        """Cleanup old api sessions."""
-        now = datetime.now()
-        for session, until_valid in config.security_sessions.items():
-            if now >= until_valid:
-                config.security_sessions = (session, None)
-
-    return _api_sessions_cleanup
-
-
-def hassio_update(config, supervisor):
-    """Create scheduler task for update of supervisor hassio."""
-    async def _hassio_update():
-        """Check and run update of supervisor hassio."""
-        if config.last_hassio == supervisor.version:
-            return
-
-        _LOGGER.info("Found new HassIO version %s.", config.last_hassio)
-        await supervisor.update(config.last_hassio)
-
-    return _hassio_update
-
-
-def homeassistant_watchdog(loop, homeassistant):
-    """Create scheduler task for montoring running state."""
-    async def _homeassistant_watchdog():
-        """Check running state and start if they is close."""
-        if homeassistant.in_progress or await homeassistant.is_running():
-            return
-
-        loop.create_task(homeassistant.run())
-
-    return _homeassistant_watchdog
-
-
-async def homeassistant_setup(config, loop, homeassistant):
-    """Install a homeassistant docker container."""
-    while True:
-        # read homeassistant tag and install it
-        if not config.last_homeassistant:
-            await config.fetch_update_infos()
-
-        tag = config.last_homeassistant
-        if tag and await homeassistant.install(tag):
-            break
-        _LOGGER.warning("Error on setup HomeAssistant. Retry in 60.")
-        await asyncio.sleep(60, loop=loop)
-
-    # store version
-    _LOGGER.info("HomeAssistant docker now installed.")

hassio/tools.py

@@ -1,92 +0,0 @@
-"""Tools file for HassIO."""
-import asyncio
-import json
-import logging
-import re
-import socket
-
-import aiohttp
-import async_timeout
-
-from .const import URL_HASSIO_VERSION, URL_HASSIO_VERSION_BETA
-
-_LOGGER = logging.getLogger(__name__)
-
-_RE_VERSION = re.compile(r"VERSION=(.*)")
-_IMAGE_ARCH = re.compile(r".*/([a-z0-9]*)-hassio-supervisor")
-
-
-async def fetch_last_versions(websession, beta=False):
-    """Fetch current versions from github.
-
-    Is a coroutine.
-    """
-    url = URL_HASSIO_VERSION_BETA if beta else URL_HASSIO_VERSION
-    try:
-        with async_timeout.timeout(10, loop=websession.loop):
-            async with websession.get(url) as request:
-                return await request.json(content_type=None)
-
-    except (aiohttp.ClientError, asyncio.TimeoutError, KeyError) as err:
-        _LOGGER.warning("Can't fetch versions from %s! %s", url, err)
-
-    except json.JSONDecodeError as err:
-        _LOGGER.warning("Can't parse versions from %s! %s", url, err)
-
-
-def get_arch_from_image(image):
-    """Return arch from hassio image name."""
-    found = _IMAGE_ARCH.match(image)
-    if found:
-        return found.group(1)
-
-
-def get_version_from_env(env_list):
-    """Extract Version from ENV list."""
-    for env in env_list:
-        found = _RE_VERSION.match(env)
-        if found:
-            return found.group(1)
-
-    _LOGGER.error("Can't find VERSION in env")
-    return None
-
-
-def get_local_ip(loop):
-    """Retrieve local IP address.
-
-    Return a future.
-    """
-    def local_ip():
-        """Return local ip."""
-        try:
-            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-
-            # Use Google Public DNS server to determine own IP
-            sock.connect(('8.8.8.8', 80))
-
-            return sock.getsockname()[0]
-        except socket.error:
-            return socket.gethostbyname(socket.gethostname())
-        finally:
-            sock.close()
-
-    return loop.run_in_executor(None, local_ip)
-
-
-def write_json_file(jsonfile, data):
-    """Write a json file."""
-    try:
-        json_str = json.dumps(data, indent=2)
-        with jsonfile.open('w') as conf_file:
-            conf_file.write(json_str)
-    except (OSError, json.JSONDecodeError):
-        return False
-
-    return True
-
-
-def read_json_file(jsonfile):
-    """Read a json file and return a dict."""
-    with jsonfile.open('r') as cfile:
-        return json.loads(cfile.read())

misc/hassio.xml

@@ -1 +0,0 @@
-<mxfile userAgent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36" version="6.5.6" editor="www.draw.io" type="device"><diagram name="Page-1">5Vptc6M2EP41/ng3gHj9mPiSy820c5n6Q3sfsVBsNTJyhYid/voKkABZkOBY+KYtmYnR6pVn99ld1l6A5e74laX77a80Q2ThOdlxAb4sPC8OY/G/Erw2At9xG8GG4awR9QQr/DeSQkdKS5yhQhvIKSUc73UhpHmOINdkKWP0oA97okTfdZ9ukCFYwZSY0t9xxrdS6oZJ1/GA8GYrt469sOlYp/B5w2iZy/0WHniqr6Z7l6q15IMW2zSjh54I3C3AklHKm7vdcYlIBa2CrZl3P9LbnpuhnE+Z4DUTXlJSInXikIipt09UrCAOyF8lKOFfJVUdn4paZTdigNjtKD5ERw206DtIYKrenLJdSrrJ4m5TfX5fqX3E2Zqtmg4JS7urd9hijlb7FFbtg7A2MWjLd0S03Oo0mJAlJZTVowXYKIRQyAvO6DPq9Tj1Jc+/kutLvF4Q4+g4CqHbKkbYO6I7xNmrGKImJKCZIm09SKRuD53l+Arobc9oQjkulca6aZfuFCZupM6G9QcM/X3LcaW31WvB0e5CNGGG1vF6CE0QggRkrb7sAhhNBNCzAKBvAPiFwmfELkUOokCQ/trI+SZy3hBywAJyoYHcw9JArXaFqJpRUe9MLscQDXN5HQd+4NjB0A8DHcPQxDBwTAgDCxAmBl4oE3FINinjW7qheUruOumtjmgPPXTE/I9K/DkKZPOH6srFwZq+QDV/yBX+RJy/ygiclpwKUbfxL5Tu5RrNUavzvQ20eBxaMihHRTJ4p2yDeM9uTHUwRFKOX/TVLwFX5RK20fXeQDcB3im+deMRMSweALGfBbp/JdCj0Xxi3UX48xIMN6wSjNMEYlXuEXvBhXAJagOm+h7Sovj2fTTBaMXr0aSjMwP3fbdluKflMgybVEN3aFmA4sy347ZAoLstMJB1uPGA33JtRE3Xm4Nbbo9Yyou13NJ4VbuxeUnkqveOHouiK7EIzOO6NHh1dE/iQtc89VyFwIPfVK9YQgCJYBqGSnyPidpzqm5QnpmLCWFvqcFMfrm0qlgvvlZQUm8cvaxJrPLpRjy6wLByU9dxRSmKn6CtLFR3Rd5A/t56HS1/9224ovDKXHE/O3qQ/+zG8aWBfiKtPmjxwLR4d0Sn1i3enyVUSJ30srCJCPYcTk5zpHmb8xQ2Vl+AJXtp+WpPYdeKPa5ZUrjJMpoXhhqLbbqvbveMQlQU73sn3ZVN9lX34qr9fZMTCt07XhiBxANhEHtx7PhgpqRqyJN5bmB6ssSCI1O1nDmJ0rVOHdWlqYAkU59uc7zoXEAAOfWR4vq9Q5WqneE0Wq3Q0FJO6hdSz1ynobKxTm0U7dNMs5PYJCjk1KxYKX6WO9IMALcVOzAUyKdrRB5pgTmmuRiyppzTnRhAqo7btoitVVbrMna3xg3Bm2oup+fRvCvEnpZu5QYWiHxS0wEDNR0wkJBYqciaNJ5AUifSWOq/x1LX5OgUOk5Ity8PgO97LQshEng/L0SqvXsMPBwOpvcmBO+LWg2SiZDQMrs4Tl6FQInuz3xnIKeP5iovgLcLo9K4P5DEn8mRmTLEXqzt3hyaQ3qj0faDNPFNmjTmaz+S+icmc+pN7YVAMP6tjfNQrkcjIUzZ5fQL62uAfkH1Z4d+CThJJ4boN1TdsxLBopnY17f7yGaWOT9lP8i+YAb2TVZjYJDkK+bbuekxFp2QmwUomocevnppvQo94v9LcEpCnaOR5dgU/idjk/m9+G9oX71qUYbReBXl30s+Vf6dgXyi2f0WqlFG93szcPcP</diagram></mxfile>

misc/security.xml

@@ -1 +0,0 @@
-<mxfile userAgent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0" version="6.5.8" editor="www.draw.io" type="device"><diagram name="Page-1">5Vxdd5s4EP01fmwOkgCbx9hp2j7sNrvpnnYfiVFsTjDyghwn++tXGMmAxileEB9O+9BjBhjM3GHmzjXKhCw2L58Sf7v+jQU0mmAreJmQmwnGU4eI/zPDa24gyM0NqyQMchMqDPfhv1QaLWndhQFNKwdyxiIebqvGJYtjuuQVm58kbF897JFF1atu/RUFhvulH0Hr9zDg69w6w25h/0zD1VpdGblevufBXz6tEraL5fUmmDwe/uW7N77yJW80XfsB25dM5OOELBLGeP5p87KgURZaFbb8vNs39h6/d0Jjfs4JOD/h2Y928tZvwyTlwnTP/YTLL8lfVWA4fRF+52u+iYQBiY8pT9gTXbCIJcISs1gcOX8Mo0gz+VG4isXmUnwzKuzzZ5rwUIT8Wu7YhEGQXWa+X4ec3m/9ZXbNvcivzCGL+b38Go7aztMGeWIb3rcMRXYV+lIyyTh8omxDefIqDpF7ySw/Q6asKxHaF/gjS9rWJewVkr5MudXRcRF28UFG/jQKBKDwVypipAe/FPUtC2N+uKIznzg3mYUmobhwFtoblvA1W7HYj+4KawcxQhgGyT0Vo5mBINkgSJ/9NB1hkDAiw0XJAVFaiyhdffk6wkDZ7oCBckGg2JbGh1uKs2b2drT0wvXAOGcbsYPGwXXWfDJbxJZPP4uSqK4ryiuZTYNKU4JhK4VFRSChkc/D52rbOhUW6e0uQ7pAwNOeZ1sLbMp2yZLKk8ptRPMjoNMc4aqj/HaBowNIxzs8C7cpwE2ckdLlLgm5uNPbMH5kvaLnDIYenmrPj9sQPuLUODIH3wzCNxVxFtdz/9llrGcexiEvtibkOiNwfpTS7KjpTVtsD085mQd+uqaBPE/slmRilm29hPyH+PzBurIcuf232LauCFH7S5XwxvpZpuQQVDKlyaPfMlNsy60AjK2mmYJrHJnLFA9kip8+ZfsP+WHdfe8+E856/kk/EOqsApOGECJS48gchGqcK2GYUm4Sw8vss7hpoT5GVDlyvM6wg6NhtdGyLQ9ZLAi4G2WF+kHMK+7qULK1gr4VBHTPkkAv6nrJt7b70iFGir1Kj/K4iC6vsWPPUGMHjgzmCxxiq/mS0jQVCfNGvvyvZOk1VxQdQFcWmlbowNRtRQfsMacc0XWNpikHHL2RcgIG/7V0mJxJWyYlFA306lSk5Rv5Jg94oq+mM66egDSqW31xSm16J9OmGTOrcWSwSEF5xMi43xGSA1FL0rTd6NQSODKIJNRvfmfJxodQvmPJGlfZoN2nZo2gEHMZorWDYJQ6UxkR1DsuRLXuN0xw2L8c2brXSGE4Ug+mW6vkHn6gdpqKIbpw7RDcVcc6JtpolGv11I1g3HAcQ+MGcGQQwBOKyBnaNU/E0XhROY4zvn2fGrfKqUZ1wrDK7TSWTXCNI4NJBWWTXOYejb6tiF7fU4jbVIHQpxDgyCB6UF/IZ4Xete3x9GK3aSnXxW3X7kzcPvHrfzdi5SAypVuVKV3itqros1EzhykyxByAoz6FylOvNbx7obI3XqANbNPG70nMahwZrFBQOBizUjkUSZjqM3VTkgAcGYQSihuXoZR5fQobBAobF6KU9RsmqCJcjlLWb6TguD6YUqaSe3h27plSyrzulDJS9ypB70qZeupGwHc9U0oZcGQQwPqf3dsoZflxFy6UkTZlwrBQ5pkSyoAjgzkFf7ovhLLbb1+/3XWfDGfVCnzubGyYCiPLlGAGPRmEESovZcXMCJAX2pqRZUo5Q1Z30hmpW4DRjXSWdYVDLzgcNcu64gVqaSrZRsotEDIlpkFPfapppH6VyftT03ojD/qqvebLjmZ1ngyWLSjCjFlPG4xEIFOCGvRkDky1TPHEy3+iSooiia2TPOLXeRVw5kqeVWoauKtXAW2oSY1U4LQ1noQ9G4SpuwXsGIRptAqnM2ScoPwzZolz0FBBouMvRTvwOT3WQJ2GywJZEHAzHLrgzIpB54wZ2a0Ys32iOaoHaQDGfHyd+rjQXWld7ZfMqwbaQb+E5Kc6s0mVzeDANsR6LNIy1fCJVDt3CUYXw5lWWWyvYaoRp85Tn8OZA8nbH39+WLCAts2YrtZTnVtuWg9Wem1pysXJTAPcsc8DvAmckPyNHM5z9ZbWo5UOgtvw+UWkzpNBOCFJ/ZKvzv7lJiqtPx8LV3l1lXpNp+VIJTaLv/mWo1b8XT3y8T8=</diagram></mxfile>

pylintrc

@@ -1,38 +0,0 @@
-[MASTER]
-reports=no
-
-# Reasons disabled:
-# locally-disabled - it spams too much
-# duplicate-code - unavoidable
-# cyclic-import - doesn't test if both import on load
-# abstract-class-little-used - prevents from setting right foundation
-# abstract-class-not-used - is flaky, should not show up but does
-# unused-argument - generic callbacks and setup methods create a lot of warnings
-# global-statement - used for the on-demand requirement installation
-# redefined-variable-type - this is Python, we're duck typing!
-# too-many-* - are not enforced for the sake of readability
-# too-few-* - same as too-many-*
-# abstract-method - with intro of async there are always methods missing
-
-disable=
-  locally-disabled,
-  duplicate-code,
-  cyclic-import,
-  abstract-class-little-used,
-  abstract-class-not-used,
-  unused-argument,
-  global-statement,
-  redefined-variable-type,
-  too-many-arguments,
-  too-many-branches,
-  too-many-instance-attributes,
-  too-many-locals,
-  too-many-public-methods,
-  too-many-return-statements,
-  too-many-statements,
-  too-many-lines,
-  too-few-public-methods,
-  abstract-method
-
-[EXCEPTIONS]
-overgeneral-exceptions=Exception,HomeAssistantError

pyproject.toml

@@ -0,0 +1,374 @@
+[build-system]
+requires = ["setuptools~=75.8.0", "wheel~=0.45.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "Supervisor"
+dynamic = ["version", "dependencies"]
+license = { text = "Apache-2.0" }
+description = "Open-source private cloud os for Home-Assistant based on HassOS"
+readme = "README.md"
+authors = [
+    { name = "The Home Assistant Authors", email = "hello@home-assistant.io" },
+]
+keywords = ["docker", "home-assistant", "api"]
+requires-python = ">=3.13.0"
+
+[project.urls]
+"Homepage" = "https://www.home-assistant.io/"
+"Source Code" = "https://github.com/home-assistant/supervisor"
+"Bug Reports" = "https://github.com/home-assistant/supervisor/issues"
+"Docs: Dev" = "https://developers.home-assistant.io/"
+"Discord" = "https://www.home-assistant.io/join-chat/"
+"Forum" = "https://community.home-assistant.io/"
+
+[tool.setuptools]
+platforms = ["any"]
+zip-safe = false
+include-package-data = true
+
+[tool.setuptools.packages.find]
+include = ["supervisor*"]
+
+[tool.pylint.MAIN]
+py-version = "3.13"
+# Use a conservative default here; 2 should speed up most setups and not hurt
+# any too bad. Override on command line as appropriate.
+jobs = 2
+persistent = false
+extension-pkg-allow-list = ["ciso8601"]
+
+[tool.pylint.BASIC]
+class-const-naming-style = "any"
+good-names = ["id", "i", "j", "k", "ex", "Run", "_", "fp", "T", "os"]
+
+[tool.pylint."MESSAGES CONTROL"]
+# Reasons disabled:
+# format - handled by ruff
+# abstract-method - with intro of async there are always methods missing
+# cyclic-import - doesn't test if both import on load
+# duplicate-code - unavoidable
+# locally-disabled - it spams too much
+# too-many-* - are not enforced for the sake of readability
+# too-few-* - same as too-many-*
+# unused-argument - generic callbacks and setup methods create a lot of warnings
+disable = [
+    "format",
+    "abstract-method",
+    "cyclic-import",
+    "duplicate-code",
+    "locally-disabled",
+    "no-else-return",
+    "not-context-manager",
+    "too-few-public-methods",
+    "too-many-arguments",
+    "too-many-branches",
+    "too-many-instance-attributes",
+    "too-many-lines",
+    "too-many-locals",
+    "too-many-public-methods",
+    "too-many-return-statements",
+    "too-many-statements",
+    "unused-argument",
+    "consider-using-with",
+
+    # Handled by ruff
+    # Ref: <https://github.com/astral-sh/ruff/issues/970>
+    "await-outside-async",    # PLE1142
+    "bad-str-strip-call",     # PLE1310
+    "bad-string-format-type", # PLE1307
+    "bidirectional-unicode",  # PLE2502
+    "continue-in-finally",    # PLE0116
+    "duplicate-bases",        # PLE0241
+    "format-needs-mapping",   # F502
+    "function-redefined",     # F811
+    # Needed because ruff does not understand type of __all__ generated by a function
+    # "invalid-all-format", # PLE0605
+    "invalid-all-object",                 # PLE0604
+    "invalid-character-backspace",        # PLE2510
+    "invalid-character-esc",              # PLE2513
+    "invalid-character-nul",              # PLE2514
+    "invalid-character-sub",              # PLE2512
+    "invalid-character-zero-width-space", # PLE2515
+    "logging-too-few-args",               # PLE1206
+    "logging-too-many-args",              # PLE1205
+    "missing-format-string-key",          # F524
+    "mixed-format-string",                # F506
+    "no-method-argument",                 # N805
+    "no-self-argument",                   # N805
+    "nonexistent-operator",               # B002
+    "nonlocal-without-binding",           # PLE0117
+    "not-in-loop",                        # F701, F702
+    "notimplemented-raised",              # F901
+    "return-in-init",                     # PLE0101
+    "return-outside-function",            # F706
+    "syntax-error",                       # E999
+    "too-few-format-args",                # F524
+    "too-many-format-args",               # F522
+    "too-many-star-expressions",          # F622
+    "truncated-format-string",            # F501
+    "undefined-all-variable",             # F822
+    "undefined-variable",                 # F821
+    "used-prior-global-declaration",      # PLE0118
+    "yield-inside-async-function",        # PLE1700
+    "yield-outside-function",             # F704
+    "anomalous-backslash-in-string",      # W605
+    "assert-on-string-literal",           # PLW0129
+    "assert-on-tuple",                    # F631
+    "bad-format-string",                  # W1302, F
+    "bad-format-string-key",              # W1300, F
+    "bare-except",                        # E722
+    "binary-op-exception",                # PLW0711
+    "cell-var-from-loop",                 # B023
+    # "dangerous-default-value", # B006, ruff catches new occurrences, needs more work
+    "duplicate-except",                     # B014
+    "duplicate-key",                        # F601
+    "duplicate-string-formatting-argument", # F
+    "duplicate-value",                      # F
+    "eval-used",                            # PGH001
+    "exec-used",                            # S102
+    # "expression-not-assigned", # B018, ruff catches new occurrences, needs more work
+    "f-string-without-interpolation",      # F541
+    "forgotten-debug-statement",           # T100
+    "format-string-without-interpolation", # F
+    # "global-statement", # PLW0603, ruff catches new occurrences, needs more work
+    "global-variable-not-assigned",  # PLW0602
+    "implicit-str-concat",           # ISC001
+    "import-self",                   # PLW0406
+    "inconsistent-quotes",           # Q000
+    "invalid-envvar-default",        # PLW1508
+    "keyword-arg-before-vararg",     # B026
+    "logging-format-interpolation",  # G
+    "logging-fstring-interpolation", # G
+    "logging-not-lazy",              # G
+    "misplaced-future",              # F404
+    "named-expr-without-context",    # PLW0131
+    "nested-min-max",                # PLW3301
+    # "pointless-statement", # B018, ruff catches new occurrences, needs more work
+    "raise-missing-from", # TRY200
+    # "redefined-builtin", # A001, ruff is way more stricter, needs work
+    "try-except-raise",               # TRY203
+    "unused-argument",                # ARG001, we don't use it
+    "unused-format-string-argument",  #F507
+    "unused-format-string-key",       # F504
+    "unused-import",                  # F401
+    "unused-variable",                # F841
+    "useless-else-on-loop",           # PLW0120
+    "wildcard-import",                # F403
+    "bad-classmethod-argument",       # N804
+    "consider-iterating-dictionary",  # SIM118
+    "empty-docstring",                # D419
+    "invalid-name",                   # N815
+    "line-too-long",                  # E501, disabled globally
+    "missing-class-docstring",        # D101
+    "missing-final-newline",          # W292
+    "missing-function-docstring",     # D103
+    "missing-module-docstring",       # D100
+    "multiple-imports",               #E401
+    "singleton-comparison",           # E711, E712
+    "subprocess-run-check",           # PLW1510
+    "superfluous-parens",             # UP034
+    "ungrouped-imports",              # I001
+    "unidiomatic-typecheck",          # E721
+    "unnecessary-direct-lambda-call", # PLC3002
+    "unnecessary-lambda-assignment",  # PLC3001
+    "unneeded-not",                   # SIM208
+    "useless-import-alias",           # PLC0414
+    "wrong-import-order",             # I001
+    "wrong-import-position",          # E402
+    "comparison-of-constants",        # PLR0133
+    "comparison-with-itself",         # PLR0124
+    # "consider-alternative-union-syntax", # UP007, typing extension
+    "consider-merging-isinstance", # PLR1701
+    # "consider-using-alias",              # UP006, typing extension
+    "consider-using-dict-comprehension", # C402
+    "consider-using-generator",          # C417
+    "consider-using-get",                # SIM401
+    "consider-using-set-comprehension",  # C401
+    "consider-using-sys-exit",           # PLR1722
+    "consider-using-ternary",            # SIM108
+    "literal-comparison",                # F632
+    "property-with-parameters",          # PLR0206
+    "super-with-arguments",              # UP008
+    "too-many-branches",                 # PLR0912
+    "too-many-return-statements",        # PLR0911
+    "too-many-statements",               # PLR0915
+    "trailing-comma-tuple",              # COM818
+    "unnecessary-comprehension",         # C416
+    "use-a-generator",                   # C417
+    "use-dict-literal",                  # C406
+    "use-list-literal",                  # C405
+    "useless-object-inheritance",        # UP004
+    "useless-return",                    # PLR1711
+    # "no-self-use", # PLR6301  # Optional plugin, not enabled
+]
+
+[tool.pylint.REPORTS]
+score = false
+
+[tool.pylint.TYPECHECK]
+ignored-modules = ["distutils"]
+
+[tool.pylint.FORMAT]
+expected-line-ending-format = "LF"
+
+[tool.pylint.EXCEPTIONS]
+overgeneral-exceptions = ["builtins.BaseException", "builtins.Exception"]
+
+[tool.pylint.DESIGN]
+max-positional-arguments = 10
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+norecursedirs = [".git"]
+log_format = "%(asctime)s.%(msecs)03d %(levelname)-8s %(threadName)s %(name)s:%(filename)s:%(lineno)s %(message)s"
+log_date_format = "%Y-%m-%d %H:%M:%S"
+asyncio_default_fixture_loop_scope = "function"
+asyncio_mode = "auto"
+filterwarnings = [
+    "error",
+    "ignore:pkg_resources is deprecated as an API:DeprecationWarning:dirhash",
+    "ignore::pytest.PytestUnraisableExceptionWarning",
+]
+
+[tool.ruff]
+lint.select = [
+    "B002",    # Python does not support the unary prefix increment
+    "B007",    # Loop control variable {name} not used within loop body
+    "B014",    # Exception handler with duplicate exception
+    "B023",    # Function definition does not bind loop variable {name}
+    "B026",    # Star-arg unpacking after a keyword argument is strongly discouraged
+    "B904",    # Use raise from to specify exception cause
+    "C",       # complexity
+    "COM818",  # Trailing comma on bare tuple prohibited
+    "D",       # docstrings
+    "DTZ003",  # Use datetime.now(tz=) instead of datetime.utcnow()
+    "DTZ004",  # Use datetime.fromtimestamp(ts, tz=) instead of datetime.utcfromtimestamp(ts)
+    "E",       # pycodestyle
+    "F",       # pyflakes/autoflake
+    "G",       # flake8-logging-format
+    "I",       # isort
+    "ICN001",  # import concentions; {name} should be imported as {asname}
+    "N804",    # First argument of a class method should be named cls
+    "N805",    # First argument of a method should be named self
+    "N815",    # Variable {name} in class scope should not be mixedCase
+    "PGH004",  # Use specific rule codes when using noqa
+    "PLC0414", # Useless import alias. Import alias does not rename original package.
+    "PLC",     # pylint
+    "PLE",     # pylint
+    "PLR",     # pylint
+    "PLW",     # pylint
+    "Q000",    # Double quotes found but single quotes preferred
+    "RUF006",  # Store a reference to the return value of asyncio.create_task
+    "S102",    # Use of exec detected
+    "S103",    # bad-file-permissions
+    "S108",    # hardcoded-temp-file
+    "S306",    # suspicious-mktemp-usage
+    "S307",    # suspicious-eval-usage
+    "S313",    # suspicious-xmlc-element-tree-usage
+    "S314",    # suspicious-xml-element-tree-usage
+    "S315",    # suspicious-xml-expat-reader-usage
+    "S316",    # suspicious-xml-expat-builder-usage
+    "S317",    # suspicious-xml-sax-usage
+    "S318",    # suspicious-xml-mini-dom-usage
+    "S319",    # suspicious-xml-pull-dom-usage
+    "S320",    # suspicious-xmle-tree-usage
+    "S601",    # paramiko-call
+    "S602",    # subprocess-popen-with-shell-equals-true
+    "S604",    # call-with-shell-equals-true
+    "S608",    # hardcoded-sql-expression
+    "S609",    # unix-command-wildcard-injection
+    "SIM105",  # Use contextlib.suppress({exception}) instead of try-except-pass
+    "SIM117",  # Merge with-statements that use the same scope
+    "SIM118",  # Use {key} in {dict} instead of {key} in {dict}.keys()
+    "SIM201",  # Use {left} != {right} instead of not {left} == {right}
+    "SIM208",  # Use {expr} instead of not (not {expr})
+    "SIM212",  # Use {a} if {a} else {b} instead of {b} if not {a} else {a}
+    "SIM300",  # Yoda conditions. Use 'age == 42' instead of '42 == age'.
+    "SIM401",  # Use get from dict with default instead of an if block
+    "T100",    # Trace found: {name} used
+    "T20",     # flake8-print
+    "TID251",  # Banned imports
+    "TRY004",  # Prefer TypeError exception for invalid type
+    "TRY203",  # Remove exception handler; error is immediately re-raised
+    "UP",      # pyupgrade
+    "W",       # pycodestyle
+]
+
+lint.ignore = [
+    "D202", # No blank lines allowed after function docstring
+    "D203", # 1 blank line required before class docstring
+    "D213", # Multi-line docstring summary should start at the second line
+    "D406", # Section name should end with a newline
+    "D407", # Section name underlining
+    "E501", # line too long
+    "E731", # do not assign a lambda expression, use a def
+
+    # Ignore ignored, as the rule is now back in preview/nursery, which cannot
+    # be ignored anymore without warnings.
+    # https://github.com/astral-sh/ruff/issues/7491
+    # "PLC1901", # Lots of false positives
+
+    # False positives https://github.com/astral-sh/ruff/issues/5386
+    "PLC0208", # Use a sequence type instead of a `set` when iterating over values
+    "PLR0911", # Too many return statements ({returns} > {max_returns})
+    "PLR0912", # Too many branches ({branches} > {max_branches})
+    "PLR0913", # Too many arguments to function call ({c_args} > {max_args})
+    "PLR0915", # Too many statements ({statements} > {max_statements})
+    "PLR2004", # Magic value used in comparison, consider replacing {value} with a constant variable
+    "PLW2901", # Outer {outer_kind} variable {name} overwritten by inner {inner_kind} target
+    "UP006",   # keep type annotation style as is
+    "UP007",   # keep type annotation style as is
+    # Ignored due to performance: https://github.com/charliermarsh/ruff/issues/2923
+    "UP038", # Use `X | Y` in `isinstance` call instead of `(X, Y)`
+
+    # May conflict with the formatter, https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
+    "W191",
+    "E111",
+    "E114",
+    "E117",
+    "D206",
+    "D300",
+    "Q000",
+    "Q001",
+    "Q002",
+    "Q003",
+    "COM812",
+    "COM819",
+    "ISC001",
+    "ISC002",
+
+    # Disabled because ruff does not understand type of __all__ generated by a function
+    "PLE0605",
+]
+
+[tool.ruff.lint.flake8-import-conventions.extend-aliases]
+voluptuous = "vol"
+
+[tool.ruff.lint.flake8-pytest-style]
+fixture-parentheses = false
+
+[tool.ruff.lint.flake8-tidy-imports.banned-api]
+"pytz".msg = "use zoneinfo instead"
+
+[tool.ruff.lint.isort]
+force-sort-within-sections = true
+section-order = [
+    "future",
+    "standard-library",
+    "third-party",
+    "first-party",
+    "local-folder",
+]
+forced-separate = ["tests"]
+known-first-party = ["supervisor", "tests"]
+combine-as-imports = true
+split-on-trailing-comma = false
+
+[tool.ruff.lint.per-file-ignores]
+
+# DBus Service Mocks must use typing and names understood by dbus-fast
+"tests/dbus_service_mocks/*.py" = ["F722", "F821", "N815"]
+
+[tool.ruff.lint.mccabe]
+max-complexity = 25

requirements.txt

@@ -0,0 +1,29 @@
+aiodns==3.2.0
+aiohttp==3.11.12
+atomicwrites-homeassistant==1.4.1
+attrs==25.1.0
+awesomeversion==24.6.0
+brotli==1.1.0
+ciso8601==2.3.2
+colorlog==6.9.0
+cpe==1.3.1
+cryptography==44.0.0
+debugpy==1.8.12
+deepmerge==2.0
+dirhash==0.5.0
+docker==7.1.0
+faust-cchardet==2.1.19
+gitpython==3.1.44
+jinja2==3.1.5
+orjson==3.10.12
+pulsectl==24.12.0
+pyudev==0.24.3
+PyYAML==6.0.2
+requests==2.32.3
+securetar==2025.1.4
+sentry-sdk==2.20.0
+setuptools==75.8.0
+voluptuous==0.15.2
+dbus-fast==2.33.0
+typing_extensions==4.12.2
+zlib-fast==0.2.0

requirements_tests.txt

@@ -0,0 +1,13 @@
+astroid==3.3.8
+coverage==7.6.12
+pre-commit==4.1.0
+pylint==3.3.4
+pytest-aiohttp==1.1.0
+pytest-asyncio==0.25.2
+pytest-cov==6.0.0
+pytest-timeout==2.3.1
+pytest==8.3.4
+ruff==0.9.6
+time-machine==2.16.0
+typing_extensions==4.12.2
+urllib3==2.3.0

rootfs/etc/cont-init.d/udev.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Start udev service
+# ==============================================================================
+
+if bashio::fs.directory_exists /run/udev && ! bashio::fs.file_exists /run/.old_udev; then
+    bashio::log.info "Using udev information from host"
+    bashio::exit.ok
+fi
+
+bashio::log.info "Setup udev backend inside container"
+udevd --daemon
+
+bashio::log.info "Update udev information"
+touch /run/.old_udev
+if udevadm trigger; then
+    udevadm settle || true
+else
+    bashio::log.warning "Triggering of udev rules fails!"
+fi

rootfs/etc/pulse/client.conf

@@ -0,0 +1,35 @@
+# This file is part of PulseAudio.
+#
+# PulseAudio is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# PulseAudio is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
+
+## Configuration file for PulseAudio clients. See pulse-client.conf(5) for
+## more information. Default values are commented out.  Use either ; or # for
+## commenting.
+
+; default-sink =
+; default-source =
+default-server = unix://data/audio/external/pulse.sock
+; default-dbus-server =
+
+autospawn = no
+; daemon-binary = /usr/bin/pulseaudio
+; extra-arguments = --log-target=syslog
+
+cookie-file = /run/pulse-cookie
+
+; enable-shm = yes
+; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB
+
+; auto-connect-localhost = no
+; auto-connect-display = no

rootfs/etc/services.d/supervisor/finish

@@ -0,0 +1,11 @@
+#!/usr/bin/env bashio
+# ==============================================================================
+# Take down the S6 supervision tree when Supervisor fails
+# ==============================================================================
+
+if [[ "$1" -ne 100 ]] && [[ "$1" -ne 256 ]]; then
+  bashio::log.warning "Halt Supervisor"
+  /run/s6/basedir/bin/halt
+fi
+
+bashio::log.info "Supervisor restart after closing"

rootfs/etc/services.d/supervisor/run

@@ -0,0 +1,8 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Start Supervisor service
+# ==============================================================================
+export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
+export MALLOC_CONF="background_thread:true,metadata_thp:auto"
+
+exec python3 -m supervisor

rootfs/etc/services.d/watchdog/finish

@@ -0,0 +1,11 @@
+#!/usr/bin/env bashio
+# ==============================================================================
+# Take down the S6 supervision tree when Watchdog fails
+# ==============================================================================
+
+if [[ "$1" -ne 0 ]] && [[ "$1" -ne 256 ]]; then
+  bashio::log.warning "Halt Supervisor (Wuff)"
+  /run/s6/basedir/bin/halt
+fi
+
+bashio::log.info "Watchdog restart after closing"

rootfs/etc/services.d/watchdog/run

@@ -0,0 +1,34 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Start Watchdog service
+# ==============================================================================
+declare failed_count=0
+declare supervisor_state
+
+bashio::log.info "Starting local supervisor watchdog..."
+
+while [[ failed_count -lt 2 ]];
+do
+    sleep 300
+    supervisor_state="$(cat /run/supervisor)"
+
+    if [[ "${supervisor_state}" = "running"  ]]; then
+
+        # Check API
+        if bashio::supervisor.ping > /dev/null; then
+            failed_count=0
+        else
+            bashio::log.warning "Maybe found an issue on API healthy"
+            ((failed_count++))
+        fi
+
+    elif [[  "close stopping" = *"${supervisor_state}"* ]]; then
+        bashio::log.warning "Maybe found an issue on shutdown"
+        ((failed_count++))
+    else
+        failed_count=0
+    fi
+
+done
+
+bashio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"

setup.py

@@ -1,44 +1,28 @@
+"""Home Assistant Supervisor setup."""
+
+from pathlib import Path
+import re
+
 from setuptools import setup
 
-from hassio.const import HASSIO_VERSION
+RE_SUPERVISOR_VERSION = re.compile(r"^SUPERVISOR_VERSION =\s*(.+)$")
+
+SUPERVISOR_DIR = Path(__file__).parent
+REQUIREMENTS_FILE = SUPERVISOR_DIR / "requirements.txt"
+CONST_FILE = SUPERVISOR_DIR / "supervisor/const.py"
+
+REQUIREMENTS = REQUIREMENTS_FILE.read_text(encoding="utf-8")
+CONSTANTS = CONST_FILE.read_text(encoding="utf-8")
+
+
+def _get_supervisor_version():
+    for line in CONSTANTS.split("/n"):
+        if match := RE_SUPERVISOR_VERSION.match(line):
+            return match.group(1)
+    return "9999.09.9.dev9999"
 
 
 setup(
-    name='HassIO',
-    version=HASSIO_VERSION,
-    license='BSD License',
-    author='The Home Assistant Authors',
-    author_email='hello@home-assistant.io',
-    url='https://home-assistant.io/',
-    description=('Open-source private cloud os for Home-Assistant'
-                 ' based on ResinOS'),
-    long_description=('A maintenainless private cloud operator system that'
-                      'setup a Home-Assistant instance. Based on ResinOS'),
-    classifiers=[
-        'Intended Audience :: End Users/Desktop',
-        'Intended Audience :: Developers',
-        'License :: OSI Approved :: Apache Software License',
-        'Operating System :: OS Independent',
-        'Topic :: Home Automation'
-        'Topic :: Software Development :: Libraries :: Python Modules',
-        'Topic :: Scientific/Engineering :: Atmospheric Science',
-        'Development Status :: 5 - Production/Stable',
-        'Intended Audience :: Developers',
-        'Programming Language :: Python :: 3.5',
-    ],
-    keywords=['docker', 'home-assistant', 'api'],
-    zip_safe=False,
-    platforms='any',
-    packages=['hassio', 'hassio.dock', 'hassio.api', 'hassio.addons'],
-    include_package_data=True,
-    install_requires=[
-        'async_timeout',
-        'aiohttp',
-        'docker',
-        'colorlog',
-        'voluptuous',
-        'gitpython',
-        'pyotp',
-        'pyqrcode'
-    ]
+    version=_get_supervisor_version(),
+    dependencies=REQUIREMENTS.split("/n"),
 )

supervisor/__init__.py

@@ -0,0 +1 @@
+"""Init file for Supervisor."""

supervisor/__main__.py

@@ -0,0 +1,76 @@
+"""Main file for Supervisor."""
+
+import asyncio
+from concurrent.futures import ThreadPoolExecutor
+import logging
+from pathlib import Path
+import sys
+
+import zlib_fast
+
+# Enable fast zlib before importing supervisor
+zlib_fast.enable()
+
+from supervisor import bootstrap  # pylint: disable=wrong-import-position # noqa: E402
+from supervisor.utils.logging import (  # pylint: disable=wrong-import-position  # noqa: E402
+    activate_log_queue_handler,
+)
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+CONTAINER_OS_STARTUP_CHECK = Path("/run/os/startup-marker")
+
+
+def run_os_startup_check_cleanup() -> None:
+    """Cleanup OS startup check."""
+    if not CONTAINER_OS_STARTUP_CHECK.exists():
+        return
+
+    try:
+        CONTAINER_OS_STARTUP_CHECK.unlink()
+    except OSError as err:
+        _LOGGER.warning("Not able to remove the startup health file: %s", err)
+
+
+# pylint: disable=invalid-name
+if __name__ == "__main__":
+    bootstrap.initialize_logging()
+
+    # Init async event loop
+    loop = asyncio.new_event_loop()
+    asyncio.set_event_loop(loop)
+
+    # Check if all information are available to setup Supervisor
+    bootstrap.check_environment()
+
+    # init executor pool
+    executor = ThreadPoolExecutor(thread_name_prefix="SyncWorker")
+    loop.set_default_executor(executor)
+
+    activate_log_queue_handler()
+
+    _LOGGER.info("Initializing Supervisor setup")
+    coresys = loop.run_until_complete(bootstrap.initialize_coresys())
+    loop.set_debug(coresys.config.debug)
+    loop.run_until_complete(coresys.core.connect())
+
+    bootstrap.supervisor_debugger(coresys)
+    bootstrap.migrate_system_env(coresys)
+
+    # Signal health startup for container
+    run_os_startup_check_cleanup()
+
+    _LOGGER.info("Setting up Supervisor")
+    loop.run_until_complete(coresys.core.setup())
+
+    loop.call_soon_threadsafe(loop.create_task, coresys.core.start())
+    loop.call_soon_threadsafe(bootstrap.reg_signal, loop, coresys)
+
+    try:
+        _LOGGER.info("Running Supervisor")
+        loop.run_forever()
+    finally:
+        loop.close()
+
+    _LOGGER.info("Closing Supervisor")
+    sys.exit(coresys.core.exit_code)

supervisor/addons/__init__.py

@@ -0,0 +1 @@
+"""Init file for Supervisor add-ons."""

supervisor/addons/build.py

@@ -0,0 +1,140 @@
+"""Supervisor add-on build environment."""
+
+from __future__ import annotations
+
+from functools import cached_property
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from awesomeversion import AwesomeVersion
+
+from ..const import (
+    ATTR_ARGS,
+    ATTR_BUILD_FROM,
+    ATTR_LABELS,
+    ATTR_SQUASH,
+    FILE_SUFFIX_CONFIGURATION,
+    META_ADDON,
+)
+from ..coresys import CoreSys, CoreSysAttributes
+from ..docker.interface import MAP_ARCH
+from ..exceptions import ConfigurationFileError, HassioArchNotFound
+from ..utils.common import FileConfiguration, find_one_filetype
+from .validate import SCHEMA_BUILD_CONFIG
+
+if TYPE_CHECKING:
+    from . import AnyAddon
+
+
+class AddonBuild(FileConfiguration, CoreSysAttributes):
+    """Handle build options for add-ons."""
+
+    def __init__(self, coresys: CoreSys, addon: AnyAddon) -> None:
+        """Initialize Supervisor add-on builder."""
+        self.coresys: CoreSys = coresys
+        self.addon = addon
+
+        try:
+            build_file = find_one_filetype(
+                self.addon.path_location, "build", FILE_SUFFIX_CONFIGURATION
+            )
+        except ConfigurationFileError:
+            build_file = self.addon.path_location / "build.json"
+
+        super().__init__(build_file, SCHEMA_BUILD_CONFIG)
+
+    def save_data(self):
+        """Ignore save function."""
+        raise RuntimeError()
+
+    @cached_property
+    def arch(self) -> str:
+        """Return arch of the add-on."""
+        return self.sys_arch.match(self.addon.arch)
+
+    @property
+    def base_image(self) -> str:
+        """Return base image for this add-on."""
+        if not self._data[ATTR_BUILD_FROM]:
+            return f"ghcr.io/home-assistant/{self.sys_arch.default}-base:latest"
+
+        if isinstance(self._data[ATTR_BUILD_FROM], str):
+            return self._data[ATTR_BUILD_FROM]
+
+        # Evaluate correct base image
+        if self.arch not in self._data[ATTR_BUILD_FROM]:
+            raise HassioArchNotFound(
+                f"Add-on {self.addon.slug} is not supported on {self.arch}"
+            )
+        return self._data[ATTR_BUILD_FROM][self.arch]
+
+    @property
+    def dockerfile(self) -> Path:
+        """Return Dockerfile path."""
+        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
+            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
+        return self.addon.path_location.joinpath("Dockerfile")
+
+    @property
+    def squash(self) -> bool:
+        """Return True or False if squash is active."""
+        return self._data[ATTR_SQUASH]
+
+    @property
+    def additional_args(self) -> dict[str, str]:
+        """Return additional Docker build arguments."""
+        return self._data[ATTR_ARGS]
+
+    @property
+    def additional_labels(self) -> dict[str, str]:
+        """Return additional Docker labels."""
+        return self._data[ATTR_LABELS]
+
+    @property
+    def is_valid(self) -> bool:
+        """Return true if the build env is valid."""
+        try:
+            return all(
+                [
+                    self.addon.path_location.is_dir(),
+                    self.dockerfile.is_file(),
+                ]
+            )
+        except HassioArchNotFound:
+            return False
+
+    def get_docker_args(self, version: AwesomeVersion, image: str | None = None):
+        """Create a dict with Docker build arguments."""
+        args = {
+            "path": str(self.addon.path_location),
+            "tag": f"{image or self.addon.image}:{version!s}",
+            "dockerfile": str(self.dockerfile),
+            "pull": True,
+            "forcerm": not self.sys_dev,
+            "squash": self.squash,
+            "platform": MAP_ARCH[self.arch],
+            "labels": {
+                "io.hass.version": version,
+                "io.hass.arch": self.arch,
+                "io.hass.type": META_ADDON,
+                "io.hass.name": self._fix_label("name"),
+                "io.hass.description": self._fix_label("description"),
+                **self.additional_labels,
+            },
+            "buildargs": {
+                "BUILD_FROM": self.base_image,
+                "BUILD_VERSION": version,
+                "BUILD_ARCH": self.sys_arch.default,
+                **self.additional_args,
+            },
+        }
+
+        if self.addon.url:
+            args["labels"]["io.hass.url"] = self.addon.url
+
+        return args
+
+    def _fix_label(self, label_name: str) -> str:
+        """Remove characters they are not supported."""
+        label = getattr(self.addon, label_name, "")
+        return label.replace("'", "")

supervisor/addons/configuration.py

@@ -0,0 +1,11 @@
+"""Confgiuration Objects for Addon Config."""
+
+from dataclasses import dataclass
+
+
+@dataclass(slots=True)
+class FolderMapping:
+    """Represent folder mapping configuration."""
+
+    path: str | None
+    read_only: bool

supervisor/addons/const.py

@@ -0,0 +1,49 @@
+"""Add-on static data."""
+
+from datetime import timedelta
+from enum import StrEnum
+
+from ..jobs.const import JobCondition
+
+
+class AddonBackupMode(StrEnum):
+    """Backup mode of an Add-on."""
+
+    HOT = "hot"
+    COLD = "cold"
+
+
+class MappingType(StrEnum):
+    """Mapping type of an Add-on Folder."""
+
+    DATA = "data"
+    CONFIG = "config"
+    SSL = "ssl"
+    ADDONS = "addons"
+    BACKUP = "backup"
+    SHARE = "share"
+    MEDIA = "media"
+    HOMEASSISTANT_CONFIG = "homeassistant_config"
+    ALL_ADDON_CONFIGS = "all_addon_configs"
+    ADDON_CONFIG = "addon_config"
+
+
+ATTR_BACKUP = "backup"
+ATTR_BREAKING_VERSIONS = "breaking_versions"
+ATTR_CODENOTARY = "codenotary"
+ATTR_READ_ONLY = "read_only"
+ATTR_PATH = "path"
+WATCHDOG_RETRY_SECONDS = 10
+WATCHDOG_MAX_ATTEMPTS = 5
+WATCHDOG_THROTTLE_PERIOD = timedelta(minutes=30)
+WATCHDOG_THROTTLE_MAX_CALLS = 10
+
+ADDON_UPDATE_CONDITIONS = [
+    JobCondition.FREE_SPACE,
+    JobCondition.HEALTHY,
+    JobCondition.INTERNET_HOST,
+    JobCondition.PLUGINS_UPDATED,
+    JobCondition.SUPERVISOR_UPDATED,
+]
+
+RE_SLUG = r"[-_.A-Za-z0-9]+"

supervisor/addons/data.py

@@ -0,0 +1,71 @@
+"""Init file for Supervisor add-on data."""
+
+from copy import deepcopy
+from typing import Any
+
+from ..const import (
+    ATTR_IMAGE,
+    ATTR_OPTIONS,
+    ATTR_SYSTEM,
+    ATTR_USER,
+    ATTR_VERSION,
+    FILE_HASSIO_ADDONS,
+)
+from ..coresys import CoreSys, CoreSysAttributes
+from ..store.addon import AddonStore
+from ..utils.common import FileConfiguration
+from .addon import Addon
+from .validate import SCHEMA_ADDONS_FILE
+
+Config = dict[str, Any]
+
+
+class AddonsData(FileConfiguration, CoreSysAttributes):
+    """Hold data for installed Add-ons inside Supervisor."""
+
+    def __init__(self, coresys: CoreSys):
+        """Initialize data holder."""
+        super().__init__(FILE_HASSIO_ADDONS, SCHEMA_ADDONS_FILE)
+        self.coresys: CoreSys = coresys
+
+    @property
+    def user(self):
+        """Return local add-on user data."""
+        return self._data[ATTR_USER]
+
+    @property
+    def system(self):
+        """Return local add-on data."""
+        return self._data[ATTR_SYSTEM]
+
+    def install(self, addon: AddonStore) -> None:
+        """Set addon as installed."""
+        self.system[addon.slug] = deepcopy(addon.data)
+        self.user[addon.slug] = {
+            ATTR_OPTIONS: {},
+            ATTR_VERSION: addon.version,
+            ATTR_IMAGE: addon.image,
+        }
+        self.save_data()
+
+    def uninstall(self, addon: Addon) -> None:
+        """Set add-on as uninstalled."""
+        self.system.pop(addon.slug, None)
+        self.user.pop(addon.slug, None)
+        self.save_data()
+
+    def update(self, addon: AddonStore) -> None:
+        """Update version of add-on."""
+        self.system[addon.slug] = deepcopy(addon.data)
+        self.user[addon.slug].update(
+            {ATTR_VERSION: addon.version, ATTR_IMAGE: addon.image}
+        )
+        self.save_data()
+
+    def restore(self, slug: str, user: Config, system: Config, image: str) -> None:
+        """Restore data to add-on."""
+        self.user[slug] = deepcopy(user)
+        self.system[slug] = deepcopy(system)
+
+        self.user[slug][ATTR_IMAGE] = image
+        self.save_data()

supervisor/addons/manager.py

@@ -0,0 +1,398 @@
+"""Supervisor add-on manager."""
+
+import asyncio
+from collections.abc import Awaitable
+from contextlib import suppress
+import logging
+import tarfile
+from typing import Union
+
+from attr import evolve
+
+from ..const import AddonBoot, AddonStartup, AddonState
+from ..coresys import CoreSys, CoreSysAttributes
+from ..exceptions import (
+    AddonsError,
+    AddonsJobError,
+    AddonsNotSupportedError,
+    CoreDNSError,
+    DockerError,
+    HassioError,
+    HomeAssistantAPIError,
+)
+from ..jobs.decorator import Job, JobCondition
+from ..resolution.const import ContextType, IssueType, SuggestionType
+from ..store.addon import AddonStore
+from ..utils.sentry import capture_exception
+from .addon import Addon
+from .const import ADDON_UPDATE_CONDITIONS
+from .data import AddonsData
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+AnyAddon = Union[Addon, AddonStore]
+
+
+class AddonManager(CoreSysAttributes):
+    """Manage add-ons inside Supervisor."""
+
+    def __init__(self, coresys: CoreSys):
+        """Initialize Docker base wrapper."""
+        self.coresys: CoreSys = coresys
+        self.data: AddonsData = AddonsData(coresys)
+        self.local: dict[str, Addon] = {}
+        self.store: dict[str, AddonStore] = {}
+
+    @property
+    def all(self) -> list[AnyAddon]:
+        """Return a list of all add-ons."""
+        addons: dict[str, AnyAddon] = {**self.store, **self.local}
+        return list(addons.values())
+
+    @property
+    def installed(self) -> list[Addon]:
+        """Return a list of all installed add-ons."""
+        return list(self.local.values())
+
+    def get(self, addon_slug: str, local_only: bool = False) -> AnyAddon | None:
+        """Return an add-on from slug.
+
+        Prio:
+          1 - Local
+          2 - Store
+        """
+        if addon_slug in self.local:
+            return self.local[addon_slug]
+        if not local_only:
+            return self.store.get(addon_slug)
+        return None
+
+    def from_token(self, token: str) -> Addon | None:
+        """Return an add-on from Supervisor token."""
+        for addon in self.installed:
+            if token == addon.supervisor_token:
+                return addon
+        return None
+
+    async def load(self) -> None:
+        """Start up add-on management."""
+        # Refresh cache for all store addons
+        tasks: list[Awaitable[None]] = [
+            store.refresh_path_cache() for store in self.store.values()
+        ]
+
+        # Load all installed addons
+        for slug in self.data.system:
+            addon = self.local[slug] = Addon(self.coresys, slug)
+            tasks.append(addon.load())
+
+        # Run initial tasks
+        _LOGGER.info("Found %d installed add-ons", len(self.data.system))
+        if tasks:
+            await asyncio.gather(*tasks)
+
+        # Sync DNS
+        await self.sync_dns()
+
+    async def boot(self, stage: AddonStartup) -> None:
+        """Boot add-ons with mode auto."""
+        tasks: list[Addon] = []
+        for addon in self.installed:
+            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
+                continue
+            tasks.append(addon)
+
+        # Evaluate add-ons which need to be started
+        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
+        if not tasks:
+            return
+
+        # Start Add-ons sequential
+        # avoid issue on slow IO
+        # Config.wait_boot is deprecated. Until addons update with healthchecks,
+        # add a sleep task for it to keep the same minimum amount of wait time
+        wait_boot: list[Awaitable[None]] = [asyncio.sleep(self.sys_config.wait_boot)]
+        for addon in tasks:
+            try:
+                if start_task := await addon.start():
+                    wait_boot.append(start_task)
+            except HassioError:
+                self.sys_resolution.add_issue(
+                    evolve(addon.boot_failed_issue),
+                    suggestions=[
+                        SuggestionType.EXECUTE_START,
+                        SuggestionType.DISABLE_BOOT,
+                    ],
+                )
+            else:
+                continue
+
+            _LOGGER.warning("Can't start Add-on %s", addon.slug)
+
+        # Ignore exceptions from waiting for addon startup, addon errors handled elsewhere
+        await asyncio.gather(*wait_boot, return_exceptions=True)
+
+        # After waiting for startup, create an issue for boot addons that are error or unknown state
+        # Ignore stopped as single shot addons can be run at boot and this is successful exit
+        # Timeout waiting for startup is not a failure, addon is probably just slow
+        for addon in tasks:
+            if addon.state in {AddonState.ERROR, AddonState.UNKNOWN}:
+                self.sys_resolution.add_issue(
+                    evolve(addon.boot_failed_issue),
+                    suggestions=[
+                        SuggestionType.EXECUTE_START,
+                        SuggestionType.DISABLE_BOOT,
+                    ],
+                )
+
+    async def shutdown(self, stage: AddonStartup) -> None:
+        """Shutdown addons."""
+        tasks: list[Addon] = []
+        for addon in self.installed:
+            if addon.state != AddonState.STARTED or addon.startup != stage:
+                continue
+            tasks.append(addon)
+
+        # Evaluate add-ons which need to be stopped
+        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
+        if not tasks:
+            return
+
+        # Stop Add-ons sequential
+        # avoid issue on slow IO
+        for addon in tasks:
+            try:
+                await addon.stop()
+            except Exception as err:  # pylint: disable=broad-except
+                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
+                capture_exception(err)
+
+    @Job(
+        name="addon_manager_install",
+        conditions=ADDON_UPDATE_CONDITIONS,
+        on_condition=AddonsJobError,
+    )
+    async def install(self, slug: str) -> None:
+        """Install an add-on."""
+        self.sys_jobs.current.reference = slug
+
+        if slug in self.local:
+            raise AddonsError(f"Add-on {slug} is already installed", _LOGGER.warning)
+        store = self.store.get(slug)
+
+        if not store:
+            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
+
+        store.validate_availability()
+
+        await Addon(self.coresys, slug).install()
+
+        _LOGGER.info("Add-on '%s' successfully installed", slug)
+
+    async def uninstall(self, slug: str, *, remove_config: bool = False) -> None:
+        """Remove an add-on."""
+        if slug not in self.local:
+            _LOGGER.warning("Add-on %s is not installed", slug)
+            return
+
+        shared_image = any(
+            self.local[slug].image == addon.image
+            and self.local[slug].version == addon.version
+            for addon in self.installed
+            if addon.slug != slug
+        )
+        await self.local[slug].uninstall(
+            remove_config=remove_config, remove_image=not shared_image
+        )
+
+        _LOGGER.info("Add-on '%s' successfully removed", slug)
+
+    @Job(
+        name="addon_manager_update",
+        conditions=ADDON_UPDATE_CONDITIONS,
+        on_condition=AddonsJobError,
+    )
+    async def update(
+        self, slug: str, backup: bool | None = False
+    ) -> asyncio.Task | None:
+        """Update add-on.
+
+        Returns a Task that completes when addon has state 'started' (see addon.start)
+        if addon is started after update. Else nothing is returned.
+        """
+        self.sys_jobs.current.reference = slug
+
+        if slug not in self.local:
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
+        addon = self.local[slug]
+
+        if addon.is_detached:
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
+        store = self.store[slug]
+
+        if addon.version == store.version:
+            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
+
+        # Check if available, Maybe something have changed
+        store.validate_availability()
+
+        if backup:
+            await self.sys_backups.do_backup_partial(
+                name=f"addon_{addon.slug}_{addon.version}",
+                homeassistant=False,
+                addons=[addon.slug],
+            )
+
+        return await addon.update()
+
+    @Job(
+        name="addon_manager_rebuild",
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
+    async def rebuild(self, slug: str) -> asyncio.Task | None:
+        """Perform a rebuild of local build add-on.
+
+        Returns a Task that completes when addon has state 'started' (see addon.start)
+        if addon is started after rebuild. Else nothing is returned.
+        """
+        self.sys_jobs.current.reference = slug
+
+        if slug not in self.local:
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
+        addon = self.local[slug]
+
+        if addon.is_detached:
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
+        store = self.store[slug]
+
+        # Check if a rebuild is possible now
+        if addon.version != store.version:
+            raise AddonsError(
+                "Version changed, use Update instead Rebuild", _LOGGER.error
+            )
+        if not addon.need_build:
+            raise AddonsNotSupportedError(
+                "Can't rebuild a image based add-on", _LOGGER.error
+            )
+
+        return await addon.rebuild()
+
+    @Job(
+        name="addon_manager_restore",
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
+    async def restore(
+        self, slug: str, tar_file: tarfile.TarFile
+    ) -> asyncio.Task | None:
+        """Restore state of an add-on.
+
+        Returns a Task that completes when addon has state 'started' (see addon.start)
+        if addon is started after restore. Else nothing is returned.
+        """
+        self.sys_jobs.current.reference = slug
+
+        if slug not in self.local:
+            _LOGGER.debug("Add-on %s is not local available for restore", slug)
+            addon = Addon(self.coresys, slug)
+            had_ingress = False
+        else:
+            _LOGGER.debug("Add-on %s is local available for restore", slug)
+            addon = self.local[slug]
+            had_ingress = addon.ingress_panel
+
+        wait_for_start = await addon.restore(tar_file)
+
+        # Check if new
+        if slug not in self.local:
+            _LOGGER.info("Detect new Add-on after restore %s", slug)
+            self.local[slug] = addon
+
+        # Update ingress
+        if had_ingress != addon.ingress_panel:
+            await self.sys_ingress.reload()
+            with suppress(HomeAssistantAPIError):
+                await self.sys_ingress.update_hass_panel(addon)
+
+        return wait_for_start
+
+    @Job(
+        name="addon_manager_repair",
+        conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST],
+    )
+    async def repair(self) -> None:
+        """Repair local add-ons."""
+        needs_repair: list[Addon] = []
+
+        # Evaluate Add-ons to repair
+        for addon in self.installed:
+            if await addon.instance.exists():
+                continue
+            needs_repair.append(addon)
+
+        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
+        if not needs_repair:
+            return
+
+        for addon in needs_repair:
+            _LOGGER.info("Repairing for add-on: %s", addon.slug)
+            with suppress(DockerError, KeyError):
+                # Need pull a image again
+                if not addon.need_build:
+                    await addon.instance.install(addon.version, addon.image)
+                    continue
+
+                # Need local lookup
+                if addon.need_build and not addon.is_detached:
+                    store = self.store[addon.slug]
+                    # If this add-on is available for rebuild
+                    if addon.version == store.version:
+                        await addon.instance.install(addon.version, addon.image)
+                        continue
+
+            _LOGGER.error("Can't repair %s", addon.slug)
+            with suppress(AddonsError):
+                await self.uninstall(addon.slug)
+
+    async def sync_dns(self) -> None:
+        """Sync add-ons DNS names."""
+        # Update hosts
+        add_host_coros: list[Awaitable[None]] = []
+        for addon in self.installed:
+            try:
+                if not await addon.instance.is_running():
+                    continue
+            except DockerError as err:
+                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
+                self.sys_resolution.create_issue(
+                    IssueType.CORRUPT_DOCKER,
+                    ContextType.ADDON,
+                    reference=addon.slug,
+                    suggestions=[SuggestionType.EXECUTE_REPAIR],
+                )
+                capture_exception(err)
+            else:
+                add_host_coros.append(
+                    self.sys_plugins.dns.add_host(
+                        ipv4=addon.ip_address, names=[addon.hostname], write=False
+                    )
+                )
+
+        await asyncio.gather(*add_host_coros)
+
+        # Write hosts files
+        with suppress(CoreDNSError):
+            await self.sys_plugins.dns.write_hosts()

supervisor/addons/model.py

@@ -0,0 +1,719 @@
+"""Init file for Supervisor add-ons."""
+
+from abc import ABC, abstractmethod
+from collections import defaultdict
+from collections.abc import Awaitable, Callable
+from contextlib import suppress
+from datetime import datetime
+import logging
+from pathlib import Path
+from typing import Any
+
+from awesomeversion import AwesomeVersion, AwesomeVersionException
+
+from supervisor.utils.dt import utc_from_timestamp
+
+from ..const import (
+    ATTR_ADVANCED,
+    ATTR_APPARMOR,
+    ATTR_ARCH,
+    ATTR_AUDIO,
+    ATTR_AUTH_API,
+    ATTR_BACKUP_EXCLUDE,
+    ATTR_BACKUP_POST,
+    ATTR_BACKUP_PRE,
+    ATTR_BOOT,
+    ATTR_DESCRIPTON,
+    ATTR_DEVICES,
+    ATTR_DEVICETREE,
+    ATTR_DISCOVERY,
+    ATTR_DOCKER_API,
+    ATTR_ENVIRONMENT,
+    ATTR_FULL_ACCESS,
+    ATTR_GPIO,
+    ATTR_HASSIO_API,
+    ATTR_HASSIO_ROLE,
+    ATTR_HOMEASSISTANT,
+    ATTR_HOMEASSISTANT_API,
+    ATTR_HOST_DBUS,
+    ATTR_HOST_IPC,
+    ATTR_HOST_NETWORK,
+    ATTR_HOST_PID,
+    ATTR_HOST_UTS,
+    ATTR_IMAGE,
+    ATTR_INGRESS,
+    ATTR_INGRESS_STREAM,
+    ATTR_INIT,
+    ATTR_JOURNALD,
+    ATTR_KERNEL_MODULES,
+    ATTR_LEGACY,
+    ATTR_LOCATION,
+    ATTR_MACHINE,
+    ATTR_MAP,
+    ATTR_NAME,
+    ATTR_OPTIONS,
+    ATTR_PANEL_ADMIN,
+    ATTR_PANEL_ICON,
+    ATTR_PANEL_TITLE,
+    ATTR_PORTS,
+    ATTR_PORTS_DESCRIPTION,
+    ATTR_PRIVILEGED,
+    ATTR_REALTIME,
+    ATTR_REPOSITORY,
+    ATTR_SCHEMA,
+    ATTR_SERVICES,
+    ATTR_SLUG,
+    ATTR_STAGE,
+    ATTR_STARTUP,
+    ATTR_STDIN,
+    ATTR_TIMEOUT,
+    ATTR_TMPFS,
+    ATTR_TRANSLATIONS,
+    ATTR_TYPE,
+    ATTR_UART,
+    ATTR_UDEV,
+    ATTR_URL,
+    ATTR_USB,
+    ATTR_VERSION,
+    ATTR_VERSION_TIMESTAMP,
+    ATTR_VIDEO,
+    ATTR_WATCHDOG,
+    ATTR_WEBUI,
+    SECURITY_DEFAULT,
+    SECURITY_DISABLE,
+    SECURITY_PROFILE,
+    AddonBoot,
+    AddonBootConfig,
+    AddonStage,
+    AddonStartup,
+)
+from ..coresys import CoreSys
+from ..docker.const import Capabilities
+from ..exceptions import AddonsNotSupportedError
+from ..jobs.const import JOB_GROUP_ADDON
+from ..jobs.job_group import JobGroup
+from ..utils import version_is_new_enough
+from .configuration import FolderMapping
+from .const import (
+    ATTR_BACKUP,
+    ATTR_BREAKING_VERSIONS,
+    ATTR_CODENOTARY,
+    ATTR_PATH,
+    ATTR_READ_ONLY,
+    AddonBackupMode,
+    MappingType,
+)
+from .options import AddonOptions, UiOptions
+from .validate import RE_SERVICE
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+Data = dict[str, Any]
+
+
+class AddonModel(JobGroup, ABC):
+    """Add-on Data layout."""
+
+    def __init__(self, coresys: CoreSys, slug: str):
+        """Initialize data holder."""
+        super().__init__(
+            coresys, JOB_GROUP_ADDON.format_map(defaultdict(str, slug=slug)), slug
+        )
+        self.slug: str = slug
+        self._path_icon_exists: bool = False
+        self._path_logo_exists: bool = False
+        self._path_changelog_exists: bool = False
+        self._path_documentation_exists: bool = False
+
+    @property
+    @abstractmethod
+    def data(self) -> Data:
+        """Return add-on config/data."""
+
+    @property
+    @abstractmethod
+    def is_installed(self) -> bool:
+        """Return True if an add-on is installed."""
+
+    @property
+    @abstractmethod
+    def is_detached(self) -> bool:
+        """Return True if add-on is detached."""
+
+    @property
+    def available(self) -> bool:
+        """Return True if this add-on is available on this platform."""
+        return self._available(self.data)
+
+    @property
+    def options(self) -> dict[str, Any]:
+        """Return options with local changes."""
+        return self.data[ATTR_OPTIONS]
+
+    @property
+    def boot_config(self) -> AddonBootConfig:
+        """Return boot config."""
+        return self.data[ATTR_BOOT]
+
+    @property
+    def boot(self) -> AddonBoot:
+        """Return boot config with prio local settings unless config is forced."""
+        return AddonBoot(self.data[ATTR_BOOT])
+
+    @property
+    def auto_update(self) -> bool | None:
+        """Return if auto update is enable."""
+        return None
+
+    @property
+    def name(self) -> str:
+        """Return name of add-on."""
+        return self.data[ATTR_NAME]
+
+    @property
+    def hostname(self) -> str:
+        """Return slug/id of add-on."""
+        return self.slug.replace("_", "-")
+
+    @property
+    def dns(self) -> list[str]:
+        """Return list of DNS name for that add-on."""
+        return []
+
+    @property
+    def timeout(self) -> int:
+        """Return timeout of addon for docker stop."""
+        return self.data[ATTR_TIMEOUT]
+
+    @property
+    def uuid(self) -> str | None:
+        """Return an API token for this add-on."""
+        return None
+
+    @property
+    def supervisor_token(self) -> str | None:
+        """Return access token for Supervisor API."""
+        return None
+
+    @property
+    def ingress_token(self) -> str | None:
+        """Return access token for Supervisor API."""
+        return None
+
+    @property
+    def ingress_entry(self) -> str | None:
+        """Return ingress external URL."""
+        return None
+
+    @property
+    def description(self) -> str:
+        """Return description of add-on."""
+        return self.data[ATTR_DESCRIPTON]
+
+    @property
+    def long_description(self) -> str | None:
+        """Return README.md as long_description."""
+        readme = Path(self.path_location, "README.md")
+
+        # If readme not exists
+        if not readme.exists():
+            return None
+
+        # Return data
+        return readme.read_text(encoding="utf-8")
+
+    @property
+    def repository(self) -> str:
+        """Return repository of add-on."""
+        return self.data[ATTR_REPOSITORY]
+
+    @property
+    def translations(self) -> dict:
+        """Return add-on translations."""
+        return self.data[ATTR_TRANSLATIONS]
+
+    @property
+    def latest_version(self) -> AwesomeVersion:
+        """Return latest version of add-on."""
+        return self.data[ATTR_VERSION]
+
+    @property
+    def latest_version_timestamp(self) -> datetime:
+        """Return when latest version was first seen."""
+        return utc_from_timestamp(self.data[ATTR_VERSION_TIMESTAMP])
+
+    @property
+    def version(self) -> AwesomeVersion:
+        """Return version of add-on."""
+        return self.data[ATTR_VERSION]
+
+    @property
+    def protected(self) -> bool:
+        """Return if add-on is in protected mode."""
+        return True
+
+    @property
+    def startup(self) -> AddonStartup:
+        """Return startup type of add-on."""
+        return self.data[ATTR_STARTUP]
+
+    @property
+    def advanced(self) -> bool:
+        """Return advanced mode of add-on."""
+        return self.data[ATTR_ADVANCED]
+
+    @property
+    def stage(self) -> AddonStage:
+        """Return stage mode of add-on."""
+        return self.data[ATTR_STAGE]
+
+    @property
+    def services_role(self) -> dict[str, str]:
+        """Return dict of services with rights."""
+        services_list = self.data.get(ATTR_SERVICES, [])
+
+        services = {}
+        for data in services_list:
+            service = RE_SERVICE.match(data)
+            if service:
+                services[service.group("service")] = service.group("rights")
+
+        return services
+
+    @property
+    def discovery(self) -> list[str]:
+        """Return list of discoverable components/platforms."""
+        return self.data.get(ATTR_DISCOVERY, [])
+
+    @property
+    def ports_description(self) -> dict[str, str] | None:
+        """Return descriptions of ports."""
+        return self.data.get(ATTR_PORTS_DESCRIPTION)
+
+    @property
+    def ports(self) -> dict[str, int | None] | None:
+        """Return ports of add-on."""
+        return self.data.get(ATTR_PORTS)
+
+    @property
+    def ingress_url(self) -> str | None:
+        """Return URL to ingress url."""
+        return None
+
+    @property
+    def webui(self) -> str | None:
+        """Return URL to webui or None."""
+        return self.data.get(ATTR_WEBUI)
+
+    @property
+    def watchdog(self) -> str | None:
+        """Return URL to for watchdog or None."""
+        return self.data.get(ATTR_WATCHDOG)
+
+    @property
+    def ingress_port(self) -> int | None:
+        """Return Ingress port."""
+        return None
+
+    @property
+    def panel_icon(self) -> str:
+        """Return panel icon for Ingress frame."""
+        return self.data[ATTR_PANEL_ICON]
+
+    @property
+    def panel_title(self) -> str:
+        """Return panel icon for Ingress frame."""
+        return self.data.get(ATTR_PANEL_TITLE, self.name)
+
+    @property
+    def panel_admin(self) -> str:
+        """Return panel icon for Ingress frame."""
+        return self.data[ATTR_PANEL_ADMIN]
+
+    @property
+    def host_network(self) -> bool:
+        """Return True if add-on run on host network."""
+        return self.data[ATTR_HOST_NETWORK]
+
+    @property
+    def host_pid(self) -> bool:
+        """Return True if add-on run on host PID namespace."""
+        return self.data[ATTR_HOST_PID]
+
+    @property
+    def host_ipc(self) -> bool:
+        """Return True if add-on run on host IPC namespace."""
+        return self.data[ATTR_HOST_IPC]
+
+    @property
+    def host_uts(self) -> bool:
+        """Return True if add-on run on host UTS namespace."""
+        return self.data[ATTR_HOST_UTS]
+
+    @property
+    def host_dbus(self) -> bool:
+        """Return True if add-on run on host D-BUS."""
+        return self.data[ATTR_HOST_DBUS]
+
+    @property
+    def static_devices(self) -> list[Path]:
+        """Return static devices of add-on."""
+        return [Path(node) for node in self.data.get(ATTR_DEVICES, [])]
+
+    @property
+    def environment(self) -> dict[str, str] | None:
+        """Return environment of add-on."""
+        return self.data.get(ATTR_ENVIRONMENT)
+
+    @property
+    def privileged(self) -> list[Capabilities]:
+        """Return list of privilege."""
+        return self.data.get(ATTR_PRIVILEGED, [])
+
+    @property
+    def apparmor(self) -> str:
+        """Return True if AppArmor is enabled."""
+        if not self.data.get(ATTR_APPARMOR):
+            return SECURITY_DISABLE
+        elif self.sys_host.apparmor.exists(self.slug):
+            return SECURITY_PROFILE
+        return SECURITY_DEFAULT
+
+    @property
+    def legacy(self) -> bool:
+        """Return if the add-on don't support Home Assistant labels."""
+        return self.data[ATTR_LEGACY]
+
+    @property
+    def access_docker_api(self) -> bool:
+        """Return if the add-on need read-only Docker API access."""
+        return self.data[ATTR_DOCKER_API]
+
+    @property
+    def access_hassio_api(self) -> bool:
+        """Return True if the add-on access to Supervisor REASTful API."""
+        return self.data[ATTR_HASSIO_API]
+
+    @property
+    def access_homeassistant_api(self) -> bool:
+        """Return True if the add-on access to Home Assistant API proxy."""
+        return self.data[ATTR_HOMEASSISTANT_API]
+
+    @property
+    def hassio_role(self) -> str:
+        """Return Supervisor role for API."""
+        return self.data[ATTR_HASSIO_ROLE]
+
+    @property
+    def backup_exclude(self) -> list[str]:
+        """Return Exclude list for backup."""
+        return self.data.get(ATTR_BACKUP_EXCLUDE, [])
+
+    @property
+    def backup_pre(self) -> str | None:
+        """Return pre-backup command."""
+        return self.data.get(ATTR_BACKUP_PRE)
+
+    @property
+    def backup_post(self) -> str | None:
+        """Return post-backup command."""
+        return self.data.get(ATTR_BACKUP_POST)
+
+    @property
+    def backup_mode(self) -> AddonBackupMode:
+        """Return if backup is hot/cold."""
+        return self.data[ATTR_BACKUP]
+
+    @property
+    def default_init(self) -> bool:
+        """Return True if the add-on have no own init."""
+        return self.data[ATTR_INIT]
+
+    @property
+    def with_stdin(self) -> bool:
+        """Return True if the add-on access use stdin input."""
+        return self.data[ATTR_STDIN]
+
+    @property
+    def with_ingress(self) -> bool:
+        """Return True if the add-on access support ingress."""
+        return self.data[ATTR_INGRESS]
+
+    @property
+    def ingress_panel(self) -> bool | None:
+        """Return True if the add-on access support ingress."""
+        return None
+
+    @property
+    def ingress_stream(self) -> bool:
+        """Return True if post requests to ingress should be streamed."""
+        return self.data[ATTR_INGRESS_STREAM]
+
+    @property
+    def with_gpio(self) -> bool:
+        """Return True if the add-on access to GPIO interface."""
+        return self.data[ATTR_GPIO]
+
+    @property
+    def with_usb(self) -> bool:
+        """Return True if the add-on need USB access."""
+        return self.data[ATTR_USB]
+
+    @property
+    def with_uart(self) -> bool:
+        """Return True if we should map all UART device."""
+        return self.data[ATTR_UART]
+
+    @property
+    def with_udev(self) -> bool:
+        """Return True if the add-on have his own udev."""
+        return self.data[ATTR_UDEV]
+
+    @property
+    def with_kernel_modules(self) -> bool:
+        """Return True if the add-on access to kernel modules."""
+        return self.data[ATTR_KERNEL_MODULES]
+
+    @property
+    def with_realtime(self) -> bool:
+        """Return True if the add-on need realtime schedule functions."""
+        return self.data[ATTR_REALTIME]
+
+    @property
+    def with_full_access(self) -> bool:
+        """Return True if the add-on want full access to hardware."""
+        return self.data[ATTR_FULL_ACCESS]
+
+    @property
+    def with_devicetree(self) -> bool:
+        """Return True if the add-on read access to devicetree."""
+        return self.data[ATTR_DEVICETREE]
+
+    @property
+    def with_tmpfs(self) -> str | None:
+        """Return if tmp is in memory of add-on."""
+        return self.data[ATTR_TMPFS]
+
+    @property
+    def access_auth_api(self) -> bool:
+        """Return True if the add-on access to login/auth backend."""
+        return self.data[ATTR_AUTH_API]
+
+    @property
+    def with_audio(self) -> bool:
+        """Return True if the add-on access to audio."""
+        return self.data[ATTR_AUDIO]
+
+    @property
+    def with_video(self) -> bool:
+        """Return True if the add-on access to video."""
+        return self.data[ATTR_VIDEO]
+
+    @property
+    def homeassistant_version(self) -> str | None:
+        """Return min Home Assistant version they needed by Add-on."""
+        return self.data.get(ATTR_HOMEASSISTANT)
+
+    @property
+    def url(self) -> str | None:
+        """Return URL of add-on."""
+        return self.data.get(ATTR_URL)
+
+    @property
+    def with_icon(self) -> bool:
+        """Return True if an icon exists."""
+        return self._path_icon_exists
+
+    @property
+    def with_logo(self) -> bool:
+        """Return True if a logo exists."""
+        return self._path_logo_exists
+
+    @property
+    def with_changelog(self) -> bool:
+        """Return True if a changelog exists."""
+        return self._path_changelog_exists
+
+    @property
+    def with_documentation(self) -> bool:
+        """Return True if a documentation exists."""
+        return self._path_documentation_exists
+
+    @property
+    def supported_arch(self) -> list[str]:
+        """Return list of supported arch."""
+        return self.data[ATTR_ARCH]
+
+    @property
+    def supported_machine(self) -> list[str]:
+        """Return list of supported machine."""
+        return self.data.get(ATTR_MACHINE, [])
+
+    @property
+    def arch(self) -> str:
+        """Return architecture to use for the addon's image."""
+        if ATTR_IMAGE in self.data:
+            return self.sys_arch.match(self.data[ATTR_ARCH])
+
+        return self.sys_arch.default
+
+    @property
+    def image(self) -> str | None:
+        """Generate image name from data."""
+        return self._image(self.data)
+
+    @property
+    def need_build(self) -> bool:
+        """Return True if this  add-on need a local build."""
+        return ATTR_IMAGE not in self.data
+
+    @property
+    def map_volumes(self) -> dict[MappingType, FolderMapping]:
+        """Return a dict of {MappingType: FolderMapping} from add-on."""
+        volumes = {}
+        for volume in self.data[ATTR_MAP]:
+            volumes[MappingType(volume[ATTR_TYPE])] = FolderMapping(
+                volume.get(ATTR_PATH), volume[ATTR_READ_ONLY]
+            )
+
+        return volumes
+
+    @property
+    def path_location(self) -> Path:
+        """Return path to this add-on."""
+        return Path(self.data[ATTR_LOCATION])
+
+    @property
+    def path_icon(self) -> Path:
+        """Return path to add-on icon."""
+        return Path(self.path_location, "icon.png")
+
+    @property
+    def path_logo(self) -> Path:
+        """Return path to add-on logo."""
+        return Path(self.path_location, "logo.png")
+
+    @property
+    def path_changelog(self) -> Path:
+        """Return path to add-on changelog."""
+        return Path(self.path_location, "CHANGELOG.md")
+
+    @property
+    def path_documentation(self) -> Path:
+        """Return path to add-on changelog."""
+        return Path(self.path_location, "DOCS.md")
+
+    @property
+    def path_apparmor(self) -> Path:
+        """Return path to custom AppArmor profile."""
+        return Path(self.path_location, "apparmor.txt")
+
+    @property
+    def schema(self) -> AddonOptions:
+        """Return Addon options validation object."""
+        raw_schema = self.data[ATTR_SCHEMA]
+        if isinstance(raw_schema, bool):
+            raw_schema = {}
+
+        return AddonOptions(self.coresys, raw_schema, self.name, self.slug)
+
+    @property
+    def schema_ui(self) -> list[dict[any, any]] | None:
+        """Create a UI schema for add-on options."""
+        raw_schema = self.data[ATTR_SCHEMA]
+
+        if isinstance(raw_schema, bool):
+            return None
+        return UiOptions(self.coresys)(raw_schema)
+
+    @property
+    def with_journald(self) -> bool:
+        """Return True if the add-on accesses the system journal."""
+        return self.data[ATTR_JOURNALD]
+
+    @property
+    def signed(self) -> bool:
+        """Return True if the image is signed."""
+        return ATTR_CODENOTARY in self.data
+
+    @property
+    def codenotary(self) -> str | None:
+        """Return Signer email address for CAS."""
+        return self.data.get(ATTR_CODENOTARY)
+
+    @property
+    def breaking_versions(self) -> list[AwesomeVersion]:
+        """Return breaking versions of addon."""
+        return self.data[ATTR_BREAKING_VERSIONS]
+
+    def refresh_path_cache(self) -> Awaitable[None]:
+        """Refresh cache of existing paths."""
+
+        def check_paths():
+            self._path_icon_exists = self.path_icon.exists()
+            self._path_logo_exists = self.path_logo.exists()
+            self._path_changelog_exists = self.path_changelog.exists()
+            self._path_documentation_exists = self.path_documentation.exists()
+
+        return self.sys_run_in_executor(check_paths)
+
+    def validate_availability(self) -> None:
+        """Validate if addon is available for current system."""
+        return self._validate_availability(self.data, logger=_LOGGER.error)
+
+    def __eq__(self, other):
+        """Compaired add-on objects."""
+        if not isinstance(other, AddonModel):
+            return False
+        return self.slug == other.slug
+
+    def _validate_availability(
+        self, config, *, logger: Callable[..., None] | None = None
+    ) -> None:
+        """Validate if addon is available for current system."""
+        # Architecture
+        if not self.sys_arch.is_supported(config[ATTR_ARCH]):
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} not supported on this platform, supported architectures: {', '.join(config[ATTR_ARCH])}",
+                logger,
+            )
+
+        # Machine / Hardware
+        machine = config.get(ATTR_MACHINE)
+        if machine and (
+            f"!{self.sys_machine}" in machine or self.sys_machine not in machine
+        ):
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} not supported on this machine, supported machine types: {', '.join(machine)}",
+                logger,
+            )
+
+        # Home Assistant
+        version: AwesomeVersion | None = config.get(ATTR_HOMEASSISTANT)
+        with suppress(AwesomeVersionException, TypeError):
+            if version and not version_is_new_enough(
+                self.sys_homeassistant.version, version
+            ):
+                raise AddonsNotSupportedError(
+                    f"Add-on {self.slug} not supported on this system, requires Home Assistant version {version} or greater",
+                    logger,
+                )
+
+    def _available(self, config) -> bool:
+        """Return True if this add-on is available on this platform."""
+        try:
+            self._validate_availability(config)
+        except AddonsNotSupportedError:
+            return False
+
+        return True
+
+    def _image(self, config) -> str:
+        """Generate image name from data."""
+        # Repository with Dockerhub images
+        if ATTR_IMAGE in config:
+            arch = self.sys_arch.match(config[ATTR_ARCH])
+            return config[ATTR_IMAGE].format(arch=arch)
+
+        # local build
+        return f"{config[ATTR_REPOSITORY]}/{self.sys_arch.default}-addon-{config[ATTR_SLUG]}"

supervisor/addons/options.py

@@ -0,0 +1,423 @@
+"""Add-on Options / UI rendering."""
+
+import hashlib
+import logging
+from pathlib import Path
+import re
+from typing import Any
+
+import voluptuous as vol
+
+from ..coresys import CoreSys, CoreSysAttributes
+from ..exceptions import HardwareNotFound
+from ..hardware.const import UdevSubsystem
+from ..hardware.data import Device
+from ..validate import network_port
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+_STR = "str"
+_INT = "int"
+_FLOAT = "float"
+_BOOL = "bool"
+_PASSWORD = "password"
+_EMAIL = "email"
+_URL = "url"
+_PORT = "port"
+_MATCH = "match"
+_LIST = "list"
+_DEVICE = "device"
+
+RE_SCHEMA_ELEMENT = re.compile(
+    r"^(?:"
+    r"|bool"
+    r"|email"
+    r"|url"
+    r"|port"
+    r"|device(?:\((?P<filter>subsystem=[a-z]+)\))?"
+    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
+    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
+    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
+    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
+    r"|match\((?P<match>.*)\)"
+    r"|list\((?P<list>.+)\)"
+    r")\??$"
+)
+
+_SCHEMA_LENGTH_PARTS = (
+    "i_min",
+    "i_max",
+    "f_min",
+    "f_max",
+    "s_min",
+    "s_max",
+    "p_min",
+    "p_max",
+)
+
+
+class AddonOptions(CoreSysAttributes):
+    """Validate Add-ons Options."""
+
+    def __init__(
+        self, coresys: CoreSys, raw_schema: dict[str, Any], name: str, slug: str
+    ):
+        """Validate schema."""
+        self.coresys: CoreSys = coresys
+        self.raw_schema: dict[str, Any] = raw_schema
+        self.devices: set[Device] = set()
+        self.pwned: set[str] = set()
+        self._name = name
+        self._slug = slug
+
+    @property
+    def validate(self) -> vol.Schema:
+        """Create a schema for add-on options."""
+        return vol.Schema(vol.All(dict, self))
+
+    def __call__(self, struct):
+        """Create schema validator for add-ons options."""
+        options = {}
+
+        # read options
+        for key, value in struct.items():
+            # Ignore unknown options / remove from list
+            if key not in self.raw_schema:
+                _LOGGER.warning(
+                    "Option '%s' does not exist in the schema for %s (%s)",
+                    key,
+                    self._name,
+                    self._slug,
+                )
+                continue
+
+            typ = self.raw_schema[key]
+            try:
+                if isinstance(typ, list):
+                    # nested value list
+                    options[key] = self._nested_validate_list(typ[0], value, key)
+                elif isinstance(typ, dict):
+                    # nested value dict
+                    options[key] = self._nested_validate_dict(typ, value, key)
+                else:
+                    # normal value
+                    options[key] = self._single_validate(typ, value, key)
+            except (IndexError, KeyError):
+                raise vol.Invalid(
+                    f"Type error for option '{key}' in {self._name} ({self._slug})"
+                ) from None
+
+        self._check_missing_options(self.raw_schema, options, "root")
+        return options
+
+    # pylint: disable=no-value-for-parameter
+    def _single_validate(self, typ: str, value: Any, key: str):
+        """Validate a single element."""
+        # if required argument
+        if value is None:
+            raise vol.Invalid(
+                f"Missing required option '{key}' in {self._name} ({self._slug})"
+            ) from None
+
+        # Lookup secret
+        if str(value).startswith("!secret "):
+            secret: str = value.partition(" ")[2]
+            value = self.sys_homeassistant.secrets.get(secret)
+            if value is None:
+                raise vol.Invalid(
+                    f"Unknown secret '{secret}' in {self._name} ({self._slug})"
+                ) from None
+
+        # parse extend data from type
+        match = RE_SCHEMA_ELEMENT.match(typ)
+
+        if not match:
+            raise vol.Invalid(
+                f"Unknown type '{typ}' in {self._name} ({self._slug})"
+            ) from None
+
+        # prepare range
+        range_args = {}
+        for group_name in _SCHEMA_LENGTH_PARTS:
+            group_value = match.group(group_name)
+            if group_value:
+                range_args[group_name[2:]] = float(group_value)
+
+        if typ.startswith(_STR) or typ.startswith(_PASSWORD):
+            if typ.startswith(_PASSWORD) and value:
+                self.pwned.add(hashlib.sha1(str(value).encode()).hexdigest())
+            return vol.All(str(value), vol.Range(**range_args))(value)
+        elif typ.startswith(_INT):
+            return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
+        elif typ.startswith(_FLOAT):
+            return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
+        elif typ.startswith(_BOOL):
+            return vol.Boolean()(value)
+        elif typ.startswith(_EMAIL):
+            return vol.Email()(value)
+        elif typ.startswith(_URL):
+            return vol.Url()(value)
+        elif typ.startswith(_PORT):
+            return network_port(value)
+        elif typ.startswith(_MATCH):
+            return vol.Match(match.group("match"))(str(value))
+        elif typ.startswith(_LIST):
+            return vol.In(match.group("list").split("|"))(str(value))
+        elif typ.startswith(_DEVICE):
+            try:
+                device = self.sys_hardware.get_by_path(Path(value))
+            except HardwareNotFound:
+                raise vol.Invalid(
+                    f"Device '{value}' does not exist in {self._name} ({self._slug})"
+                ) from None
+
+            # Have filter
+            if match.group("filter"):
+                str_filter = match.group("filter")
+                device_filter = _create_device_filter(str_filter)
+                if device not in self.sys_hardware.filter_devices(**device_filter):
+                    raise vol.Invalid(
+                        f"Device '{value}' don't match the filter {str_filter}! in {self._name} ({self._slug})"
+                    )
+
+            # Device valid
+            self.devices.add(device)
+            return str(device.path)
+
+        raise vol.Invalid(
+            f"Fatal error for option '{key}' with type '{typ}' in {self._name} ({self._slug})"
+        ) from None
+
+    def _nested_validate_list(self, typ: Any, data_list: list[Any], key: str):
+        """Validate nested items."""
+        options = []
+
+        # Make sure it is a list
+        if not isinstance(data_list, list):
+            raise vol.Invalid(
+                f"Invalid list for option '{key}' in {self._name} ({self._slug})"
+            ) from None
+
+        # Process list
+        for element in data_list:
+            # Nested?
+            if isinstance(typ, dict):
+                c_options = self._nested_validate_dict(typ, element, key)
+                options.append(c_options)
+            else:
+                options.append(self._single_validate(typ, element, key))
+
+        return options
+
+    def _nested_validate_dict(
+        self, typ: dict[Any, Any], data_dict: dict[Any, Any], key: str
+    ):
+        """Validate nested items."""
+        options = {}
+
+        # Make sure it is a dict
+        if not isinstance(data_dict, dict):
+            raise vol.Invalid(
+                f"Invalid dict for option '{key}' in {self._name} ({self._slug})"
+            ) from None
+
+        # Process dict
+        for c_key, c_value in data_dict.items():
+            # Ignore unknown options / remove from list
+            if c_key not in typ:
+                _LOGGER.warning(
+                    "Unknown option '%s' for %s (%s)", c_key, self._name, self._slug
+                )
+                continue
+
+            # Nested?
+            if isinstance(typ[c_key], list):
+                options[c_key] = self._nested_validate_list(
+                    typ[c_key][0], c_value, c_key
+                )
+            else:
+                options[c_key] = self._single_validate(typ[c_key], c_value, c_key)
+
+        self._check_missing_options(typ, options, key)
+        return options
+
+    def _check_missing_options(
+        self, origin: dict[Any, Any], exists: dict[Any, Any], root: str
+    ) -> None:
+        """Check if all options are exists."""
+        missing = set(origin) - set(exists)
+        for miss_opt in missing:
+            miss_schema = origin[miss_opt]
+
+            # If its a list then value in list decides if its optional like ["str?"]
+            if isinstance(miss_schema, list) and len(miss_schema) > 0:
+                miss_schema = miss_schema[0]
+
+            if isinstance(miss_schema, str) and miss_schema.endswith("?"):
+                continue
+
+            raise vol.Invalid(
+                f"Missing option '{miss_opt}' in {root} in {self._name} ({self._slug})"
+            ) from None
+
+
+class UiOptions(CoreSysAttributes):
+    """Render UI Add-ons Options."""
+
+    def __init__(self, coresys: CoreSys) -> None:
+        """Initialize UI option render."""
+        self.coresys = coresys
+
+    def __call__(self, raw_schema: dict[str, Any]) -> list[dict[str, Any]]:
+        """Generate UI schema."""
+        ui_schema: list[dict[str, Any]] = []
+
+        # read options
+        for key, value in raw_schema.items():
+            if isinstance(value, list):
+                # nested value list
+                self._nested_ui_list(ui_schema, value, key)
+            elif isinstance(value, dict):
+                # nested value dict
+                self._nested_ui_dict(ui_schema, value, key)
+            else:
+                # normal value
+                self._single_ui_option(ui_schema, value, key)
+
+        return ui_schema
+
+    def _single_ui_option(
+        self,
+        ui_schema: list[dict[str, Any]],
+        value: str,
+        key: str,
+        multiple: bool = False,
+    ) -> None:
+        """Validate a single element."""
+        ui_node: dict[str, str | bool | float | list[str]] = {"name": key}
+
+        # If multiple
+        if multiple:
+            ui_node["multiple"] = True
+
+        # Parse extend data from type
+        match = RE_SCHEMA_ELEMENT.match(value)
+        if not match:
+            return
+
+        # Prepare range
+        for group_name in _SCHEMA_LENGTH_PARTS:
+            group_value = match.group(group_name)
+            if not group_value:
+                continue
+            if group_name[2:] == "min":
+                ui_node["lengthMin"] = float(group_value)
+            elif group_name[2:] == "max":
+                ui_node["lengthMax"] = float(group_value)
+
+        # If required
+        if value.endswith("?"):
+            ui_node["optional"] = True
+        else:
+            ui_node["required"] = True
+
+        # Data types
+        if value.startswith(_STR):
+            ui_node["type"] = "string"
+        elif value.startswith(_PASSWORD):
+            ui_node["type"] = "string"
+            ui_node["format"] = "password"
+        elif value.startswith(_INT):
+            ui_node["type"] = "integer"
+        elif value.startswith(_FLOAT):
+            ui_node["type"] = "float"
+        elif value.startswith(_BOOL):
+            ui_node["type"] = "boolean"
+        elif value.startswith(_EMAIL):
+            ui_node["type"] = "string"
+            ui_node["format"] = "email"
+        elif value.startswith(_URL):
+            ui_node["type"] = "string"
+            ui_node["format"] = "url"
+        elif value.startswith(_PORT):
+            ui_node["type"] = "integer"
+        elif value.startswith(_MATCH):
+            ui_node["type"] = "string"
+        elif value.startswith(_LIST):
+            ui_node["type"] = "select"
+            ui_node["options"] = match.group("list").split("|")
+        elif value.startswith(_DEVICE):
+            ui_node["type"] = "select"
+
+            # Have filter
+            if match.group("filter"):
+                device_filter = _create_device_filter(match.group("filter"))
+                ui_node["options"] = [
+                    (device.by_id or device.path).as_posix()
+                    for device in self.sys_hardware.filter_devices(**device_filter)
+                ]
+            else:
+                ui_node["options"] = [
+                    (device.by_id or device.path).as_posix()
+                    for device in self.sys_hardware.devices
+                ]
+
+        ui_schema.append(ui_node)
+
+    def _nested_ui_list(
+        self,
+        ui_schema: list[dict[str, Any]],
+        option_list: list[Any],
+        key: str,
+    ) -> None:
+        """UI nested list items."""
+        try:
+            element = option_list[0]
+        except IndexError:
+            _LOGGER.error("Invalid schema %s", key)
+            return
+
+        if isinstance(element, dict):
+            self._nested_ui_dict(ui_schema, element, key, multiple=True)
+        else:
+            self._single_ui_option(ui_schema, element, key, multiple=True)
+
+    def _nested_ui_dict(
+        self,
+        ui_schema: list[dict[str, Any]],
+        option_dict: dict[str, Any],
+        key: str,
+        multiple: bool = False,
+    ) -> None:
+        """UI nested dict items."""
+        ui_node = {
+            "name": key,
+            "type": "schema",
+            "optional": True,
+            "multiple": multiple,
+        }
+
+        nested_schema = []
+        for c_key, c_value in option_dict.items():
+            # Nested?
+            if isinstance(c_value, list):
+                self._nested_ui_list(nested_schema, c_value, c_key)
+            else:
+                self._single_ui_option(nested_schema, c_value, c_key)
+
+        ui_node["schema"] = nested_schema
+        ui_schema.append(ui_node)
+
+
+def _create_device_filter(str_filter: str) -> dict[str, Any]:
+    """Generate device Filter."""
+    raw_filter = dict(value.split("=") for value in str_filter.split(";"))
+
+    clean_filter = {}
+    for key, value in raw_filter.items():
+        if key == "subsystem":
+            clean_filter[key] = UdevSubsystem(value)
+        else:
+            clean_filter[key] = value
+
+    return clean_filter

supervisor/addons/utils.py

@@ -0,0 +1,103 @@
+"""Util add-ons functions."""
+
+from __future__ import annotations
+
+import asyncio
+import logging
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from ..const import ROLE_ADMIN, ROLE_MANAGER, SECURITY_DISABLE, SECURITY_PROFILE
+from ..docker.const import Capabilities
+
+if TYPE_CHECKING:
+    from .model import AddonModel
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+
+def rating_security(addon: AddonModel) -> int:
+    """Return 1-8 for security rating.
+
+    1 = not secure
+    8 = high secure
+    """
+    rating = 5
+
+    # AppArmor
+    if addon.apparmor == SECURITY_DISABLE:
+        rating += -1
+    elif addon.apparmor == SECURITY_PROFILE:
+        rating += 1
+
+    # Home Assistant Login & Ingress
+    if addon.with_ingress:
+        rating += 2
+    elif addon.access_auth_api:
+        rating += 1
+
+    # Signed
+    if addon.signed:
+        rating += 1
+
+    # Privileged options
+    if (
+        any(
+            privilege in addon.privileged
+            for privilege in (
+                Capabilities.BPF,
+                Capabilities.CHECKPOINT_RESTORE,
+                Capabilities.DAC_READ_SEARCH,
+                Capabilities.NET_ADMIN,
+                Capabilities.NET_RAW,
+                Capabilities.PERFMON,
+                Capabilities.SYS_ADMIN,
+                Capabilities.SYS_MODULE,
+                Capabilities.SYS_PTRACE,
+                Capabilities.SYS_RAWIO,
+            )
+        )
+        or addon.with_kernel_modules
+    ):
+        rating += -1
+
+    # API Supervisor role
+    if addon.hassio_role == ROLE_MANAGER:
+        rating += -1
+    elif addon.hassio_role == ROLE_ADMIN:
+        rating += -2
+
+    # Not secure Networking
+    if addon.host_network:
+        rating += -1
+
+    # Insecure PID namespace
+    if addon.host_pid:
+        rating += -2
+
+    # UTS host namespace allows to set hostname only with SYS_ADMIN
+    if addon.host_uts and Capabilities.SYS_ADMIN in addon.privileged:
+        rating += -1
+
+    # Docker Access & full Access
+    if addon.access_docker_api or addon.with_full_access:
+        rating = 1
+
+    return max(min(8, rating), 1)
+
+
+async def remove_data(folder: Path) -> None:
+    """Remove folder and reset privileged."""
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            "rm", "-rf", str(folder), stdout=asyncio.subprocess.DEVNULL
+        )
+
+        _, error_msg = await proc.communicate()
+    except OSError as err:
+        error_msg = str(err)
+    else:
+        if proc.returncode == 0:
+            return
+
+    _LOGGER.error("Can't remove Add-on Data: %s", error_msg)

supervisor/addons/validate.py

@@ -0,0 +1,513 @@
+"""Validate add-ons options schema."""
+
+import logging
+import re
+import secrets
+from typing import Any
+import uuid
+
+import voluptuous as vol
+
+from ..const import (
+    ARCH_ALL,
+    ATTR_ACCESS_TOKEN,
+    ATTR_ADVANCED,
+    ATTR_APPARMOR,
+    ATTR_ARCH,
+    ATTR_ARGS,
+    ATTR_AUDIO,
+    ATTR_AUDIO_INPUT,
+    ATTR_AUDIO_OUTPUT,
+    ATTR_AUTH_API,
+    ATTR_AUTO_UPDATE,
+    ATTR_BACKUP_EXCLUDE,
+    ATTR_BACKUP_POST,
+    ATTR_BACKUP_PRE,
+    ATTR_BOOT,
+    ATTR_BUILD_FROM,
+    ATTR_CONFIGURATION,
+    ATTR_DESCRIPTON,
+    ATTR_DEVICES,
+    ATTR_DEVICETREE,
+    ATTR_DISCOVERY,
+    ATTR_DOCKER_API,
+    ATTR_ENVIRONMENT,
+    ATTR_FULL_ACCESS,
+    ATTR_GPIO,
+    ATTR_HASSIO_API,
+    ATTR_HASSIO_ROLE,
+    ATTR_HOMEASSISTANT,
+    ATTR_HOMEASSISTANT_API,
+    ATTR_HOST_DBUS,
+    ATTR_HOST_IPC,
+    ATTR_HOST_NETWORK,
+    ATTR_HOST_PID,
+    ATTR_HOST_UTS,
+    ATTR_IMAGE,
+    ATTR_INGRESS,
+    ATTR_INGRESS_ENTRY,
+    ATTR_INGRESS_PANEL,
+    ATTR_INGRESS_PORT,
+    ATTR_INGRESS_STREAM,
+    ATTR_INGRESS_TOKEN,
+    ATTR_INIT,
+    ATTR_JOURNALD,
+    ATTR_KERNEL_MODULES,
+    ATTR_LABELS,
+    ATTR_LEGACY,
+    ATTR_LOCATION,
+    ATTR_MACHINE,
+    ATTR_MAP,
+    ATTR_NAME,
+    ATTR_NETWORK,
+    ATTR_OPTIONS,
+    ATTR_PANEL_ADMIN,
+    ATTR_PANEL_ICON,
+    ATTR_PANEL_TITLE,
+    ATTR_PORTS,
+    ATTR_PORTS_DESCRIPTION,
+    ATTR_PRIVILEGED,
+    ATTR_PROTECTED,
+    ATTR_REALTIME,
+    ATTR_REPOSITORY,
+    ATTR_SCHEMA,
+    ATTR_SERVICES,
+    ATTR_SLUG,
+    ATTR_SQUASH,
+    ATTR_STAGE,
+    ATTR_STARTUP,
+    ATTR_STATE,
+    ATTR_STDIN,
+    ATTR_SYSTEM,
+    ATTR_SYSTEM_MANAGED,
+    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
+    ATTR_TIMEOUT,
+    ATTR_TMPFS,
+    ATTR_TRANSLATIONS,
+    ATTR_TYPE,
+    ATTR_UART,
+    ATTR_UDEV,
+    ATTR_URL,
+    ATTR_USB,
+    ATTR_USER,
+    ATTR_UUID,
+    ATTR_VERSION,
+    ATTR_VIDEO,
+    ATTR_WATCHDOG,
+    ATTR_WEBUI,
+    ROLE_ALL,
+    ROLE_DEFAULT,
+    AddonBoot,
+    AddonBootConfig,
+    AddonStage,
+    AddonStartup,
+    AddonState,
+)
+from ..docker.const import Capabilities
+from ..validate import (
+    docker_image,
+    docker_ports,
+    docker_ports_description,
+    network_port,
+    token,
+    uuid_match,
+    version_tag,
+)
+from .const import (
+    ATTR_BACKUP,
+    ATTR_BREAKING_VERSIONS,
+    ATTR_CODENOTARY,
+    ATTR_PATH,
+    ATTR_READ_ONLY,
+    RE_SLUG,
+    AddonBackupMode,
+    MappingType,
+)
+from .options import RE_SCHEMA_ELEMENT
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+RE_VOLUME = re.compile(
+    r"^(data|config|ssl|addons|backup|share|media|homeassistant_config|all_addon_configs|addon_config)(?::(rw|ro))?$"
+)
+RE_SERVICE = re.compile(r"^(?P<service>mqtt|mysql):(?P<rights>provide|want|need)$")
+
+
+RE_DOCKER_IMAGE_BUILD = re.compile(
+    r"^([a-zA-Z\-\.:\d{}]+/)*?([\-\w{}]+)/([\-\w{}]+)(:[\.\-\w{}]+)?$"
+)
+
+SCHEMA_ELEMENT = vol.Match(RE_SCHEMA_ELEMENT)
+
+RE_MACHINE = re.compile(
+    r"^!?(?:"
+    r"|intel-nuc"
+    r"|generic-x86-64"
+    r"|odroid-c2"
+    r"|odroid-c4"
+    r"|odroid-m1"
+    r"|odroid-n2"
+    r"|odroid-xu"
+    r"|qemuarm-64"
+    r"|qemuarm"
+    r"|qemux86-64"
+    r"|qemux86"
+    r"|raspberrypi"
+    r"|raspberrypi2"
+    r"|raspberrypi3-64"
+    r"|raspberrypi3"
+    r"|raspberrypi4-64"
+    r"|raspberrypi4"
+    r"|raspberrypi5-64"
+    r"|yellow"
+    r"|green"
+    r"|tinker"
+    r")$"
+)
+
+RE_SLUG_FIELD = re.compile(r"^" + RE_SLUG + r"$")
+
+
+def _warn_addon_config(config: dict[str, Any]):
+    """Warn about miss configs."""
+    name = config.get(ATTR_NAME)
+    if not name:
+        raise vol.Invalid("Invalid Add-on config!")
+
+    if config.get(ATTR_FULL_ACCESS, False) and (
+        config.get(ATTR_DEVICES)
+        or config.get(ATTR_UART)
+        or config.get(ATTR_USB)
+        or config.get(ATTR_GPIO)
+    ):
+        _LOGGER.warning(
+            "Add-on have full device access, and selective device access in the configuration. Please report this to the maintainer of %s",
+            name,
+        )
+
+    if config.get(ATTR_BACKUP, AddonBackupMode.HOT) == AddonBackupMode.COLD and (
+        config.get(ATTR_BACKUP_POST) or config.get(ATTR_BACKUP_PRE)
+    ):
+        _LOGGER.warning(
+            "Add-on which only support COLD backups trying to use post/pre commands. Please report this to the maintainer of %s",
+            name,
+        )
+
+    return config
+
+
+def _migrate_addon_config(protocol=False):
+    """Migrate addon config."""
+
+    def _migrate(config: dict[str, Any]):
+        name = config.get(ATTR_NAME)
+        if not name:
+            raise vol.Invalid("Invalid Add-on config!")
+
+        # Startup 2018-03-30
+        if config.get(ATTR_STARTUP) in ("before", "after"):
+            value = config[ATTR_STARTUP]
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'startup' with '%s' is deprecated. Please report this to the maintainer of %s",
+                    value,
+                    name,
+                )
+            if value == "before":
+                config[ATTR_STARTUP] = AddonStartup.SERVICES
+            elif value == "after":
+                config[ATTR_STARTUP] = AddonStartup.APPLICATION
+
+        # UART 2021-01-20
+        if "auto_uart" in config:
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'auto_uart' is deprecated, use 'uart'. Please report this to the maintainer of %s",
+                    name,
+                )
+            config[ATTR_UART] = config.pop("auto_uart")
+
+        # Device 2021-01-20
+        if ATTR_DEVICES in config and any(":" in line for line in config[ATTR_DEVICES]):
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'devices' use a deprecated format, the new format uses a list of paths only. Please report this to the maintainer of %s",
+                    name,
+                )
+            config[ATTR_DEVICES] = [line.split(":")[0] for line in config[ATTR_DEVICES]]
+
+        # TMPFS 2021-02-01
+        if ATTR_TMPFS in config and not isinstance(config[ATTR_TMPFS], bool):
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'tmpfs' use a deprecated format, new it's only a boolean. Please report this to the maintainer of %s",
+                    name,
+                )
+            config[ATTR_TMPFS] = True
+
+        # 2021-06 "snapshot" renamed to "backup"
+        for entry in (
+            "snapshot_exclude",
+            "snapshot_post",
+            "snapshot_pre",
+            "snapshot",
+        ):
+            if entry in config:
+                new_entry = entry.replace("snapshot", "backup")
+                config[new_entry] = config.pop(entry)
+                _LOGGER.warning(
+                    "Add-on config '%s' is deprecated, '%s' should be used instead. Please report this to the maintainer of %s",
+                    entry,
+                    new_entry,
+                    name,
+                )
+
+        # 2023-11 "map" entries can also be dict to allow path configuration
+        volumes = []
+        for entry in config.get(ATTR_MAP, []):
+            if isinstance(entry, dict):
+                volumes.append(entry)
+            if isinstance(entry, str):
+                result = RE_VOLUME.match(entry)
+                if not result:
+                    continue
+                volumes.append(
+                    {
+                        ATTR_TYPE: result.group(1),
+                        ATTR_READ_ONLY: result.group(2) != "rw",
+                    }
+                )
+
+        if volumes:
+            config[ATTR_MAP] = volumes
+
+        # 2023-10 "config" became "homeassistant" so /config can be used for addon's public config
+        if any(volume[ATTR_TYPE] == MappingType.CONFIG for volume in volumes):
+            if any(
+                volume
+                and volume[ATTR_TYPE]
+                in {MappingType.ADDON_CONFIG, MappingType.HOMEASSISTANT_CONFIG}
+                for volume in volumes
+            ):
+                _LOGGER.warning(
+                    "Add-on config using incompatible map options, '%s' and '%s' are ignored if '%s' is included. Please report this to the maintainer of %s",
+                    MappingType.ADDON_CONFIG,
+                    MappingType.HOMEASSISTANT_CONFIG,
+                    MappingType.CONFIG,
+                    name,
+                )
+            else:
+                _LOGGER.debug(
+                    "Add-on config using deprecated map option '%s' instead of '%s'. Please report this to the maintainer of %s",
+                    MappingType.CONFIG,
+                    MappingType.HOMEASSISTANT_CONFIG,
+                    name,
+                )
+
+        return config
+
+    return _migrate
+
+
+# pylint: disable=no-value-for-parameter
+_SCHEMA_ADDON_CONFIG = vol.Schema(
+    {
+        vol.Required(ATTR_NAME): str,
+        vol.Required(ATTR_VERSION): version_tag,
+        vol.Required(ATTR_SLUG): vol.Match(RE_SLUG_FIELD),
+        vol.Required(ATTR_DESCRIPTON): str,
+        vol.Required(ATTR_ARCH): [vol.In(ARCH_ALL)],
+        vol.Optional(ATTR_MACHINE): vol.All([vol.Match(RE_MACHINE)], vol.Unique()),
+        vol.Optional(ATTR_URL): vol.Url(),
+        vol.Optional(ATTR_STARTUP, default=AddonStartup.APPLICATION): vol.Coerce(
+            AddonStartup
+        ),
+        vol.Optional(ATTR_BOOT, default=AddonBootConfig.AUTO): vol.Coerce(
+            AddonBootConfig
+        ),
+        vol.Optional(ATTR_INIT, default=True): vol.Boolean(),
+        vol.Optional(ATTR_ADVANCED, default=False): vol.Boolean(),
+        vol.Optional(ATTR_STAGE, default=AddonStage.STABLE): vol.Coerce(AddonStage),
+        vol.Optional(ATTR_PORTS): docker_ports,
+        vol.Optional(ATTR_PORTS_DESCRIPTION): docker_ports_description,
+        vol.Optional(ATTR_WATCHDOG): vol.Match(
+            r"^(?:https?|\[PROTO:\w+\]|tcp):\/\/\[HOST\]:(\[PORT:\d+\]|\d+).*$"
+        ),
+        vol.Optional(ATTR_WEBUI): vol.Match(
+            r"^(?:https?|\[PROTO:\w+\]):\/\/\[HOST\]:\[PORT:\d+\].*$"
+        ),
+        vol.Optional(ATTR_INGRESS, default=False): vol.Boolean(),
+        vol.Optional(ATTR_INGRESS_PORT, default=8099): vol.Any(
+            network_port, vol.Equal(0)
+        ),
+        vol.Optional(ATTR_INGRESS_ENTRY): str,
+        vol.Optional(ATTR_INGRESS_STREAM, default=False): vol.Boolean(),
+        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): str,
+        vol.Optional(ATTR_PANEL_TITLE): str,
+        vol.Optional(ATTR_PANEL_ADMIN, default=True): vol.Boolean(),
+        vol.Optional(ATTR_HOMEASSISTANT): version_tag,
+        vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HOST_UTS, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HOST_DBUS, default=False): vol.Boolean(),
+        vol.Optional(ATTR_DEVICES): [str],
+        vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),
+        vol.Optional(ATTR_TMPFS, default=False): vol.Boolean(),
+        vol.Optional(ATTR_MAP, default=list): [
+            vol.Schema(
+                {
+                    vol.Required(ATTR_TYPE): vol.Coerce(MappingType),
+                    vol.Optional(ATTR_READ_ONLY, default=True): bool,
+                    vol.Optional(ATTR_PATH): str,
+                }
+            )
+        ],
+        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): str},
+        vol.Optional(ATTR_PRIVILEGED): [vol.Coerce(Capabilities)],
+        vol.Optional(ATTR_APPARMOR, default=True): vol.Boolean(),
+        vol.Optional(ATTR_FULL_ACCESS, default=False): vol.Boolean(),
+        vol.Optional(ATTR_AUDIO, default=False): vol.Boolean(),
+        vol.Optional(ATTR_VIDEO, default=False): vol.Boolean(),
+        vol.Optional(ATTR_GPIO, default=False): vol.Boolean(),
+        vol.Optional(ATTR_USB, default=False): vol.Boolean(),
+        vol.Optional(ATTR_UART, default=False): vol.Boolean(),
+        vol.Optional(ATTR_DEVICETREE, default=False): vol.Boolean(),
+        vol.Optional(ATTR_KERNEL_MODULES, default=False): vol.Boolean(),
+        vol.Optional(ATTR_REALTIME, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HASSIO_API, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HASSIO_ROLE, default=ROLE_DEFAULT): vol.In(ROLE_ALL),
+        vol.Optional(ATTR_HOMEASSISTANT_API, default=False): vol.Boolean(),
+        vol.Optional(ATTR_STDIN, default=False): vol.Boolean(),
+        vol.Optional(ATTR_LEGACY, default=False): vol.Boolean(),
+        vol.Optional(ATTR_DOCKER_API, default=False): vol.Boolean(),
+        vol.Optional(ATTR_AUTH_API, default=False): vol.Boolean(),
+        vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
+        vol.Optional(ATTR_DISCOVERY): [str],
+        vol.Optional(ATTR_BACKUP_EXCLUDE): [str],
+        vol.Optional(ATTR_BACKUP_PRE): str,
+        vol.Optional(ATTR_BACKUP_POST): str,
+        vol.Optional(ATTR_BACKUP, default=AddonBackupMode.HOT): vol.Coerce(
+            AddonBackupMode
+        ),
+        vol.Optional(ATTR_CODENOTARY): vol.Email(),
+        vol.Optional(ATTR_OPTIONS, default={}): dict,
+        vol.Optional(ATTR_SCHEMA, default={}): vol.Any(
+            vol.Schema(
+                {
+                    str: vol.Any(
+                        SCHEMA_ELEMENT,
+                        [
+                            vol.Any(
+                                SCHEMA_ELEMENT,
+                                {str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])},
+                            )
+                        ],
+                        vol.Schema({str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}),
+                    )
+                }
+            ),
+            False,
+        ),
+        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_TIMEOUT, default=10): vol.All(
+            vol.Coerce(int), vol.Range(min=10, max=300)
+        ),
+        vol.Optional(ATTR_JOURNALD, default=False): vol.Boolean(),
+        vol.Optional(ATTR_BREAKING_VERSIONS, default=list): [version_tag],
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+SCHEMA_ADDON_CONFIG = vol.All(
+    _migrate_addon_config(True), _warn_addon_config, _SCHEMA_ADDON_CONFIG
+)
+
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_BUILD_CONFIG = vol.Schema(
+    {
+        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Any(
+            vol.Match(RE_DOCKER_IMAGE_BUILD),
+            vol.Schema({vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}),
+        ),
+        vol.Optional(ATTR_SQUASH, default=False): vol.Boolean(),
+        vol.Optional(ATTR_ARGS, default=dict): vol.Schema({str: str}),
+        vol.Optional(ATTR_LABELS, default=dict): vol.Schema({str: str}),
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+SCHEMA_TRANSLATION_CONFIGURATION = vol.Schema(
+    {
+        vol.Required(ATTR_NAME): str,
+        vol.Optional(ATTR_DESCRIPTON): vol.Maybe(str),
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+
+SCHEMA_ADDON_TRANSLATIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_CONFIGURATION): {str: SCHEMA_TRANSLATION_CONFIGURATION},
+        vol.Optional(ATTR_NETWORK): {str: str},
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_ADDON_USER = vol.Schema(
+    {
+        vol.Required(ATTR_VERSION): version_tag,
+        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_UUID, default=lambda: uuid.uuid4().hex): uuid_match,
+        vol.Optional(ATTR_ACCESS_TOKEN): token,
+        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): str,
+        vol.Optional(ATTR_OPTIONS, default=dict): dict,
+        vol.Optional(ATTR_AUTO_UPDATE, default=False): vol.Boolean(),
+        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
+        vol.Optional(ATTR_NETWORK): docker_ports,
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
+        vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
+        vol.Optional(ATTR_INGRESS_PANEL, default=False): vol.Boolean(),
+        vol.Optional(ATTR_WATCHDOG, default=False): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_MANAGED, default=False): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY, default=None): vol.Maybe(str),
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+SCHEMA_ADDON_SYSTEM = vol.All(
+    _migrate_addon_config(),
+    _SCHEMA_ADDON_CONFIG.extend(
+        {
+            vol.Required(ATTR_LOCATION): str,
+            vol.Required(ATTR_REPOSITORY): str,
+            vol.Required(ATTR_TRANSLATIONS, default=dict): {
+                str: SCHEMA_ADDON_TRANSLATIONS
+            },
+        }
+    ),
+)
+
+
+SCHEMA_ADDONS_FILE = vol.Schema(
+    {
+        vol.Optional(ATTR_USER, default=dict): {str: SCHEMA_ADDON_USER},
+        vol.Optional(ATTR_SYSTEM, default=dict): {str: SCHEMA_ADDON_SYSTEM},
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+
+SCHEMA_ADDON_BACKUP = vol.Schema(
+    {
+        vol.Required(ATTR_USER): SCHEMA_ADDON_USER,
+        vol.Required(ATTR_SYSTEM): SCHEMA_ADDON_SYSTEM,
+        vol.Required(ATTR_STATE): vol.Coerce(AddonState),
+        vol.Required(ATTR_VERSION): version_tag,
+    },
+    extra=vol.REMOVE_EXTRA,
+)

supervisor/api/__init__.py

@@ -0,0 +1,793 @@
+"""Init file for Supervisor RESTful API."""
+
+from functools import partial
+import logging
+from pathlib import Path
+from typing import Any
+
+from aiohttp import web
+
+from ..const import AddonState
+from ..coresys import CoreSys, CoreSysAttributes
+from ..exceptions import APIAddonNotInstalled, HostNotSupportedError
+from ..utils.sentry import capture_exception
+from .addons import APIAddons
+from .audio import APIAudio
+from .auth import APIAuth
+from .backups import APIBackups
+from .cli import APICli
+from .const import CONTENT_TYPE_TEXT
+from .discovery import APIDiscovery
+from .dns import APICoreDNS
+from .docker import APIDocker
+from .hardware import APIHardware
+from .homeassistant import APIHomeAssistant
+from .host import APIHost
+from .ingress import APIIngress
+from .jobs import APIJobs
+from .middleware.security import SecurityMiddleware
+from .mounts import APIMounts
+from .multicast import APIMulticast
+from .network import APINetwork
+from .observer import APIObserver
+from .os import APIOS
+from .proxy import APIProxy
+from .resolution import APIResoulution
+from .root import APIRoot
+from .security import APISecurity
+from .services import APIServices
+from .store import APIStore
+from .supervisor import APISupervisor
+from .utils import api_process, api_process_raw
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+
+MAX_CLIENT_SIZE: int = 1024**2 * 16
+MAX_LINE_SIZE: int = 24570
+
+
+class RestAPI(CoreSysAttributes):
+    """Handle RESTful API for Supervisor."""
+
+    def __init__(self, coresys: CoreSys):
+        """Initialize Docker base wrapper."""
+        self.coresys: CoreSys = coresys
+        self.security: SecurityMiddleware = SecurityMiddleware(coresys)
+        self.webapp: web.Application = web.Application(
+            client_max_size=MAX_CLIENT_SIZE,
+            middlewares=[
+                self.security.block_bad_requests,
+                self.security.system_validation,
+                self.security.token_validation,
+                self.security.core_proxy,
+            ],
+            handler_args={
+                "max_line_size": MAX_LINE_SIZE,
+                "max_field_size": MAX_LINE_SIZE,
+            },
+        )
+
+        # service stuff
+        self._runner: web.AppRunner = web.AppRunner(self.webapp, shutdown_timeout=5)
+        self._site: web.TCPSite | None = None
+
+        # share single host API handler for reuse in logging endpoints
+        self._api_host: APIHost | None = None
+
+    async def load(self) -> None:
+        """Register REST API Calls."""
+        self._api_host = APIHost()
+        self._api_host.coresys = self.coresys
+
+        self._register_addons()
+        self._register_audio()
+        self._register_auth()
+        self._register_backups()
+        self._register_cli()
+        self._register_discovery()
+        self._register_dns()
+        self._register_docker()
+        self._register_hardware()
+        self._register_homeassistant()
+        self._register_host()
+        self._register_jobs()
+        self._register_ingress()
+        self._register_mounts()
+        self._register_multicast()
+        self._register_network()
+        self._register_observer()
+        self._register_os()
+        self._register_panel()
+        self._register_proxy()
+        self._register_resolution()
+        self._register_root()
+        self._register_security()
+        self._register_services()
+        self._register_store()
+        self._register_supervisor()
+
+        await self.start()
+
+    def _register_advanced_logs(self, path: str, syslog_identifier: str):
+        """Register logs endpoint for a given path, returning logs for single syslog identifier."""
+
+        self.webapp.add_routes(
+            [
+                web.get(
+                    f"{path}/logs",
+                    partial(self._api_host.advanced_logs, identifier=syslog_identifier),
+                ),
+                web.get(
+                    f"{path}/logs/follow",
+                    partial(
+                        self._api_host.advanced_logs,
+                        identifier=syslog_identifier,
+                        follow=True,
+                    ),
+                ),
+                web.get(
+                    f"{path}/logs/boots/{{bootid}}",
+                    partial(self._api_host.advanced_logs, identifier=syslog_identifier),
+                ),
+                web.get(
+                    f"{path}/logs/boots/{{bootid}}/follow",
+                    partial(
+                        self._api_host.advanced_logs,
+                        identifier=syslog_identifier,
+                        follow=True,
+                    ),
+                ),
+            ]
+        )
+
+    def _register_host(self) -> None:
+        """Register hostcontrol functions."""
+        api_host = self._api_host
+
+        self.webapp.add_routes(
+            [
+                web.get("/host/info", api_host.info),
+                web.get("/host/logs", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get("/host/logs/identifiers", api_host.list_identifiers),
+                web.get("/host/logs/identifiers/{identifier}", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/identifiers/{identifier}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get("/host/logs/boots", api_host.list_boots),
+                web.get("/host/logs/boots/{bootid}", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/boots/{bootid}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get(
+                    "/host/logs/boots/{bootid}/identifiers/{identifier}",
+                    api_host.advanced_logs,
+                ),
+                web.get(
+                    "/host/logs/boots/{bootid}/identifiers/{identifier}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.post("/host/reboot", api_host.reboot),
+                web.post("/host/shutdown", api_host.shutdown),
+                web.post("/host/reload", api_host.reload),
+                web.post("/host/options", api_host.options),
+                web.get("/host/services", api_host.services),
+            ]
+        )
+
+    def _register_network(self) -> None:
+        """Register network functions."""
+        api_network = APINetwork()
+        api_network.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/network/info", api_network.info),
+                web.post("/network/reload", api_network.reload),
+                web.get(
+                    "/network/interface/{interface}/info", api_network.interface_info
+                ),
+                web.post(
+                    "/network/interface/{interface}/update",
+                    api_network.interface_update,
+                ),
+                web.get(
+                    "/network/interface/{interface}/accesspoints",
+                    api_network.scan_accesspoints,
+                ),
+                web.post(
+                    "/network/interface/{interface}/vlan/{vlan}",
+                    api_network.create_vlan,
+                ),
+            ]
+        )
+
+    def _register_os(self) -> None:
+        """Register OS functions."""
+        api_os = APIOS()
+        api_os.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/os/info", api_os.info),
+                web.post("/os/update", api_os.update),
+                web.post("/os/config/sync", api_os.config_sync),
+                web.post("/os/datadisk/move", api_os.migrate_data),
+                web.get("/os/datadisk/list", api_os.list_data),
+                web.post("/os/datadisk/wipe", api_os.wipe_data),
+                web.post("/os/boot-slot", api_os.set_boot_slot),
+            ]
+        )
+
+        # Boards endpoints
+        self.webapp.add_routes(
+            [
+                web.get("/os/boards/green", api_os.boards_green_info),
+                web.post("/os/boards/green", api_os.boards_green_options),
+                web.get("/os/boards/yellow", api_os.boards_yellow_info),
+                web.post("/os/boards/yellow", api_os.boards_yellow_options),
+                web.get("/os/boards/{board}", api_os.boards_other_info),
+            ]
+        )
+
+    def _register_security(self) -> None:
+        """Register Security functions."""
+        api_security = APISecurity()
+        api_security.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/security/info", api_security.info),
+                web.post("/security/options", api_security.options),
+                web.post("/security/integrity", api_security.integrity_check),
+            ]
+        )
+
+    def _register_jobs(self) -> None:
+        """Register Jobs functions."""
+        api_jobs = APIJobs()
+        api_jobs.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/jobs/info", api_jobs.info),
+                web.post("/jobs/options", api_jobs.options),
+                web.post("/jobs/reset", api_jobs.reset),
+                web.get("/jobs/{uuid}", api_jobs.job_info),
+                web.delete("/jobs/{uuid}", api_jobs.remove_job),
+            ]
+        )
+
+    def _register_cli(self) -> None:
+        """Register HA cli functions."""
+        api_cli = APICli()
+        api_cli.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/cli/info", api_cli.info),
+                web.get("/cli/stats", api_cli.stats),
+                web.post("/cli/update", api_cli.update),
+            ]
+        )
+
+    def _register_observer(self) -> None:
+        """Register Observer functions."""
+        api_observer = APIObserver()
+        api_observer.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/observer/info", api_observer.info),
+                web.get("/observer/stats", api_observer.stats),
+                web.post("/observer/update", api_observer.update),
+            ]
+        )
+
+    def _register_multicast(self) -> None:
+        """Register Multicast functions."""
+        api_multicast = APIMulticast()
+        api_multicast.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/multicast/info", api_multicast.info),
+                web.get("/multicast/stats", api_multicast.stats),
+                web.post("/multicast/update", api_multicast.update),
+                web.post("/multicast/restart", api_multicast.restart),
+            ]
+        )
+        self._register_advanced_logs("/multicast", "hassio_multicast")
+
+    def _register_hardware(self) -> None:
+        """Register hardware functions."""
+        api_hardware = APIHardware()
+        api_hardware.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/hardware/info", api_hardware.info),
+                web.get("/hardware/audio", api_hardware.audio),
+            ]
+        )
+
+    def _register_root(self) -> None:
+        """Register root functions."""
+        api_root = APIRoot()
+        api_root.coresys = self.coresys
+
+        self.webapp.add_routes([web.get("/info", api_root.info)])
+        self.webapp.add_routes([web.post("/refresh_updates", api_root.refresh_updates)])
+        self.webapp.add_routes(
+            [web.get("/available_updates", api_root.available_updates)]
+        )
+
+        # Remove: 2023
+        self.webapp.add_routes(
+            [web.get("/supervisor/available_updates", api_root.available_updates)]
+        )
+
+    def _register_resolution(self) -> None:
+        """Register info functions."""
+        api_resolution = APIResoulution()
+        api_resolution.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/resolution/info", api_resolution.info),
+                web.post(
+                    "/resolution/check/{check}/options", api_resolution.options_check
+                ),
+                web.post("/resolution/check/{check}/run", api_resolution.run_check),
+                web.post(
+                    "/resolution/suggestion/{suggestion}",
+                    api_resolution.apply_suggestion,
+                ),
+                web.delete(
+                    "/resolution/suggestion/{suggestion}",
+                    api_resolution.dismiss_suggestion,
+                ),
+                web.delete(
+                    "/resolution/issue/{issue}",
+                    api_resolution.dismiss_issue,
+                ),
+                web.get(
+                    "/resolution/issue/{issue}/suggestions",
+                    api_resolution.suggestions_for_issue,
+                ),
+                web.post("/resolution/healthcheck", api_resolution.healthcheck),
+            ]
+        )
+
+    def _register_auth(self) -> None:
+        """Register auth functions."""
+        api_auth = APIAuth()
+        api_auth.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/auth", api_auth.auth),
+                web.post("/auth", api_auth.auth),
+                web.post("/auth/reset", api_auth.reset),
+                web.delete("/auth/cache", api_auth.cache),
+                web.get("/auth/list", api_auth.list_users),
+            ]
+        )
+
+    def _register_supervisor(self) -> None:
+        """Register Supervisor functions."""
+        api_supervisor = APISupervisor()
+        api_supervisor.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/supervisor/ping", api_supervisor.ping),
+                web.get("/supervisor/info", api_supervisor.info),
+                web.get("/supervisor/stats", api_supervisor.stats),
+                web.post("/supervisor/update", api_supervisor.update),
+                web.post("/supervisor/reload", api_supervisor.reload),
+                web.post("/supervisor/restart", api_supervisor.restart),
+                web.post("/supervisor/options", api_supervisor.options),
+                web.post("/supervisor/repair", api_supervisor.repair),
+            ]
+        )
+
+        async def get_supervisor_logs(*args, **kwargs):
+            try:
+                return await self._api_host.advanced_logs_handler(
+                    *args, identifier="hassio_supervisor", **kwargs
+                )
+            except Exception as err:  # pylint: disable=broad-exception-caught
+                # Supervisor logs are critical, so catch everything, log the exception
+                # and try to return Docker container logs as the fallback
+                _LOGGER.exception(
+                    "Failed to get supervisor logs using advanced_logs API"
+                )
+                if not isinstance(err, HostNotSupportedError):
+                    # No need to capture HostNotSupportedError to Sentry, the cause
+                    # is known and reported to the user using the resolution center.
+                    capture_exception(err)
+                kwargs.pop("follow", None)  # Follow is not supported for Docker logs
+                return await api_supervisor.logs(*args, **kwargs)
+
+        self.webapp.add_routes(
+            [
+                web.get("/supervisor/logs", get_supervisor_logs),
+                web.get(
+                    "/supervisor/logs/follow",
+                    partial(get_supervisor_logs, follow=True),
+                ),
+                web.get("/supervisor/logs/boots/{bootid}", get_supervisor_logs),
+                web.get(
+                    "/supervisor/logs/boots/{bootid}/follow",
+                    partial(get_supervisor_logs, follow=True),
+                ),
+            ]
+        )
+
+    def _register_homeassistant(self) -> None:
+        """Register Home Assistant functions."""
+        api_hass = APIHomeAssistant()
+        api_hass.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/core/info", api_hass.info),
+                web.get("/core/stats", api_hass.stats),
+                web.post("/core/options", api_hass.options),
+                web.post("/core/update", api_hass.update),
+                web.post("/core/restart", api_hass.restart),
+                web.post("/core/stop", api_hass.stop),
+                web.post("/core/start", api_hass.start),
+                web.post("/core/check", api_hass.check),
+                web.post("/core/rebuild", api_hass.rebuild),
+            ]
+        )
+
+        self._register_advanced_logs("/core", "homeassistant")
+
+        # Reroute from legacy
+        self.webapp.add_routes(
+            [
+                web.get("/homeassistant/info", api_hass.info),
+                web.get("/homeassistant/stats", api_hass.stats),
+                web.post("/homeassistant/options", api_hass.options),
+                web.post("/homeassistant/restart", api_hass.restart),
+                web.post("/homeassistant/stop", api_hass.stop),
+                web.post("/homeassistant/start", api_hass.start),
+                web.post("/homeassistant/update", api_hass.update),
+                web.post("/homeassistant/rebuild", api_hass.rebuild),
+                web.post("/homeassistant/check", api_hass.check),
+            ]
+        )
+
+        self._register_advanced_logs("/homeassistant", "homeassistant")
+
+    def _register_proxy(self) -> None:
+        """Register Home Assistant API Proxy."""
+        api_proxy = APIProxy()
+        api_proxy.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/core/api/websocket", api_proxy.websocket),
+                web.get("/core/websocket", api_proxy.websocket),
+                web.get("/core/api/stream", api_proxy.stream),
+                web.post("/core/api/{path:.+}", api_proxy.api),
+                web.get("/core/api/{path:.+}", api_proxy.api),
+                web.get("/core/api/", api_proxy.api),
+            ]
+        )
+
+        # Reroute from legacy
+        self.webapp.add_routes(
+            [
+                web.get("/homeassistant/api/websocket", api_proxy.websocket),
+                web.get("/homeassistant/websocket", api_proxy.websocket),
+                web.get("/homeassistant/api/stream", api_proxy.stream),
+                web.post("/homeassistant/api/{path:.+}", api_proxy.api),
+                web.get("/homeassistant/api/{path:.+}", api_proxy.api),
+                web.get("/homeassistant/api/", api_proxy.api),
+            ]
+        )
+
+    def _register_addons(self) -> None:
+        """Register Add-on functions."""
+        api_addons = APIAddons()
+        api_addons.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/addons", api_addons.list),
+                web.post("/addons/{addon}/uninstall", api_addons.uninstall),
+                web.post("/addons/{addon}/start", api_addons.start),
+                web.post("/addons/{addon}/stop", api_addons.stop),
+                web.post("/addons/{addon}/restart", api_addons.restart),
+                web.post("/addons/{addon}/options", api_addons.options),
+                web.post("/addons/{addon}/sys_options", api_addons.sys_options),
+                web.post(
+                    "/addons/{addon}/options/validate", api_addons.options_validate
+                ),
+                web.get("/addons/{addon}/options/config", api_addons.options_config),
+                web.post("/addons/{addon}/rebuild", api_addons.rebuild),
+                web.post("/addons/{addon}/stdin", api_addons.stdin),
+                web.post("/addons/{addon}/security", api_addons.security),
+                web.get("/addons/{addon}/stats", api_addons.stats),
+            ]
+        )
+
+        @api_process_raw(CONTENT_TYPE_TEXT, error_type=CONTENT_TYPE_TEXT)
+        async def get_addon_logs(request, *args, **kwargs):
+            addon = api_addons.get_addon_for_request(request)
+            kwargs["identifier"] = f"addon_{addon.slug}"
+            return await self._api_host.advanced_logs(request, *args, **kwargs)
+
+        self.webapp.add_routes(
+            [
+                web.get("/addons/{addon}/logs", get_addon_logs),
+                web.get(
+                    "/addons/{addon}/logs/follow",
+                    partial(get_addon_logs, follow=True),
+                ),
+                web.get("/addons/{addon}/logs/boots/{bootid}", get_addon_logs),
+                web.get(
+                    "/addons/{addon}/logs/boots/{bootid}/follow",
+                    partial(get_addon_logs, follow=True),
+                ),
+            ]
+        )
+
+        # Legacy routing to support requests for not installed addons
+        api_store = APIStore()
+        api_store.coresys = self.coresys
+
+        @api_process
+        async def addons_addon_info(request: web.Request) -> dict[str, Any]:
+            """Route to store if info requested for not installed addon."""
+            try:
+                return await api_addons.info(request)
+            except APIAddonNotInstalled:
+                # Route to store/{addon}/info but add missing fields
+                return dict(
+                    await api_store.addons_addon_info_wrapped(request),
+                    state=AddonState.UNKNOWN,
+                    options=self.sys_addons.store[request.match_info["addon"]].options,
+                )
+
+        self.webapp.add_routes([web.get("/addons/{addon}/info", addons_addon_info)])
+
+    def _register_ingress(self) -> None:
+        """Register Ingress functions."""
+        api_ingress = APIIngress()
+        api_ingress.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.post("/ingress/session", api_ingress.create_session),
+                web.post("/ingress/validate_session", api_ingress.validate_session),
+                web.get("/ingress/panels", api_ingress.panels),
+                web.view("/ingress/{token}/{path:.*}", api_ingress.handler),
+            ]
+        )
+
+    def _register_backups(self) -> None:
+        """Register backups functions."""
+        api_backups = APIBackups()
+        api_backups.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/backups", api_backups.list),
+                web.get("/backups/info", api_backups.info),
+                web.post("/backups/options", api_backups.options),
+                web.post("/backups/reload", api_backups.reload),
+                web.post("/backups/freeze", api_backups.freeze),
+                web.post("/backups/thaw", api_backups.thaw),
+                web.post("/backups/new/full", api_backups.backup_full),
+                web.post("/backups/new/partial", api_backups.backup_partial),
+                web.post("/backups/new/upload", api_backups.upload),
+                web.get("/backups/{slug}/info", api_backups.backup_info),
+                web.delete("/backups/{slug}", api_backups.remove),
+                web.post("/backups/{slug}/restore/full", api_backups.restore_full),
+                web.post(
+                    "/backups/{slug}/restore/partial",
+                    api_backups.restore_partial,
+                ),
+                web.get("/backups/{slug}/download", api_backups.download),
+            ]
+        )
+
+    def _register_services(self) -> None:
+        """Register services functions."""
+        api_services = APIServices()
+        api_services.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/services", api_services.list),
+                web.get("/services/{service}", api_services.get_service),
+                web.post("/services/{service}", api_services.set_service),
+                web.delete("/services/{service}", api_services.del_service),
+            ]
+        )
+
+    def _register_discovery(self) -> None:
+        """Register discovery functions."""
+        api_discovery = APIDiscovery()
+        api_discovery.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/discovery", api_discovery.list),
+                web.get("/discovery/{uuid}", api_discovery.get_discovery),
+                web.delete("/discovery/{uuid}", api_discovery.del_discovery),
+                web.post("/discovery", api_discovery.set_discovery),
+            ]
+        )
+
+    def _register_dns(self) -> None:
+        """Register DNS functions."""
+        api_dns = APICoreDNS()
+        api_dns.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/dns/info", api_dns.info),
+                web.get("/dns/stats", api_dns.stats),
+                web.post("/dns/update", api_dns.update),
+                web.post("/dns/options", api_dns.options),
+                web.post("/dns/restart", api_dns.restart),
+                web.post("/dns/reset", api_dns.reset),
+            ]
+        )
+
+        self._register_advanced_logs("/dns", "hassio_dns")
+
+    def _register_audio(self) -> None:
+        """Register Audio functions."""
+        api_audio = APIAudio()
+        api_audio.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/audio/info", api_audio.info),
+                web.get("/audio/stats", api_audio.stats),
+                web.post("/audio/update", api_audio.update),
+                web.post("/audio/restart", api_audio.restart),
+                web.post("/audio/reload", api_audio.reload),
+                web.post("/audio/profile", api_audio.set_profile),
+                web.post("/audio/volume/{source}/application", api_audio.set_volume),
+                web.post("/audio/volume/{source}", api_audio.set_volume),
+                web.post("/audio/mute/{source}/application", api_audio.set_mute),
+                web.post("/audio/mute/{source}", api_audio.set_mute),
+                web.post("/audio/default/{source}", api_audio.set_default),
+            ]
+        )
+
+        self._register_advanced_logs("/audio", "hassio_audio")
+
+    def _register_mounts(self) -> None:
+        """Register mounts endpoints."""
+        api_mounts = APIMounts()
+        api_mounts.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/mounts", api_mounts.info),
+                web.post("/mounts/options", api_mounts.options),
+                web.post("/mounts", api_mounts.create_mount),
+                web.put("/mounts/{mount}", api_mounts.update_mount),
+                web.delete("/mounts/{mount}", api_mounts.delete_mount),
+                web.post("/mounts/{mount}/reload", api_mounts.reload_mount),
+            ]
+        )
+
+    def _register_store(self) -> None:
+        """Register store endpoints."""
+        api_store = APIStore()
+        api_store.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/store", api_store.store_info),
+                web.get("/store/addons", api_store.addons_list),
+                web.get("/store/addons/{addon}", api_store.addons_addon_info),
+                web.get("/store/addons/{addon}/icon", api_store.addons_addon_icon),
+                web.get("/store/addons/{addon}/logo", api_store.addons_addon_logo),
+                web.get(
+                    "/store/addons/{addon}/changelog", api_store.addons_addon_changelog
+                ),
+                web.get(
+                    "/store/addons/{addon}/documentation",
+                    api_store.addons_addon_documentation,
+                ),
+                web.post(
+                    "/store/addons/{addon}/install", api_store.addons_addon_install
+                ),
+                web.post(
+                    "/store/addons/{addon}/install/{version}",
+                    api_store.addons_addon_install,
+                ),
+                web.post("/store/addons/{addon}/update", api_store.addons_addon_update),
+                web.post(
+                    "/store/addons/{addon}/update/{version}",
+                    api_store.addons_addon_update,
+                ),
+                # Must be below others since it has a wildcard in resource path
+                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
+                web.post("/store/reload", api_store.reload),
+                web.get("/store/repositories", api_store.repositories_list),
+                web.get(
+                    "/store/repositories/{repository}",
+                    api_store.repositories_repository_info,
+                ),
+                web.post("/store/repositories", api_store.add_repository),
+                web.delete(
+                    "/store/repositories/{repository}", api_store.remove_repository
+                ),
+            ]
+        )
+
+        # Reroute from legacy
+        self.webapp.add_routes(
+            [
+                web.post("/addons/reload", api_store.reload),
+                web.post("/addons/{addon}/install", api_store.addons_addon_install),
+                web.post("/addons/{addon}/update", api_store.addons_addon_update),
+                web.get("/addons/{addon}/icon", api_store.addons_addon_icon),
+                web.get("/addons/{addon}/logo", api_store.addons_addon_logo),
+                web.get("/addons/{addon}/changelog", api_store.addons_addon_changelog),
+                web.get(
+                    "/addons/{addon}/documentation",
+                    api_store.addons_addon_documentation,
+                ),
+            ]
+        )
+
+    def _register_panel(self) -> None:
+        """Register panel for Home Assistant."""
+        panel_dir = Path(__file__).parent.joinpath("panel")
+        self.webapp.add_routes([web.static("/app", panel_dir)])
+
+    def _register_docker(self) -> None:
+        """Register docker configuration functions."""
+        api_docker = APIDocker()
+        api_docker.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/docker/info", api_docker.info),
+                web.get("/docker/registries", api_docker.registries),
+                web.post("/docker/registries", api_docker.create_registry),
+                web.delete("/docker/registries/{hostname}", api_docker.remove_registry),
+            ]
+        )
+
+    async def start(self) -> None:
+        """Run RESTful API webserver."""
+        await self._runner.setup()
+        self._site = web.TCPSite(self._runner, host="0.0.0.0", port=80)
+
+        try:
+            await self._site.start()
+        except OSError as err:
+            _LOGGER.critical("Failed to create HTTP server at 0.0.0.0:80 -> %s", err)
+        else:
+            _LOGGER.info("Starting API on %s", self.sys_docker.network.supervisor)
+
+    async def stop(self) -> None:
+        """Stop RESTful API webserver."""
+        if not self._site:
+            return
+
+        # Shutdown running API
+        await self._site.stop()
+        await self._runner.cleanup()
+
+        _LOGGER.info("Stopping API on %s", self.sys_docker.network.supervisor)

supervisor/api/addons.py

@@ -0,0 +1,476 @@
+"""Init file for Supervisor Home Assistant RESTful API."""
+
+import asyncio
+from collections.abc import Awaitable
+import logging
+from typing import Any
+
+from aiohttp import web
+import voluptuous as vol
+from voluptuous.humanize import humanize_error
+
+from ..addons.addon import Addon
+from ..addons.manager import AnyAddon
+from ..addons.utils import rating_security
+from ..const import (
+    ATTR_ADDONS,
+    ATTR_ADVANCED,
+    ATTR_APPARMOR,
+    ATTR_ARCH,
+    ATTR_AUDIO,
+    ATTR_AUDIO_INPUT,
+    ATTR_AUDIO_OUTPUT,
+    ATTR_AUTH_API,
+    ATTR_AUTO_UPDATE,
+    ATTR_AVAILABLE,
+    ATTR_BLK_READ,
+    ATTR_BLK_WRITE,
+    ATTR_BOOT,
+    ATTR_BUILD,
+    ATTR_CHANGELOG,
+    ATTR_CPU_PERCENT,
+    ATTR_DESCRIPTON,
+    ATTR_DETACHED,
+    ATTR_DEVICES,
+    ATTR_DEVICETREE,
+    ATTR_DISCOVERY,
+    ATTR_DNS,
+    ATTR_DOCKER_API,
+    ATTR_DOCUMENTATION,
+    ATTR_FULL_ACCESS,
+    ATTR_GPIO,
+    ATTR_HASSIO_API,
+    ATTR_HASSIO_ROLE,
+    ATTR_HOMEASSISTANT,
+    ATTR_HOMEASSISTANT_API,
+    ATTR_HOST_DBUS,
+    ATTR_HOST_IPC,
+    ATTR_HOST_NETWORK,
+    ATTR_HOST_PID,
+    ATTR_HOST_UTS,
+    ATTR_HOSTNAME,
+    ATTR_ICON,
+    ATTR_INGRESS,
+    ATTR_INGRESS_ENTRY,
+    ATTR_INGRESS_PANEL,
+    ATTR_INGRESS_PORT,
+    ATTR_INGRESS_URL,
+    ATTR_IP_ADDRESS,
+    ATTR_KERNEL_MODULES,
+    ATTR_LOGO,
+    ATTR_LONG_DESCRIPTION,
+    ATTR_MACHINE,
+    ATTR_MEMORY_LIMIT,
+    ATTR_MEMORY_PERCENT,
+    ATTR_MEMORY_USAGE,
+    ATTR_MESSAGE,
+    ATTR_NAME,
+    ATTR_NETWORK,
+    ATTR_NETWORK_DESCRIPTION,
+    ATTR_NETWORK_RX,
+    ATTR_NETWORK_TX,
+    ATTR_OPTIONS,
+    ATTR_PRIVILEGED,
+    ATTR_PROTECTED,
+    ATTR_PWNED,
+    ATTR_RATING,
+    ATTR_REPOSITORY,
+    ATTR_SCHEMA,
+    ATTR_SERVICES,
+    ATTR_SLUG,
+    ATTR_STAGE,
+    ATTR_STARTUP,
+    ATTR_STATE,
+    ATTR_STDIN,
+    ATTR_SYSTEM_MANAGED,
+    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
+    ATTR_TRANSLATIONS,
+    ATTR_UART,
+    ATTR_UDEV,
+    ATTR_UPDATE_AVAILABLE,
+    ATTR_URL,
+    ATTR_USB,
+    ATTR_VALID,
+    ATTR_VERSION,
+    ATTR_VERSION_LATEST,
+    ATTR_VIDEO,
+    ATTR_WATCHDOG,
+    ATTR_WEBUI,
+    REQUEST_FROM,
+    AddonBoot,
+    AddonBootConfig,
+)
+from ..coresys import CoreSysAttributes
+from ..docker.stats import DockerStats
+from ..exceptions import (
+    APIAddonNotInstalled,
+    APIError,
+    APIForbidden,
+    APINotFound,
+    PwnedError,
+    PwnedSecret,
+)
+from ..validate import docker_ports
+from .const import ATTR_BOOT_CONFIG, ATTR_REMOVE_CONFIG, ATTR_SIGNED
+from .utils import api_process, api_validate, json_loads
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): str})
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
+        vol.Optional(ATTR_NETWORK): vol.Maybe(docker_ports),
+        vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
+        vol.Optional(ATTR_INGRESS_PANEL): vol.Boolean(),
+        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
+    }
+)
+
+SCHEMA_SYS_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_SYSTEM_MANAGED): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY): vol.Maybe(str),
+    }
+)
+
+SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
+
+SCHEMA_UNINSTALL = vol.Schema(
+    {vol.Optional(ATTR_REMOVE_CONFIG, default=False): vol.Boolean()}
+)
+# pylint: enable=no-value-for-parameter
+
+
+class APIAddons(CoreSysAttributes):
+    """Handle RESTful API for add-on functions."""
+
+    def get_addon_for_request(self, request: web.Request) -> Addon:
+        """Return addon, throw an exception if it doesn't exist."""
+        addon_slug: str = request.match_info.get("addon")
+
+        # Lookup itself
+        if addon_slug == "self":
+            addon = request.get(REQUEST_FROM)
+            if not isinstance(addon, Addon):
+                raise APIError("Self is not an Addon")
+            return addon
+
+        addon = self.sys_addons.get(addon_slug)
+        if not addon:
+            raise APINotFound(f"Addon {addon_slug} does not exist")
+        if not isinstance(addon, Addon) or not addon.is_installed:
+            raise APIAddonNotInstalled("Addon is not installed")
+
+        return addon
+
+    @api_process
+    async def list(self, request: web.Request) -> dict[str, Any]:
+        """Return all add-ons or repositories."""
+        data_addons = [
+            {
+                ATTR_NAME: addon.name,
+                ATTR_SLUG: addon.slug,
+                ATTR_DESCRIPTON: addon.description,
+                ATTR_ADVANCED: addon.advanced,
+                ATTR_STAGE: addon.stage,
+                ATTR_VERSION: addon.version,
+                ATTR_VERSION_LATEST: addon.latest_version,
+                ATTR_UPDATE_AVAILABLE: addon.need_update,
+                ATTR_AVAILABLE: addon.available,
+                ATTR_DETACHED: addon.is_detached,
+                ATTR_HOMEASSISTANT: addon.homeassistant_version,
+                ATTR_STATE: addon.state,
+                ATTR_REPOSITORY: addon.repository,
+                ATTR_BUILD: addon.need_build,
+                ATTR_URL: addon.url,
+                ATTR_ICON: addon.with_icon,
+                ATTR_LOGO: addon.with_logo,
+                ATTR_SYSTEM_MANAGED: addon.system_managed,
+            }
+            for addon in self.sys_addons.installed
+        ]
+
+        return {ATTR_ADDONS: data_addons}
+
+    @api_process
+    async def reload(self, request: web.Request) -> None:
+        """Reload all add-on data from store."""
+        await asyncio.shield(self.sys_store.reload())
+
+    async def info(self, request: web.Request) -> dict[str, Any]:
+        """Return add-on information."""
+        addon: AnyAddon = self.get_addon_for_request(request)
+
+        data = {
+            ATTR_NAME: addon.name,
+            ATTR_SLUG: addon.slug,
+            ATTR_HOSTNAME: addon.hostname,
+            ATTR_DNS: addon.dns,
+            ATTR_DESCRIPTON: addon.description,
+            ATTR_LONG_DESCRIPTION: addon.long_description,
+            ATTR_ADVANCED: addon.advanced,
+            ATTR_STAGE: addon.stage,
+            ATTR_REPOSITORY: addon.repository,
+            ATTR_VERSION_LATEST: addon.latest_version,
+            ATTR_PROTECTED: addon.protected,
+            ATTR_RATING: rating_security(addon),
+            ATTR_BOOT_CONFIG: addon.boot_config,
+            ATTR_BOOT: addon.boot,
+            ATTR_OPTIONS: addon.options,
+            ATTR_SCHEMA: addon.schema_ui,
+            ATTR_ARCH: addon.supported_arch,
+            ATTR_MACHINE: addon.supported_machine,
+            ATTR_HOMEASSISTANT: addon.homeassistant_version,
+            ATTR_URL: addon.url,
+            ATTR_DETACHED: addon.is_detached,
+            ATTR_AVAILABLE: addon.available,
+            ATTR_BUILD: addon.need_build,
+            ATTR_NETWORK: addon.ports,
+            ATTR_NETWORK_DESCRIPTION: addon.ports_description,
+            ATTR_HOST_NETWORK: addon.host_network,
+            ATTR_HOST_PID: addon.host_pid,
+            ATTR_HOST_IPC: addon.host_ipc,
+            ATTR_HOST_UTS: addon.host_uts,
+            ATTR_HOST_DBUS: addon.host_dbus,
+            ATTR_PRIVILEGED: addon.privileged,
+            ATTR_FULL_ACCESS: addon.with_full_access,
+            ATTR_APPARMOR: addon.apparmor,
+            ATTR_ICON: addon.with_icon,
+            ATTR_LOGO: addon.with_logo,
+            ATTR_CHANGELOG: addon.with_changelog,
+            ATTR_DOCUMENTATION: addon.with_documentation,
+            ATTR_STDIN: addon.with_stdin,
+            ATTR_HASSIO_API: addon.access_hassio_api,
+            ATTR_HASSIO_ROLE: addon.hassio_role,
+            ATTR_AUTH_API: addon.access_auth_api,
+            ATTR_HOMEASSISTANT_API: addon.access_homeassistant_api,
+            ATTR_GPIO: addon.with_gpio,
+            ATTR_USB: addon.with_usb,
+            ATTR_UART: addon.with_uart,
+            ATTR_KERNEL_MODULES: addon.with_kernel_modules,
+            ATTR_DEVICETREE: addon.with_devicetree,
+            ATTR_UDEV: addon.with_udev,
+            ATTR_DOCKER_API: addon.access_docker_api,
+            ATTR_VIDEO: addon.with_video,
+            ATTR_AUDIO: addon.with_audio,
+            ATTR_STARTUP: addon.startup,
+            ATTR_SERVICES: _pretty_services(addon),
+            ATTR_DISCOVERY: addon.discovery,
+            ATTR_TRANSLATIONS: addon.translations,
+            ATTR_INGRESS: addon.with_ingress,
+            ATTR_SIGNED: addon.signed,
+            ATTR_STATE: addon.state,
+            ATTR_WEBUI: addon.webui,
+            ATTR_INGRESS_ENTRY: addon.ingress_entry,
+            ATTR_INGRESS_URL: addon.ingress_url,
+            ATTR_INGRESS_PORT: addon.ingress_port,
+            ATTR_INGRESS_PANEL: addon.ingress_panel,
+            ATTR_AUDIO_INPUT: addon.audio_input,
+            ATTR_AUDIO_OUTPUT: addon.audio_output,
+            ATTR_AUTO_UPDATE: addon.auto_update,
+            ATTR_IP_ADDRESS: str(addon.ip_address),
+            ATTR_VERSION: addon.version,
+            ATTR_UPDATE_AVAILABLE: addon.need_update,
+            ATTR_WATCHDOG: addon.watchdog,
+            ATTR_DEVICES: addon.static_devices
+            + [device.path for device in addon.devices],
+            ATTR_SYSTEM_MANAGED: addon.system_managed,
+            ATTR_SYSTEM_MANAGED_CONFIG_ENTRY: addon.system_managed_config_entry,
+        }
+
+        return data
+
+    @api_process
+    async def options(self, request: web.Request) -> None:
+        """Store user options for add-on."""
+        addon = self.get_addon_for_request(request)
+
+        # Update secrets for validation
+        await self.sys_homeassistant.secrets.reload()
+
+        # Extend schema with add-on specific validation
+        addon_schema = SCHEMA_OPTIONS.extend(
+            {vol.Optional(ATTR_OPTIONS): vol.Maybe(addon.schema)}
+        )
+
+        # Validate/Process Body
+        body = await api_validate(addon_schema, request, origin=[ATTR_OPTIONS])
+        if ATTR_OPTIONS in body:
+            addon.options = body[ATTR_OPTIONS]
+        if ATTR_BOOT in body:
+            if addon.boot_config == AddonBootConfig.MANUAL_ONLY:
+                raise APIError(
+                    f"Addon {addon.slug} boot option is set to {addon.boot_config} so it cannot be changed"
+                )
+            addon.boot = body[ATTR_BOOT]
+        if ATTR_AUTO_UPDATE in body:
+            addon.auto_update = body[ATTR_AUTO_UPDATE]
+        if ATTR_NETWORK in body:
+            addon.ports = body[ATTR_NETWORK]
+        if ATTR_AUDIO_INPUT in body:
+            addon.audio_input = body[ATTR_AUDIO_INPUT]
+        if ATTR_AUDIO_OUTPUT in body:
+            addon.audio_output = body[ATTR_AUDIO_OUTPUT]
+        if ATTR_INGRESS_PANEL in body:
+            addon.ingress_panel = body[ATTR_INGRESS_PANEL]
+            await self.sys_ingress.update_hass_panel(addon)
+        if ATTR_WATCHDOG in body:
+            addon.watchdog = body[ATTR_WATCHDOG]
+
+        addon.save_persist()
+
+    @api_process
+    async def sys_options(self, request: web.Request) -> None:
+        """Store system options for an add-on."""
+        addon = self.get_addon_for_request(request)
+
+        # Validate/Process Body
+        body = await api_validate(SCHEMA_SYS_OPTIONS, request)
+        if ATTR_SYSTEM_MANAGED in body:
+            addon.system_managed = body[ATTR_SYSTEM_MANAGED]
+        if ATTR_SYSTEM_MANAGED_CONFIG_ENTRY in body:
+            addon.system_managed_config_entry = body[ATTR_SYSTEM_MANAGED_CONFIG_ENTRY]
+
+        addon.save_persist()
+
+    @api_process
+    async def options_validate(self, request: web.Request) -> None:
+        """Validate user options for add-on."""
+        addon = self.get_addon_for_request(request)
+        data = {ATTR_MESSAGE: "", ATTR_VALID: True, ATTR_PWNED: False}
+
+        options = await request.json(loads=json_loads) or addon.options
+
+        # Validate config
+        options_schema = addon.schema
+        try:
+            options_schema.validate(options)
+        except vol.Invalid as ex:
+            data[ATTR_MESSAGE] = humanize_error(options, ex)
+            data[ATTR_VALID] = False
+
+        if not self.sys_security.pwned:
+            return data
+
+        # Pwned check
+        for secret in options_schema.pwned:
+            try:
+                await self.sys_security.verify_secret(secret)
+                continue
+            except PwnedSecret:
+                data[ATTR_PWNED] = True
+            except PwnedError:
+                data[ATTR_PWNED] = None
+            break
+
+        if self.sys_security.force and data[ATTR_PWNED] in (None, True):
+            data[ATTR_VALID] = False
+            if data[ATTR_PWNED] is None:
+                data[ATTR_MESSAGE] = "Error happening on pwned secrets check!"
+            else:
+                data[ATTR_MESSAGE] = "Add-on uses pwned secrets!"
+
+        return data
+
+    @api_process
+    async def options_config(self, request: web.Request) -> None:
+        """Validate user options for add-on."""
+        slug: str = request.match_info.get("addon")
+        if slug != "self":
+            raise APIForbidden("This can be only read by the Add-on itself!")
+        addon = self.get_addon_for_request(request)
+
+        # Lookup/reload secrets
+        await self.sys_homeassistant.secrets.reload()
+        try:
+            return addon.schema.validate(addon.options)
+        except vol.Invalid:
+            raise APIError("Invalid configuration data for the add-on") from None
+
+    @api_process
+    async def security(self, request: web.Request) -> None:
+        """Store security options for add-on."""
+        addon = self.get_addon_for_request(request)
+        body: dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
+
+        if ATTR_PROTECTED in body:
+            _LOGGER.warning("Changing protected flag for %s!", addon.slug)
+            addon.protected = body[ATTR_PROTECTED]
+
+        addon.save_persist()
+
+    @api_process
+    async def stats(self, request: web.Request) -> dict[str, Any]:
+        """Return resource information."""
+        addon = self.get_addon_for_request(request)
+
+        stats: DockerStats = await addon.stats()
+
+        return {
+            ATTR_CPU_PERCENT: stats.cpu_percent,
+            ATTR_MEMORY_USAGE: stats.memory_usage,
+            ATTR_MEMORY_LIMIT: stats.memory_limit,
+            ATTR_MEMORY_PERCENT: stats.memory_percent,
+            ATTR_NETWORK_RX: stats.network_rx,
+            ATTR_NETWORK_TX: stats.network_tx,
+            ATTR_BLK_READ: stats.blk_read,
+            ATTR_BLK_WRITE: stats.blk_write,
+        }
+
+    @api_process
+    async def uninstall(self, request: web.Request) -> Awaitable[None]:
+        """Uninstall add-on."""
+        addon = self.get_addon_for_request(request)
+        body: dict[str, Any] = await api_validate(SCHEMA_UNINSTALL, request)
+        return await asyncio.shield(
+            self.sys_addons.uninstall(
+                addon.slug, remove_config=body[ATTR_REMOVE_CONFIG]
+            )
+        )
+
+    @api_process
+    async def start(self, request: web.Request) -> None:
+        """Start add-on."""
+        addon = self.get_addon_for_request(request)
+        if start_task := await asyncio.shield(addon.start()):
+            await start_task
+
+    @api_process
+    def stop(self, request: web.Request) -> Awaitable[None]:
+        """Stop add-on."""
+        addon = self.get_addon_for_request(request)
+        return asyncio.shield(addon.stop())
+
+    @api_process
+    async def restart(self, request: web.Request) -> None:
+        """Restart add-on."""
+        addon: Addon = self.get_addon_for_request(request)
+        if start_task := await asyncio.shield(addon.restart()):
+            await start_task
+
+    @api_process
+    async def rebuild(self, request: web.Request) -> None:
+        """Rebuild local build add-on."""
+        addon = self.get_addon_for_request(request)
+        if start_task := await asyncio.shield(self.sys_addons.rebuild(addon.slug)):
+            await start_task
+
+    @api_process
+    async def stdin(self, request: web.Request) -> None:
+        """Write to stdin of add-on."""
+        addon = self.get_addon_for_request(request)
+        if not addon.with_stdin:
+            raise APIError(f"STDIN not supported the {addon.slug} add-on")
+
+        data = await request.read()
+        await asyncio.shield(addon.write_stdin(data))
+
+
+def _pretty_services(addon: Addon) -> list[str]:
+    """Return a simplified services role list."""
+    return [f"{name}:{access}" for name, access in addon.services_role.items()]

supervisor/api/audio.py

@@ -0,0 +1,165 @@
+"""Init file for Supervisor Audio RESTful API."""
+
+import asyncio
+from collections.abc import Awaitable
+from dataclasses import asdict
+import logging
+from typing import Any
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..const import (
+    ATTR_ACTIVE,
+    ATTR_APPLICATION,
+    ATTR_AUDIO,
+    ATTR_BLK_READ,
+    ATTR_BLK_WRITE,
+    ATTR_CARD,
+    ATTR_CPU_PERCENT,
+    ATTR_HOST,
+    ATTR_INDEX,
+    ATTR_INPUT,
+    ATTR_MEMORY_LIMIT,
+    ATTR_MEMORY_PERCENT,
+    ATTR_MEMORY_USAGE,
+    ATTR_NAME,
+    ATTR_NETWORK_RX,
+    ATTR_NETWORK_TX,
+    ATTR_OUTPUT,
+    ATTR_UPDATE_AVAILABLE,
+    ATTR_VERSION,
+    ATTR_VERSION_LATEST,
+    ATTR_VOLUME,
+)
+from ..coresys import CoreSysAttributes
+from ..exceptions import APIError
+from ..host.sound import StreamType
+from ..validate import version_tag
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+
+SCHEMA_VOLUME = vol.Schema(
+    {
+        vol.Required(ATTR_INDEX): vol.Coerce(int),
+        vol.Required(ATTR_VOLUME): vol.Coerce(float),
+    }
+)
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_MUTE = vol.Schema(
+    {
+        vol.Required(ATTR_INDEX): vol.Coerce(int),
+        vol.Required(ATTR_ACTIVE): vol.Boolean(),
+    }
+)
+
+SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): str})
+
+SCHEMA_PROFILE = vol.Schema(
+    {vol.Required(ATTR_CARD): str, vol.Required(ATTR_NAME): str}
+)
+
+
+class APIAudio(CoreSysAttributes):
+    """Handle RESTful API for Audio functions."""
+
+    @api_process
+    async def info(self, request: web.Request) -> dict[str, Any]:
+        """Return Audio information."""
+        return {
+            ATTR_VERSION: self.sys_plugins.audio.version,
+            ATTR_VERSION_LATEST: self.sys_plugins.audio.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.audio.need_update,
+            ATTR_HOST: str(self.sys_docker.network.audio),
+            ATTR_AUDIO: {
+                ATTR_CARD: [asdict(card) for card in self.sys_host.sound.cards],
+                ATTR_INPUT: [asdict(stream) for stream in self.sys_host.sound.inputs],
+                ATTR_OUTPUT: [asdict(stream) for stream in self.sys_host.sound.outputs],
+                ATTR_APPLICATION: [
+                    asdict(stream) for stream in self.sys_host.sound.applications
+                ],
+            },
+        }
+
+    @api_process
+    async def stats(self, request: web.Request) -> dict[str, Any]:
+        """Return resource information."""
+        stats = await self.sys_plugins.audio.stats()
+
+        return {
+            ATTR_CPU_PERCENT: stats.cpu_percent,
+            ATTR_MEMORY_USAGE: stats.memory_usage,
+            ATTR_MEMORY_LIMIT: stats.memory_limit,
+            ATTR_MEMORY_PERCENT: stats.memory_percent,
+            ATTR_NETWORK_RX: stats.network_rx,
+            ATTR_NETWORK_TX: stats.network_tx,
+            ATTR_BLK_READ: stats.blk_read,
+            ATTR_BLK_WRITE: stats.blk_write,
+        }
+
+    @api_process
+    async def update(self, request: web.Request) -> None:
+        """Update Audio plugin."""
+        body = await api_validate(SCHEMA_VERSION, request)
+        version = body.get(ATTR_VERSION, self.sys_plugins.audio.latest_version)
+
+        if version == self.sys_plugins.audio.version:
+            raise APIError(f"Version {version} is already in use")
+        await asyncio.shield(self.sys_plugins.audio.update(version))
+
+    @api_process
+    def restart(self, request: web.Request) -> Awaitable[None]:
+        """Restart Audio plugin."""
+        return asyncio.shield(self.sys_plugins.audio.restart())
+
+    @api_process
+    def reload(self, request: web.Request) -> Awaitable[None]:
+        """Reload Audio information."""
+        return asyncio.shield(self.sys_host.sound.update())
+
+    @api_process
+    async def set_volume(self, request: web.Request) -> None:
+        """Set audio volume on stream."""
+        source: StreamType = StreamType(request.match_info.get("source"))
+        application: bool = request.path.endswith("application")
+        body = await api_validate(SCHEMA_VOLUME, request)
+
+        await asyncio.shield(
+            self.sys_host.sound.set_volume(
+                source, body[ATTR_INDEX], body[ATTR_VOLUME], application
+            )
+        )
+
+    @api_process
+    async def set_mute(self, request: web.Request) -> None:
+        """Mute audio volume on stream."""
+        source: StreamType = StreamType(request.match_info.get("source"))
+        application: bool = request.path.endswith("application")
+        body = await api_validate(SCHEMA_MUTE, request)
+
+        await asyncio.shield(
+            self.sys_host.sound.set_mute(
+                source, body[ATTR_INDEX], body[ATTR_ACTIVE], application
+            )
+        )
+
+    @api_process
+    async def set_default(self, request: web.Request) -> None:
+        """Set audio default stream."""
+        source: StreamType = StreamType(request.match_info.get("source"))
+        body = await api_validate(SCHEMA_DEFAULT, request)
+
+        await asyncio.shield(self.sys_host.sound.set_default(source, body[ATTR_NAME]))
+
+    @api_process
+    async def set_profile(self, request: web.Request) -> None:
+        """Set audio default sources."""
+        body = await api_validate(SCHEMA_PROFILE, request)
+
+        await asyncio.shield(
+            self.sys_host.sound.ativate_profile(body[ATTR_CARD], body[ATTR_NAME])
+        )

supervisor/api/auth.py

@@ -0,0 +1,120 @@
+"""Init file for Supervisor auth/SSO RESTful API."""
+
+import asyncio
+import logging
+from typing import Any
+
+from aiohttp import BasicAuth, web
+from aiohttp.hdrs import AUTHORIZATION, CONTENT_TYPE, WWW_AUTHENTICATE
+from aiohttp.web_exceptions import HTTPUnauthorized
+import voluptuous as vol
+
+from ..addons.addon import Addon
+from ..const import ATTR_NAME, ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
+from ..coresys import CoreSysAttributes
+from ..exceptions import APIForbidden
+from ..utils.json import json_loads
+from .const import (
+    ATTR_GROUP_IDS,
+    ATTR_IS_ACTIVE,
+    ATTR_IS_OWNER,
+    ATTR_LOCAL_ONLY,
+    ATTR_USERS,
+    CONTENT_TYPE_JSON,
+    CONTENT_TYPE_URL,
+)
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_PASSWORD_RESET = vol.Schema(
+    {
+        vol.Required(ATTR_USERNAME): str,
+        vol.Required(ATTR_PASSWORD): str,
+    }
+)
+
+REALM_HEADER: dict[str, str] = {
+    WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'
+}
+
+
+class APIAuth(CoreSysAttributes):
+    """Handle RESTful API for auth functions."""
+
+    def _process_basic(self, request: web.Request, addon: Addon) -> bool:
+        """Process login request with basic auth.
+
+        Return a coroutine.
+        """
+        auth = BasicAuth.decode(request.headers[AUTHORIZATION])
+        return self.sys_auth.check_login(addon, auth.login, auth.password)
+
+    def _process_dict(
+        self, request: web.Request, addon: Addon, data: dict[str, str]
+    ) -> bool:
+        """Process login with dict data.
+
+        Return a coroutine.
+        """
+        username = data.get("username") or data.get("user")
+        password = data.get("password")
+
+        return self.sys_auth.check_login(addon, username, password)
+
+    @api_process
+    async def auth(self, request: web.Request) -> bool:
+        """Process login request."""
+        addon = request[REQUEST_FROM]
+
+        if not addon.access_auth_api:
+            raise APIForbidden("Can't use Home Assistant auth!")
+
+        # BasicAuth
+        if AUTHORIZATION in request.headers:
+            if not await self._process_basic(request, addon):
+                raise HTTPUnauthorized(headers=REALM_HEADER)
+            return True
+
+        # Json
+        if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
+            data = await request.json(loads=json_loads)
+            return await self._process_dict(request, addon, data)
+
+        # URL encoded
+        if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_URL:
+            data = await request.post()
+            return await self._process_dict(request, addon, data)
+
+        raise HTTPUnauthorized(headers=REALM_HEADER)
+
+    @api_process
+    async def reset(self, request: web.Request) -> None:
+        """Process reset password request."""
+        body: dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
+        await asyncio.shield(
+            self.sys_auth.change_password(body[ATTR_USERNAME], body[ATTR_PASSWORD])
+        )
+
+    @api_process
+    async def cache(self, request: web.Request) -> None:
+        """Process cache reset request."""
+        self.sys_auth.reset_data()
+
+    @api_process
+    async def list_users(self, request: web.Request) -> dict[str, list[dict[str, Any]]]:
+        """List users on the Home Assistant instance."""
+        return {
+            ATTR_USERS: [
+                {
+                    ATTR_USERNAME: user[ATTR_USERNAME],
+                    ATTR_NAME: user[ATTR_NAME],
+                    ATTR_IS_OWNER: user[ATTR_IS_OWNER],
+                    ATTR_IS_ACTIVE: user[ATTR_IS_ACTIVE],
+                    ATTR_LOCAL_ONLY: user[ATTR_LOCAL_ONLY],
+                    ATTR_GROUP_IDS: user[ATTR_GROUP_IDS],
+                }
+                for user in await self.sys_auth.list_users()
+                if user[ATTR_USERNAME]
+            ]
+        }

supervisor/api/backups.py

@@ -0,0 +1,556 @@
+"""Backups RESTful API."""
+
+from __future__ import annotations
+
+import asyncio
+from collections.abc import Callable
+import errno
+import logging
+from pathlib import Path
+import re
+from tempfile import TemporaryDirectory
+from typing import Any
+
+from aiohttp import web
+from aiohttp.hdrs import CONTENT_DISPOSITION
+import voluptuous as vol
+from voluptuous.humanize import humanize_error
+
+from ..backups.backup import Backup
+from ..backups.const import LOCATION_CLOUD_BACKUP, LOCATION_TYPE
+from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT, days_until_stale
+from ..const import (
+    ATTR_ADDONS,
+    ATTR_BACKUPS,
+    ATTR_COMPRESSED,
+    ATTR_CONTENT,
+    ATTR_DATE,
+    ATTR_DAYS_UNTIL_STALE,
+    ATTR_EXTRA,
+    ATTR_FILENAME,
+    ATTR_FOLDERS,
+    ATTR_HOMEASSISTANT,
+    ATTR_HOMEASSISTANT_EXCLUDE_DATABASE,
+    ATTR_JOB_ID,
+    ATTR_LOCATION,
+    ATTR_NAME,
+    ATTR_PASSWORD,
+    ATTR_PATH,
+    ATTR_PROTECTED,
+    ATTR_REPOSITORIES,
+    ATTR_SIZE,
+    ATTR_SLUG,
+    ATTR_SUPERVISOR_VERSION,
+    ATTR_TIMEOUT,
+    ATTR_TYPE,
+    ATTR_VERSION,
+    REQUEST_FROM,
+    BusEvent,
+    CoreState,
+)
+from ..coresys import CoreSysAttributes
+from ..exceptions import APIError, APIForbidden, APINotFound
+from ..jobs import JobSchedulerOptions
+from ..mounts.const import MountUsage
+from ..resolution.const import UnhealthyReason
+from .const import (
+    ATTR_ADDITIONAL_LOCATIONS,
+    ATTR_BACKGROUND,
+    ATTR_LOCATION_ATTRIBUTES,
+    ATTR_LOCATIONS,
+    ATTR_SIZE_BYTES,
+    CONTENT_TYPE_TAR,
+)
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+ALL_ADDONS_FLAG = "ALL"
+
+LOCATION_LOCAL = ".local"
+
+RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")
+RE_BACKUP_FILENAME = re.compile(r"^[^\\\/]+\.tar$")
+
+# Backwards compatible
+# Remove: 2022.08
+_ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
+
+
+def _ensure_list(item: Any) -> list:
+    """Ensure value is a list."""
+    if not isinstance(item, list):
+        return [item]
+    return item
+
+
+def _convert_local_location(item: str | None) -> str | None:
+    """Convert local location value."""
+    if item in {LOCATION_LOCAL, ""}:
+        return None
+    return item
+
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_FOLDERS = vol.All([vol.In(_ALL_FOLDERS)], vol.Unique())
+SCHEMA_LOCATION = vol.All(vol.Maybe(str), _convert_local_location)
+SCHEMA_LOCATION_LIST = vol.All(_ensure_list, [SCHEMA_LOCATION], vol.Unique())
+
+SCHEMA_RESTORE_FULL = vol.Schema(
+    {
+        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
+        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
+        vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION,
+    }
+)
+
+SCHEMA_RESTORE_PARTIAL = SCHEMA_RESTORE_FULL.extend(
+    {
+        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
+        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
+        vol.Optional(ATTR_FOLDERS): SCHEMA_FOLDERS,
+    }
+)
+
+SCHEMA_BACKUP_FULL = vol.Schema(
+    {
+        vol.Optional(ATTR_NAME): str,
+        vol.Optional(ATTR_FILENAME): vol.Match(RE_BACKUP_FILENAME),
+        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
+        vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
+        vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION_LIST,
+        vol.Optional(ATTR_HOMEASSISTANT_EXCLUDE_DATABASE): vol.Boolean(),
+        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
+        vol.Optional(ATTR_EXTRA): dict,
+    }
+)
+
+SCHEMA_BACKUP_PARTIAL = SCHEMA_BACKUP_FULL.extend(
+    {
+        vol.Optional(ATTR_ADDONS): vol.Or(
+            ALL_ADDONS_FLAG, vol.All([str], vol.Unique())
+        ),
+        vol.Optional(ATTR_FOLDERS): SCHEMA_FOLDERS,
+        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
+    }
+)
+
+SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_DAYS_UNTIL_STALE): days_until_stale})
+SCHEMA_FREEZE = vol.Schema({vol.Optional(ATTR_TIMEOUT): vol.All(int, vol.Range(min=1))})
+SCHEMA_REMOVE = vol.Schema({vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION_LIST})
+
+
+class APIBackups(CoreSysAttributes):
+    """Handle RESTful API for backups functions."""
+
+    def _extract_slug(self, request):
+        """Return backup, throw an exception if it doesn't exist."""
+        backup = self.sys_backups.get(request.match_info.get("slug"))
+        if not backup:
+            raise APINotFound("Backup does not exist")
+        return backup
+
+    def _make_location_attributes(self, backup: Backup) -> dict[str, dict[str, Any]]:
+        """Make location attributes dictionary."""
+        return {
+            loc if loc else LOCATION_LOCAL: {
+                ATTR_PROTECTED: backup.all_locations[loc][ATTR_PROTECTED],
+                ATTR_SIZE_BYTES: backup.location_size(loc),
+            }
+            for loc in backup.locations
+        }
+
+    def _list_backups(self):
+        """Return list of backups."""
+        return [
+            {
+                ATTR_SLUG: backup.slug,
+                ATTR_NAME: backup.name,
+                ATTR_DATE: backup.date,
+                ATTR_TYPE: backup.sys_type,
+                ATTR_SIZE: backup.size,
+                ATTR_SIZE_BYTES: backup.size_bytes,
+                ATTR_LOCATION: backup.location,
+                ATTR_LOCATIONS: backup.locations,
+                ATTR_PROTECTED: backup.protected,
+                ATTR_LOCATION_ATTRIBUTES: self._make_location_attributes(backup),
+                ATTR_COMPRESSED: backup.compressed,
+                ATTR_CONTENT: {
+                    ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
+                    ATTR_ADDONS: backup.addon_list,
+                    ATTR_FOLDERS: backup.folders,
+                },
+            }
+            for backup in self.sys_backups.list_backups
+            if backup.location != LOCATION_CLOUD_BACKUP
+        ]
+
+    @api_process
+    async def list(self, request):
+        """Return backup list."""
+        data_backups = self._list_backups()
+
+        if request.path == "/snapshots":
+            # Kept for backwards compability
+            return {"snapshots": data_backups}
+
+        return {ATTR_BACKUPS: data_backups}
+
+    @api_process
+    async def info(self, request):
+        """Return backup list and manager info."""
+        return {
+            ATTR_BACKUPS: self._list_backups(),
+            ATTR_DAYS_UNTIL_STALE: self.sys_backups.days_until_stale,
+        }
+
+    @api_process
+    async def options(self, request):
+        """Set backup manager options."""
+        body = await api_validate(SCHEMA_OPTIONS, request)
+
+        if ATTR_DAYS_UNTIL_STALE in body:
+            self.sys_backups.days_until_stale = body[ATTR_DAYS_UNTIL_STALE]
+
+        self.sys_backups.save_data()
+
+    @api_process
+    async def reload(self, _):
+        """Reload backup list."""
+        await asyncio.shield(self.sys_backups.reload())
+        return True
+
+    @api_process
+    async def backup_info(self, request):
+        """Return backup info."""
+        backup = self._extract_slug(request)
+
+        data_addons = []
+        for addon_data in backup.addons:
+            data_addons.append(
+                {
+                    ATTR_SLUG: addon_data[ATTR_SLUG],
+                    ATTR_NAME: addon_data[ATTR_NAME],
+                    ATTR_VERSION: addon_data[ATTR_VERSION],
+                    ATTR_SIZE: addon_data[ATTR_SIZE],
+                }
+            )
+
+        return {
+            ATTR_SLUG: backup.slug,
+            ATTR_TYPE: backup.sys_type,
+            ATTR_NAME: backup.name,
+            ATTR_DATE: backup.date,
+            ATTR_SIZE: backup.size,
+            ATTR_SIZE_BYTES: backup.size_bytes,
+            ATTR_COMPRESSED: backup.compressed,
+            ATTR_PROTECTED: backup.protected,
+            ATTR_LOCATION_ATTRIBUTES: self._make_location_attributes(backup),
+            ATTR_SUPERVISOR_VERSION: backup.supervisor_version,
+            ATTR_HOMEASSISTANT: backup.homeassistant_version,
+            ATTR_LOCATION: backup.location,
+            ATTR_LOCATIONS: backup.locations,
+            ATTR_ADDONS: data_addons,
+            ATTR_REPOSITORIES: backup.repositories,
+            ATTR_FOLDERS: backup.folders,
+            ATTR_HOMEASSISTANT_EXCLUDE_DATABASE: backup.homeassistant_exclude_database,
+            ATTR_EXTRA: backup.extra,
+        }
+
+    def _location_to_mount(self, location: str | None) -> LOCATION_TYPE:
+        """Convert a single location to a mount if possible."""
+        if not location or location == LOCATION_CLOUD_BACKUP:
+            return location
+
+        mount = self.sys_mounts.get(location)
+        if mount.usage != MountUsage.BACKUP:
+            raise APIError(
+                f"Mount {mount.name} is not used for backups, cannot backup to there"
+            )
+
+        return mount
+
+    def _location_field_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
+        """Change location field to mount if necessary."""
+        body[ATTR_LOCATION] = self._location_to_mount(body.get(ATTR_LOCATION))
+        return body
+
+    def _validate_cloud_backup_location(
+        self, request: web.Request, location: list[str | None] | str | None
+    ) -> None:
+        """Cloud backup location is only available to Home Assistant."""
+        if not isinstance(location, list):
+            location = [location]
+        if (
+            LOCATION_CLOUD_BACKUP in location
+            and request.get(REQUEST_FROM) != self.sys_homeassistant
+        ):
+            raise APIForbidden(
+                f"Location {LOCATION_CLOUD_BACKUP} is only available for Home Assistant"
+            )
+
+    async def _background_backup_task(
+        self, backup_method: Callable, *args, **kwargs
+    ) -> tuple[asyncio.Task, str]:
+        """Start backup task in  background and return task and job ID."""
+        event = asyncio.Event()
+        job, backup_task = self.sys_jobs.schedule_job(
+            backup_method, JobSchedulerOptions(), *args, **kwargs
+        )
+
+        async def release_on_freeze(new_state: CoreState):
+            if new_state == CoreState.FREEZE:
+                event.set()
+
+        # Wait for system to get into freeze state before returning
+        # If the backup fails validation it will raise before getting there
+        listener = self.sys_bus.register_event(
+            BusEvent.SUPERVISOR_STATE_CHANGE, release_on_freeze
+        )
+        try:
+            event_task = self.sys_create_task(event.wait())
+            _, pending = await asyncio.wait(
+                (
+                    backup_task,
+                    event_task,
+                ),
+                return_when=asyncio.FIRST_COMPLETED,
+            )
+            # It seems backup returned early (error or something), make sure to cancel
+            # the event task to avoid "Task was destroyed but it is pending!" errors.
+            if event_task in pending:
+                event_task.cancel()
+            return (backup_task, job.uuid)
+        finally:
+            self.sys_bus.remove_listener(listener)
+
+    @api_process
+    async def backup_full(self, request: web.Request):
+        """Create full backup."""
+        body = await api_validate(SCHEMA_BACKUP_FULL, request)
+        locations: list[LOCATION_TYPE] | None = None
+
+        if ATTR_LOCATION in body:
+            location_names: list[str | None] = body.pop(ATTR_LOCATION)
+            self._validate_cloud_backup_location(request, location_names)
+
+            locations = [
+                self._location_to_mount(location) for location in location_names
+            ]
+            body[ATTR_LOCATION] = locations.pop(0)
+            if locations:
+                body[ATTR_ADDITIONAL_LOCATIONS] = locations
+
+        background = body.pop(ATTR_BACKGROUND)
+        backup_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_backup_full, **body
+        )
+
+        if background and not backup_task.done():
+            return {ATTR_JOB_ID: job_id}
+
+        backup: Backup = await backup_task
+        if backup:
+            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
+        raise APIError(
+            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
+
+    @api_process
+    async def backup_partial(self, request: web.Request):
+        """Create a partial backup."""
+        body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
+        locations: list[LOCATION_TYPE] | None = None
+
+        if ATTR_LOCATION in body:
+            location_names: list[str | None] = body.pop(ATTR_LOCATION)
+            self._validate_cloud_backup_location(request, location_names)
+
+            locations = [
+                self._location_to_mount(location) for location in location_names
+            ]
+            body[ATTR_LOCATION] = locations.pop(0)
+            if locations:
+                body[ATTR_ADDITIONAL_LOCATIONS] = locations
+
+        if body.get(ATTR_ADDONS) == ALL_ADDONS_FLAG:
+            body[ATTR_ADDONS] = list(self.sys_addons.local)
+
+        background = body.pop(ATTR_BACKGROUND)
+        backup_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_backup_partial, **body
+        )
+
+        if background and not backup_task.done():
+            return {ATTR_JOB_ID: job_id}
+
+        backup: Backup = await backup_task
+        if backup:
+            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
+        raise APIError(
+            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
+
+    @api_process
+    async def restore_full(self, request: web.Request):
+        """Full restore of a backup."""
+        backup = self._extract_slug(request)
+        body = await api_validate(SCHEMA_RESTORE_FULL, request)
+        self._validate_cloud_backup_location(
+            request, body.get(ATTR_LOCATION, backup.location)
+        )
+        background = body.pop(ATTR_BACKGROUND)
+        restore_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_restore_full, backup, **body
+        )
+
+        if background and not restore_task.done() or await restore_task:
+            return {ATTR_JOB_ID: job_id}
+        raise APIError(
+            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
+
+    @api_process
+    async def restore_partial(self, request: web.Request):
+        """Partial restore a backup."""
+        backup = self._extract_slug(request)
+        body = await api_validate(SCHEMA_RESTORE_PARTIAL, request)
+        self._validate_cloud_backup_location(
+            request, body.get(ATTR_LOCATION, backup.location)
+        )
+        background = body.pop(ATTR_BACKGROUND)
+        restore_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_restore_partial, backup, **body
+        )
+
+        if background and not restore_task.done() or await restore_task:
+            return {ATTR_JOB_ID: job_id}
+        raise APIError(
+            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
+
+    @api_process
+    async def freeze(self, request: web.Request):
+        """Initiate manual freeze for external backup."""
+        body = await api_validate(SCHEMA_FREEZE, request)
+        await asyncio.shield(self.sys_backups.freeze_all(**body))
+
+    @api_process
+    async def thaw(self, request: web.Request):
+        """Begin thaw after manual freeze."""
+        await self.sys_backups.thaw_all()
+
+    @api_process
+    async def remove(self, request: web.Request):
+        """Remove a backup."""
+        backup = self._extract_slug(request)
+        body = await api_validate(SCHEMA_REMOVE, request)
+        locations: list[LOCATION_TYPE] | None = None
+
+        if ATTR_LOCATION in body:
+            self._validate_cloud_backup_location(request, body[ATTR_LOCATION])
+            locations = [self._location_to_mount(name) for name in body[ATTR_LOCATION]]
+        else:
+            self._validate_cloud_backup_location(request, backup.location)
+
+        self.sys_backups.remove(backup, locations=locations)
+
+    @api_process
+    async def download(self, request: web.Request):
+        """Download a backup file."""
+        backup = self._extract_slug(request)
+        # Query will give us '' for /backups, convert value to None
+        location = _convert_local_location(
+            request.query.get(ATTR_LOCATION, backup.location)
+        )
+        self._validate_cloud_backup_location(request, location)
+        if location not in backup.all_locations:
+            raise APIError(f"Backup {backup.slug} is not in location {location}")
+
+        _LOGGER.info("Downloading backup %s", backup.slug)
+        filename = backup.all_locations[location][ATTR_PATH]
+        # If the file is missing, return 404 and trigger reload of location
+        if not filename.is_file():
+            self.sys_create_task(self.sys_backups.reload(location))
+            return web.Response(status=404)
+
+        response = web.FileResponse(filename)
+        response.content_type = CONTENT_TYPE_TAR
+
+        download_filename = filename.name
+        if download_filename == f"{backup.slug}.tar":
+            download_filename = f"{RE_SLUGIFY_NAME.sub('_', backup.name)}.tar"
+        response.headers[CONTENT_DISPOSITION] = (
+            f"attachment; filename={download_filename}"
+        )
+        return response
+
+    @api_process
+    async def upload(self, request: web.Request):
+        """Upload a backup file."""
+        location: LOCATION_TYPE = None
+        locations: list[LOCATION_TYPE] | None = None
+        tmp_path = self.sys_config.path_tmp
+        if ATTR_LOCATION in request.query:
+            location_names: list[str] = request.query.getall(ATTR_LOCATION)
+            self._validate_cloud_backup_location(request, location_names)
+            # Convert empty string to None if necessary
+            locations = [
+                self._location_to_mount(location)
+                if _convert_local_location(location)
+                else None
+                for location in location_names
+            ]
+            location = locations.pop(0)
+
+            if location and location != LOCATION_CLOUD_BACKUP:
+                tmp_path = location.local_where
+
+        filename: str | None = None
+        if ATTR_FILENAME in request.query:
+            filename = request.query.get(ATTR_FILENAME)
+            try:
+                vol.Match(RE_BACKUP_FILENAME)(filename)
+            except vol.Invalid as ex:
+                raise APIError(humanize_error(filename, ex)) from None
+
+        with TemporaryDirectory(dir=tmp_path.as_posix()) as temp_dir:
+            tar_file = Path(temp_dir, "backup.tar")
+            reader = await request.multipart()
+            contents = await reader.next()
+            try:
+                with tar_file.open("wb") as backup:
+                    while True:
+                        chunk = await contents.read_chunk()
+                        if not chunk:
+                            break
+                        backup.write(chunk)
+
+            except OSError as err:
+                if err.errno == errno.EBADMSG and location in {
+                    LOCATION_CLOUD_BACKUP,
+                    None,
+                }:
+                    self.sys_resolution.unhealthy = UnhealthyReason.OSERROR_BAD_MESSAGE
+                _LOGGER.error("Can't write new backup file: %s", err)
+                return False
+
+            except asyncio.CancelledError:
+                return False
+
+            backup = await asyncio.shield(
+                self.sys_backups.import_backup(
+                    tar_file,
+                    filename,
+                    location=location,
+                    additional_locations=locations,
+                )
+            )
+
+        if backup:
+            return {ATTR_SLUG: backup.slug}
+        return False

supervisor/api/cli.py

@@ -0,0 +1,66 @@
+"""Init file for Supervisor HA cli RESTful API."""
+
+import asyncio
+import logging
+from typing import Any
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..const import (
+    ATTR_BLK_READ,
+    ATTR_BLK_WRITE,
+    ATTR_CPU_PERCENT,
+    ATTR_MEMORY_LIMIT,
+    ATTR_MEMORY_PERCENT,
+    ATTR_MEMORY_USAGE,
+    ATTR_NETWORK_RX,
+    ATTR_NETWORK_TX,
+    ATTR_UPDATE_AVAILABLE,
+    ATTR_VERSION,
+    ATTR_VERSION_LATEST,
+)
+from ..coresys import CoreSysAttributes
+from ..validate import version_tag
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+
+
+class APICli(CoreSysAttributes):
+    """Handle RESTful API for HA Cli functions."""
+
+    @api_process
+    async def info(self, request: web.Request) -> dict[str, Any]:
+        """Return HA cli information."""
+        return {
+            ATTR_VERSION: self.sys_plugins.cli.version,
+            ATTR_VERSION_LATEST: self.sys_plugins.cli.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.cli.need_update,
+        }
+
+    @api_process
+    async def stats(self, request: web.Request) -> dict[str, Any]:
+        """Return resource information."""
+        stats = await self.sys_plugins.cli.stats()
+
+        return {
+            ATTR_CPU_PERCENT: stats.cpu_percent,
+            ATTR_MEMORY_USAGE: stats.memory_usage,
+            ATTR_MEMORY_LIMIT: stats.memory_limit,
+            ATTR_MEMORY_PERCENT: stats.memory_percent,
+            ATTR_NETWORK_RX: stats.network_rx,
+            ATTR_NETWORK_TX: stats.network_tx,
+            ATTR_BLK_READ: stats.blk_read,
+            ATTR_BLK_WRITE: stats.blk_write,
+        }
+
+    @api_process
+    async def update(self, request: web.Request) -> None:
+        """Update HA CLI."""
+        body = await api_validate(SCHEMA_VERSION, request)
+        version = body.get(ATTR_VERSION, self.sys_plugins.cli.latest_version)
+
+        await asyncio.shield(self.sys_plugins.cli.update(version))