Fix asyncio.wait in supervisor.reload (#4333 )

* Fix asyncio.wait in supervisor.reload * Unwrap to prevent throttling across tests
Bump the frontend to efa02c30 (#4332 )
2025-09-18 09:29:34 +00:00 · 2023-06-01 18:38:42 -04:00 · 2023-06-01 16:49:30 +02:00 · 2023-05-31 14:06:18 -04:00 · 2023-05-31 11:51:52 -04:00 · 2023-05-31 10:50:28 -04:00
1930 changed files with 533880 additions and 19384 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,64 +0,0 @@
-FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.9
-
-ENV \
-    DEBIAN_FRONTEND=noninteractive \
-    VCN_VERSION=0.9.8
-
-SHELL ["/bin/bash", "-c"]
-
-WORKDIR /workspaces
-
-# Set Docker daemon config
-RUN \
-    mkdir -p /etc/docker \
-    && echo '{"storage-driver": "vfs"}' > /etc/docker/daemon.json
-
-# Install Node/Yarn for Frontent
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
-    && apt-get update \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        curl \
-        git \
-        apt-utils \
-        apt-transport-https \
-    && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        nodejs \
-        yarn \
-    && curl -o - https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
-    && rm -rf /var/lib/apt/lists/*
-ENV NVM_DIR /root/.nvm
-
-# Install docker
-# https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        apt-transport-https \
-        ca-certificates \
-        curl \
-        software-properties-common \
-        gpg-agent \
-    && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
-    && add-apt-repository "deb https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        docker-ce \
-        docker-ce-cli \
-        containerd.io \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install tools
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        jq \
-        dbus \
-        network-manager \
-        apparmor-utils \
-        libpulse0 \
-    && curl -Lo /bin/vcn https://github.com/codenotary/vcn/releases/download/${VCN_VERSION}/vcn-${VCN_VERSION}-linux-amd64-static \
-    && chmod a+x /bin/vcn \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install Python dependencies from requirements.txt if it exists
-COPY requirements.txt requirements_tests.txt ./
-RUN pip3 install -U setuptools pip \
-    && pip3 install -r requirements.txt -r requirements_tests.txt \
-    && pip3 install tox \
-    && rm -f requirements.txt requirements_tests.txt
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,19 +1,26 @@
 {
  "name": "Supervisor dev",
-  "context": "..",
-  "dockerFile": "Dockerfile",
-  "appPort": "9123:8123",
-  "postCreateCommand": "pre-commit install",
+  "image": "ghcr.io/home-assistant/devcontainer:supervisor",
+  "containerEnv": {
+    "WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
+  },
+  "appPort": ["9123:8123", "7357:4357"],
+  "postCreateCommand": "bash devcontainer_bootstrap",
  "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
-  "containerEnv": { "NVM_DIR": "/usr/local/share/nvm" },
  "extensions": [
    "ms-python.python",
    "ms-python.vscode-pylance",
    "visualstudioexptteam.vscodeintellicode",
    "esbenp.prettier-vscode"
  ],
+  "mounts": ["type=volume,target=/var/lib/docker"],
  "settings": {
-    "terminal.integrated.shell.linux": "/bin/bash",
+    "terminal.integrated.profiles.linux": {
+      "zsh": {
+        "path": "/usr/bin/zsh"
+      }
+    },
+    "terminal.integrated.defaultProfile.linux": "zsh",
    "editor.formatOnPaste": false,
    "editor.formatOnSave": true,
    "editor.formatOnType": true,
@@ -22,7 +29,7 @@
    "python.linting.pylintEnabled": true,
    "python.linting.enabled": true,
    "python.formatting.provider": "black",
-    "python.formatting.blackArgs": ["--target-version", "py39"],
+    "python.formatting.blackArgs": ["--target-version", "py310"],
    "python.formatting.blackPath": "/usr/local/bin/black",
    "python.linting.banditPath": "/usr/local/bin/bandit",
    "python.linting.flake8Path": "/usr/local/bin/flake8",
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -20,22 +20,14 @@ body:
    attributes:
      value: |
        ## Environment
-  - type: input
-    validations:
-      required: true
-    attributes:
-      label: What is the used version of the Supervisor?
-      placeholder: supervisor-
-      description: >
-        Can be found in the Supervisor panel -> System tab. Starts with
-        `supervisor-....`.
  - type: dropdown
    validations:
      required: true
    attributes:
      label: What type of installation are you running?
      description: >
-        If you don't know, you can find it in: Configuration panel -> Info.
+        If you don't know, can be found in [Settings -> System -> Repairs -> System Information](https://my.home-assistant.io/redirect/system_health/).
+        It is listed as the `Installation Type` value.
      options:
        - Home Assistant OS
        - Home Assistant Supervised
@@ -48,22 +40,6 @@ body:
        - Home Assistant Operating System
        - Debian
        - Other (e.g., Raspbian/Raspberry Pi OS/Fedora)
-  - type: input
-    validations:
-      required: true
-    attributes:
-      label: What is the version of your installed operating system?
-      placeholder: "5.11"
-      description: Can be found in the Supervisor panel -> System tab.
-  - type: input
-    validations:
-      required: true
-    attributes:
-      label: What version of Home Assistant Core is installed?
-      placeholder: core-
-      description: >
-        Can be found in the Supervisor panel -> System tab. Starts with
-        `core-....`.
  - type: markdown
    attributes:
      value: |
@@ -87,8 +63,30 @@ body:
    attributes:
      label: Anything in the Supervisor logs that might be useful for us?
      description: >
-        The Supervisor logs can be found in the Supervisor panel -> System tab.
+        Supervisor Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/)
+        then choose `Supervisor` in the top right.
+
+        [![Open your Home Assistant instance and show your Supervisor system logs.](https://my.home-assistant.io/badges/supervisor_logs.svg)](https://my.home-assistant.io/redirect/supervisor_logs/)
      render: txt
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: System Health information
+      description: >
+        System Health information can be found in the top right menu in [Settings -> System -> Repairs](https://my.home-assistant.io/redirect/repairs/).
+        Click the copy button at the bottom of the pop-up and paste it here.
+        
+        [![Open your Home Assistant instance and show health information about your system.](https://my.home-assistant.io/badges/system_health.svg)](https://my.home-assistant.io/redirect/system_health/)
+  - type: textarea
+    attributes:
+      label: Supervisor diagnostics
+      placeholder: "drag-and-drop the diagnostics data file here (do not copy-and-paste the content)"
+      description: >-
+        Supervisor diagnostics can be found in [Settings -> Integrations](https://my.home-assistant.io/redirect/integrations/).
+        Find the card that says `Home Assistant Supervisor`, open its menu and select 'Download diagnostics'.
+        
+        **Please drag-and-drop the downloaded file into the textbox below. Do not copy and paste its contents.**
  - type: textarea
    attributes:
      label: Additional information
--- a/.github/release-drafter.yml
+++ b/.github/release-drafter.yml
@@ -31,6 +31,7 @@ categories:

  - title: ":arrow_up: Dependency Updates"
    label: "dependencies"
+    collapse-after: 1

 include-labels:
  - "breaking-change"
--- a/.github/workflows/builder.yml
+++ b/.github/workflows/builder.yml
@@ -27,15 +27,19 @@ on:
    paths:
      - "rootfs/**"
      - "supervisor/**"
-      - build.json
+      - build.yaml
      - Dockerfile
      - requirements.txt
      - setup.py

 env:
+  DEFAULT_PYTHON: "3.11"
  BUILD_NAME: supervisor
  BUILD_TYPE: supervisor
-  WHEELS_TAG: 3.9-alpine3.14
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true

 jobs:
  init:
@@ -49,7 +53,7 @@ jobs:
      requirements: ${{ steps.requirements.outputs.changed }}
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2
        with:
          fetch-depth: 0

@@ -84,21 +88,29 @@ jobs:
        arch: ${{ fromJson(needs.init.outputs.architectures) }}
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2
        with:
          fetch-depth: 0

+      - name: Write env-file
+        if: needs.init.outputs.requirements == 'true'
+        run: |
+          (
+            # Fix out of memory issues with rust
+            echo "CARGO_NET_GIT_FETCH_WITH_CLI=true"
+          ) > .env_file
+
      - name: Build wheels
        if: needs.init.outputs.requirements == 'true'
-        uses: home-assistant/wheels@master
+        uses: home-assistant/wheels@2023.04.0
        with:
-          tag: ${{ env.WHEELS_TAG }}
+          abi: cp311
+          tag: musllinux_1_2
          arch: ${{ matrix.arch }}
-          wheels-host: wheels.hass.io
          wheels-key: ${{ secrets.WHEELS_KEY }}
-          wheels-user: wheels
-          apk: "build-base;libffi-dev;openssl-dev;cargo"
+          apk: "libffi-dev;openssl-dev"
          skip-binary: aiohttp
+          env-file: true
          requirements: "requirements.txt"

      - name: Set version
@@ -109,59 +121,72 @@ jobs:

      - name: Login to DockerHub
        if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v2.1.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v2.1.0
        with:
          registry: ghcr.io
-          username: ${{ secrets.GIT_USER }}
-          password: ${{ secrets.GIT_TOKEN }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set build arguments
        if: needs.init.outputs.publish == 'false'
        run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV

      - name: Build supervisor
-        uses: home-assistant/builder@2021.07.0
+        uses: home-assistant/builder@2023.03.0
        with:
          args: |
            $BUILD_ARGS \
            --${{ matrix.arch }} \
            --target /data \
-            --with-codenotary "${{ secrets.VCN_USER }}" "${{ secrets.VCN_PASSWORD }}" "${{ secrets.VCN_ORG }}" \
-            --validate-from "${{ secrets.VCN_ORG }}" \
            --generic ${{ needs.init.outputs.version }}
+        env:
+          CAS_API_KEY: ${{ secrets.CAS_TOKEN }}

  codenotary:
-    name: CodeNotary signature
+    name: CAS signature
    needs: init
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
        if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2
        with:
          fetch-depth: 0

+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        if: needs.init.outputs.publish == 'true'
+        uses: actions/setup-python@v4.6.1
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+
      - name: Set version
        if: needs.init.outputs.publish == 'true'
        uses: home-assistant/actions/helpers/version@master
        with:
          type: ${{ env.BUILD_TYPE }}

-      - name: Signing image
+      - name: Install dirhash and calc hash
+        if: needs.init.outputs.publish == 'true'
+        id: dirhash
+        run: |
+          pip3 install dirhash
+          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
+          echo "::set-output name=dirhash::${dir_hash}"
+
+      - name: Signing Source
        if: needs.init.outputs.publish == 'true'
        uses: home-assistant/actions/helpers/codenotary@master
        with:
-          source: dir://${{ github.workspace }}
-          user: ${{ secrets.VCN_USER }}
-          password: ${{ secrets.VCN_PASSWORD }}
-          organisation: ${{ secrets.VCN_ORG }}
+          source: hash://${{ steps.dirhash.outputs.dirhash }}
+          asset: supervisor-${{ needs.init.outputs.version }}
+          token: ${{ secrets.CAS_TOKEN }}

  version:
    name: Update version
@@ -170,7 +195,7 @@ jobs:
    steps:
      - name: Checkout the repository
        if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2

      - name: Initialize git
        if: needs.init.outputs.publish == 'true'
@@ -192,13 +217,14 @@ jobs:
    runs-on: ubuntu-latest
    name: Run the Supervisor
    needs: ["build", "codenotary", "init"]
+    timeout-minutes: 60
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2

      - name: Build the Supervisor
        if: needs.init.outputs.publish != 'true'
-        uses: home-assistant/builder@2021.07.0
+        uses: home-assistant/builder@2023.03.0
        with:
          args: |
            --test \
@@ -209,8 +235,8 @@ jobs:
      - name: Pull Supervisor
        if: needs.init.outputs.publish == 'true'
        run: |
-          docker pull homeassistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
-          docker tag homeassistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} homeassistant/amd64-hassio-supervisor:runner
+          docker pull ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
+          docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} homeassistant/amd64-hassio-supervisor:runner

      - name: Create the Supervisor
        run: |
@@ -218,7 +244,7 @@ jobs:
          docker create --name hassio_supervisor \
            --privileged \
            --security-opt seccomp=unconfined \
-            --security-opt apparmor:unconfined \
+            --security-opt apparmor=unconfined \
            -v /run/docker.sock:/run/docker.sock \
            -v /run/dbus:/run/dbus \
            -v /tmp/supervisor/data:/data \
@@ -240,21 +266,18 @@ jobs:
            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
            sleep 5
          done
-          docker logs hassio_supervisor

      - name: Check the Supervisor
        run: |
          echo "Checking supervisor info"
          test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
-            docker logs hassio_supervisor
+          if [ "$test" != "ok" ]; then
            exit 1
          fi

          echo "Checking supervisor network info"
          test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
-            docker logs hassio_supervisor
+          if [ "$test" != "ok" ]; then
            exit 1
          fi

@@ -262,15 +285,25 @@ jobs:
        run: |
          echo "Install Core SSH Add-on"
          test=$(docker exec hassio_cli ha addons install core_ssh --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
-            docker logs hassio_supervisor
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure it actually installed
+          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
+          if [[ "$test" == "null" ]]; then
            exit 1
          fi

          echo "Start Core SSH Add-on"
          test=$(docker exec hassio_cli ha addons start core_ssh --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
-            docker logs hassio_supervisor
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure its state is started
+          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
+          if [ "$test" != "started" ]; then
            exit 1
          fi

@@ -278,22 +311,87 @@ jobs:
        if: needs.init.outputs.publish == 'true'
        run: |
          echo "Enable Content-Trust"
-          test=$(docker exec hassio_cli ha supervisor options --content-trust=true --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
-            docker logs hassio_supervisor
+          test=$(docker exec hassio_cli ha security options --content-trust=true --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
            exit 1
          fi

          echo "Run supervisor health check"
          test=$(docker exec hassio_cli ha resolution healthcheck --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
-            docker logs hassio_supervisor
+          if [ "$test" != "ok" ]; then
            exit 1
          fi

          echo "Check supervisor unhealthy"
          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unhealthy[]')
-          if [ "$test" != "" ];then
-            docker logs hassio_supervisor
+          if [ "$test" != "" ]; then
            exit 1
          fi
+
+          echo "Check supervisor supported"
+          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unsupported[]')
+          if [[ "$test" =~ source_mods ]]; then
+            exit 1
+          fi
+
+      - name: Create full backup
+        id: backup
+        run: |
+          test=$(docker exec hassio_cli ha backups new --no-progress --raw-json)
+          if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
+            exit 1
+          fi
+          echo "::set-output name=slug::$(echo $test | jq -r '.data.slug')"
+
+      - name: Uninstall SSH add-on
+        run: |
+          test=$(docker exec hassio_cli ha addons uninstall core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Restart supervisor
+        run: |
+          test=$(docker exec hassio_cli ha supervisor restart --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Wait for Supervisor to come up
+        run: |
+          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
+          ping="error"
+          while [ "$ping" != "ok" ]; do
+            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
+            sleep 5
+          done
+
+      - name: Restore SSH add-on from backup
+        run: |
+          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --addons core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure it actually installed
+          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
+          if [[ "$test" == "null" ]]; then
+            exit 1
+          fi
+
+          # Make sure its state is started
+          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
+          if [ "$test" != "started" ]; then
+            exit 1
+          fi
+
+      - name: Restore SSL directory from backup
+        run: |
+          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --folders ssl --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Get supervisor logs on failiure
+        if: ${{ cancelled() || failure() }}
+        run: docker logs hassio_supervisor
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -8,37 +8,37 @@ on:
  pull_request: ~

 env:
-  DEFAULT_PYTHON: 3.9
+  DEFAULT_PYTHON: "3.11"
  PRE_COMMIT_HOME: ~/.cache/pre-commit
-  DEFAULT_VCN: v0.9.8
+  DEFAULT_CAS: v1.0.2
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true

 jobs:
  # Separate job to pre-populate the base dependency cache
  # This prevent upcoming jobs to do the same individually
  prepare:
    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [3.9]
-    name: Prepare Python ${{ matrix.python-version }} dependencies
+    outputs:
+      python-version: ${{ steps.python.outputs.python-version }}
+    name: Prepare Python dependencies
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python
        id: python
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v4.6.1
        with:
-          python-version: ${{ matrix.python-version }}
+          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-
      - name: Create Python virtual environment
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -48,7 +48,7 @@ jobs:
          pip install -r requirements.txt -r requirements_tests.txt
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
@@ -67,19 +67,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -96,7 +96,7 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2
      - name: Register hadolint problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/hadolint.json"
@@ -111,19 +111,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -131,7 +131,7 @@ jobs:
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
@@ -155,19 +155,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -187,19 +187,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -207,7 +207,7 @@ jobs:
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
@@ -228,19 +228,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -248,7 +248,7 @@ jobs:
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
@@ -272,19 +272,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -304,19 +304,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -324,7 +324,7 @@ jobs:
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
@@ -342,29 +342,26 @@ jobs:
  pytest:
    runs-on: ubuntu-latest
    needs: prepare
-    strategy:
-      matrix:
-        python-version: [3.9]
-    name: Run tests Python ${{ matrix.python-version }}
+    name: Run tests Python ${{ needs.prepare.outputs.python-version }}
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install VCN tools
-        uses: home-assistant/actions/helpers/vcn@master
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Install CAS tools
+        uses: home-assistant/actions/helpers/cas@master
        with:
-          vnc_version: ${{ env.DEFAULT_VCN }}
+          version: ${{ env.DEFAULT_CAS }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -373,7 +370,7 @@ jobs:
      - name: Install additional system dependencies
        run: |
          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libpulse0 libudev1
+          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus dbus-x11
      - name: Register Python problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/python.json"
@@ -395,7 +392,7 @@ jobs:
            -o console_output_style=count \
            tests
      - name: Upload coverage artifact
-        uses: actions/upload-artifact@v2.2.4
+        uses: actions/upload-artifact@v3.1.2
        with:
          name: coverage-${{ matrix.python-version }}
          path: .coverage
@@ -403,29 +400,29 @@ jobs:
  coverage:
    name: Process test coverage
    runs-on: ubuntu-latest
-    needs: pytest
+    needs: ["pytest", "prepare"]
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/checkout@v3.5.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v4.6.1
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.3.1
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Download all coverage artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
      - name: Combine coverage results
        run: |
          . venv/bin/activate
@@ -433,4 +430,4 @@ jobs:
          coverage report
          coverage xml
      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.0.3
+        uses: codecov/codecov-action@v3.1.4
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -9,12 +9,12 @@ jobs:
  lock:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v2.1.2
+      - uses: dessant/lock-threads@v4.0.0
        with:
          github-token: ${{ github.token }}
-          issue-lock-inactive-days: "30"
-          issue-exclude-created-before: "2020-10-01T00:00:00Z"
+          issue-inactive-days: "30"
+          exclude-issue-created-before: "2020-10-01T00:00:00Z"
          issue-lock-reason: ""
-          pr-lock-inactive-days: "1"
-          pr-exclude-created-before: "2020-11-01T00:00:00Z"
+          pr-inactive-days: "1"
+          exclude-pr-created-before: "2020-11-01T00:00:00Z"
          pr-lock-reason: ""
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -11,7 +11,7 @@ jobs:
    name: Release Drafter
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2
        with:
          fetch-depth: 0

@@ -36,7 +36,7 @@ jobs:
          echo "::set-output name=version::$datepre.$newpost"

      - name: Run Release Drafter
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@v5.23.0
        with:
          tag: ${{ steps.version.outputs.version }}
          name: ${{ steps.version.outputs.version }}
--- a/.github/workflows/sentry.yaml
+++ b/.github/workflows/sentry.yaml
@@ -10,9 +10,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.5.2
      - name: Sentry Release
-        uses: getsentry/action-release@v1.1.6
+        uses: getsentry/action-release@v1.4.1
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -9,10 +9,10 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@v8.0.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          days-before-stale: 60
+          days-before-stale: 30
          days-before-close: 7
          stale-issue-label: "stale"
          exempt-issue-labels: "no-stale,Help%20wanted,help-wanted,pinned,rfc,security"
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,34 +1,34 @@
 repos:
  - repo: https://github.com/psf/black
-    rev: 21.6b0
+    rev: 23.1.0
    hooks:
      - id: black
        args:
          - --safe
          - --quiet
          - --target-version
-          - py38
+          - py310
        files: ^((supervisor|tests)/.+)?[^/]+\.py$
-  - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.8.3
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.0.0
    hooks:
      - id: flake8
        additional_dependencies:
-          - flake8-docstrings==1.5.0
-          - pydocstyle==5.0.2
+          - flake8-docstrings==1.7.0
+          - pydocstyle==6.3.0
        files: ^(supervisor|script|tests)/.+\.py$
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.1.0
+    rev: v4.3.0
    hooks:
      - id: check-executables-have-shebangs
        stages: [manual]
      - id: check-json
-  - repo: https://github.com/pre-commit/mirrors-isort
-    rev: v4.3.21
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.12.0
    hooks:
      - id: isort
  - repo: https://github.com/asottile/pyupgrade
-    rev: v2.6.2
+    rev: v3.4.0
    hooks:
      - id: pyupgrade
-        args: [--py37-plus]
+        args: [--py310-plus]
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -13,6 +13,13 @@
          "remoteRoot": "/usr/src/supervisor"
        }
      ]
+    },
+    {
+      "name": "Debug Tests",
+      "type": "python",
+      "request": "test",
+      "console": "internalConsole",
+      "justMyCode": false
    }
  ]
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -4,7 +4,7 @@
    {
      "label": "Run Supervisor",
      "type": "shell",
-      "command": "./scripts/supervisor.sh",
+      "command": "supervisor_run",
      "group": {
        "kind": "test",
        "isDefault": true
@@ -32,7 +32,7 @@
    {
      "label": "Update Supervisor Panel",
      "type": "shell",
-      "command": "./scripts/update-frontend.sh",
+      "command": "LOKALISE_TOKEN='${input:localiseToken}' ./scripts/update-frontend.sh",
      "group": {
        "kind": "build",
        "isDefault": true
@@ -86,5 +86,12 @@
      },
      "problemMatcher": []
    }
+  ],
+  "inputs": [
+    {
+      "id": "localiseToken",
+      "type": "promptString",
+      "description": "Paste your lokalise token to download frontend translations"
+    }
  ]
 }
--- a/37
+++ b/37
@@ -5,18 +5,17 @@ ENV \
    S6_SERVICES_GRACETIME=10000 \
    SUPERVISOR_API=http://localhost

-ARG BUILD_ARCH
-ARG VCN_VERSION
-WORKDIR /usr/src
+ARG \
+    CAS_VERSION

 # Install base
+WORKDIR /usr/src
 RUN \
    set -x \
    && apk add --no-cache \
        eudev \
        eudev-libs \
        git \
-        glib \
        libffi \
        libpulse \
        musl \
@@ -25,36 +24,22 @@ RUN \
        build-base \
        go \
    \
-    && git clone -b v${VCN_VERSION} --depth 1 \
-        https://github.com/codenotary/vcn \
-    && cd vcn \
-    \
-    && if [ "${BUILD_ARCH}" = "armhf" ]; then \
-        GOARM=6 GOARCH=arm go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "armv7" ]; then \
-        GOARM=7 GOARCH=arm go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "aarch64" ]; then \
-        GOARCH=arm64 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "i386" ]; then \
-        GOARCH=386 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "amd64" ]; then \
-        GOARCH=amd64 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    else \
-        exit 1; \
-    fi \
-    \
-    && rm -rf /root/go /root/.cache \
-    && mv vcn /usr/bin/vcn \
+    && git clone -b "v${CAS_VERSION}" --depth 1 \
+        https://github.com/codenotary/cas \
+    && cd cas \
+    && make cas \
+    && mv cas /usr/bin/cas \
    \
    && apk del .build-dependencies \
-    && rm -rf /usr/src/vcn
+    && rm -rf /root/go /root/.cache \
+    && rm -rf /usr/src/cas

 # Install requirements
 COPY requirements.txt .
 RUN \
    export MAKEFLAGS="-j$(nproc)" \
    && pip3 install --no-cache-dir --no-index --only-binary=:all: --find-links \
-        "https://wheels.home-assistant.io/alpine-$(cut -d '.' -f 1-2 < /etc/alpine-release)/${BUILD_ARCH}/" \
+        "https://wheels.home-assistant.io/musllinux/" \
        -r ./requirements.txt \
    && rm -f requirements.txt

--- a/build.json
+++ b/build.json
@@ -1,24 +0,0 @@
-{
-  "image": "homeassistant/{arch}-hassio-supervisor",
-  "shadow_repository": "ghcr.io/home-assistant",
-  "build_from": {
-    "aarch64": "ghcr.io/home-assistant/aarch64-base-python:3.9-alpine3.14",
-    "armhf": "ghcr.io/home-assistant/armhf-base-python:3.9-alpine3.14",
-    "armv7": "ghcr.io/home-assistant/armv7-base-python:3.9-alpine3.14",
-    "amd64": "ghcr.io/home-assistant/amd64-base-python:3.9-alpine3.14",
-    "i386": "ghcr.io/home-assistant/i386-base-python:3.9-alpine3.14"
-  },
-  "args": {
-    "VCN_VERSION": "0.9.8"
-  },
-  "labels": {
-    "io.hass.type": "supervisor",
-    "org.opencontainers.image.title": "Home Assistant Supervisor",
-    "org.opencontainers.image.description": "Container-based system for managing Home Assistant Core installation",
-    "org.opencontainers.image.source": "https://github.com/home-assistant/supervisor",
-    "org.opencontainers.image.authors": "The Home Assistant Authors",
-    "org.opencontainers.image.url": "https://www.home-assistant.io/",
-    "org.opencontainers.image.documentation": "https://www.home-assistant.io/docs/",
-    "org.opencontainers.image.licenses": "Apache License 2.0"
-  }
-}
--- a/build.yaml
+++ b/build.yaml
@@ -0,0 +1,22 @@
+image: homeassistant/{arch}-hassio-supervisor
+shadow_repository: ghcr.io/home-assistant
+build_from:
+  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.11-alpine3.16
+  armhf: ghcr.io/home-assistant/armhf-base-python:3.11-alpine3.16
+  armv7: ghcr.io/home-assistant/armv7-base-python:3.11-alpine3.16
+  amd64: ghcr.io/home-assistant/amd64-base-python:3.11-alpine3.16
+  i386: ghcr.io/home-assistant/i386-base-python:3.11-alpine3.16
+codenotary:
+  signer: notary@home-assistant.io
+  base_image: notary@home-assistant.io
+args:
+  CAS_VERSION: 1.0.2
+labels:
+  io.hass.type: supervisor
+  org.opencontainers.image.title: Home Assistant Supervisor
+  org.opencontainers.image.description: Container-based system for managing Home Assistant Core installation
+  org.opencontainers.image.source: https://github.com/home-assistant/supervisor
+  org.opencontainers.image.authors: The Home Assistant Authors
+  org.opencontainers.image.url: https://www.home-assistant.io/
+  org.opencontainers.image.documentation: https://www.home-assistant.io/docs/
+  org.opencontainers.image.licenses: Apache License 2.0
--- a/2
+++ b/2
--- a/9
+++ b/9
@@ -2,7 +2,7 @@
 reports=no
 jobs=2

-good-names=id,i,j,k,ex,Run,_,fp,T
+good-names=id,i,j,k,ex,Run,_,fp,T,os

 extension-pkg-whitelist=
  ciso8601
@@ -12,24 +12,19 @@ extension-pkg-whitelist=
 # locally-disabled - it spams too much
 # duplicate-code - unavoidable
 # cyclic-import - doesn't test if both import on load
-# abstract-class-little-used - prevents from setting right foundation
 # abstract-class-not-used - is flaky, should not show up but does
 # unused-argument - generic callbacks and setup methods create a lot of warnings
-# redefined-variable-type - this is Python, we're duck typing!
 # too-many-* - are not enforced for the sake of readability
 # too-few-* - same as too-many-*
 # abstract-method - with intro of async there are always methods missing
 disable=
  format,
-  abstract-class-little-used,
  abstract-method,
  cyclic-import,
  duplicate-code,
  locally-disabled,
  no-else-return,
-  no-self-use,
  not-context-manager,
-  redefined-variable-type,
  too-few-public-methods,
  too-many-arguments,
  too-many-branches,
@@ -43,7 +38,7 @@ disable=
  consider-using-with

 [EXCEPTIONS]
-overgeneral-exceptions=Exception
+overgeneral-exceptions=builtins.Exception


 [TYPECHECK]
--- a/pytest.ini
+++ b/pytest.ini
@@ -0,0 +1,2 @@
+[pytest]
+asyncio_mode = auto
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,20 +1,26 @@
-aiohttp==3.7.4.post0
-async_timeout==3.0.1
-atomicwrites==1.4.0
-attrs==21.2.0
-awesomeversion==21.8.0
-brotlipy==0.7.0
-cchardet==2.1.7
-ciso8601==2.2.0
-colorlog==6.4.1
+aiodns==3.0.0
+aiohttp==3.8.4
+async_timeout==4.0.2
+atomicwrites-homeassistant==1.4.1
+attrs==23.1.0
+awesomeversion==23.5.0
+brotli==1.0.9
+ciso8601==2.3.0
+colorlog==6.7.0
 cpe==1.2.1
-cryptography==3.4.6
-debugpy==1.4.1
-docker==5.0.0
-gitpython==3.1.18
-jinja2==3.0.1
-pulsectl==21.5.18
-pyudev==0.22.0
-ruamel.yaml==0.15.100
-sentry-sdk==1.3.1
-voluptuous==0.12.1
+cryptography==41.0.0
+debugpy==1.6.7
+deepmerge==1.1.0
+dirhash==0.2.1
+docker==6.1.2
+faust-cchardet==2.1.18
+gitpython==3.1.31
+jinja2==3.1.2
+pulsectl==23.5.2
+pyudev==0.24.1
+ruamel.yaml==0.17.21
+securetar==2023.3.0
+sentry-sdk==1.24.0
+voluptuous==0.13.1
+dbus-fast==1.86.0
+typing_extensions==4.6.2
--- a/requirements_tests.txt
+++ b/requirements_tests.txt
@@ -1,14 +1,16 @@
-black==21.7b0
-codecov==2.1.12
-coverage==5.5
-flake8-docstrings==1.6.0
-flake8==3.9.2
-pre-commit==2.14.0
-pydocstyle==6.1.1
-pylint==2.10.2
-pytest-aiohttp==0.3.0
-pytest-asyncio==0.12.0 # NB!: Versions over 0.12.0 breaks pytest-aiohttp (https://github.com/aio-libs/pytest-aiohttp/issues/16)
-pytest-cov==2.12.1
-pytest-timeout==1.4.2
-pytest==6.2.4
-pyupgrade==2.24.0
+black==23.3.0
+coverage==7.2.7
+flake8-docstrings==1.7.0
+flake8==6.0.0
+pre-commit==3.3.2
+pydocstyle==6.3.0
+pylint==2.17.4
+pytest-aiohttp==1.0.4
+pytest-asyncio==0.18.3
+pytest-cov==4.1.0
+pytest-timeout==2.1.0
+pytest==7.3.1
+pyupgrade==3.4.0
+time-machine==2.9.0
+typing_extensions==4.6.2
+urllib3==1.26.15
--- a/rootfs/etc/cont-init.d/udev.sh
+++ b/rootfs/etc/cont-init.d/udev.sh
--- a/rootfs/etc/services.d/supervisor/finish
+++ b/rootfs/etc/services.d/supervisor/finish
@@ -1,8 +1,11 @@
-#!/usr/bin/execlineb -S1
+#!/usr/bin/env bashio
 # ==============================================================================
 # Take down the S6 supervision tree when Supervisor fails
 # ==============================================================================
-if { s6-test ${1} -ne 100 }
-if { s6-test ${1} -ne 256 }

-redirfd -w 2 /dev/null s6-svscanctl -t /var/run/s6/services
+if [[ "$1" -ne 100 ]] && [[ "$1" -ne 256 ]]; then
+  bashio::log.warning "Halt Supervisor"
+  /run/s6/basedir/bin/halt
+fi
+
+bashio::log.info "Supervisor restart after closing"
--- a/rootfs/etc/services.d/supervisor/run
+++ b/rootfs/etc/services.d/supervisor/run
@@ -3,5 +3,6 @@
 # Start Supervisor service
 # ==============================================================================
 export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
+export MALLOC_CONF="background_thread:true,metadata_thp:auto"

 exec python3 -m supervisor
--- a/rootfs/etc/services.d/watchdog/finish
+++ b/rootfs/etc/services.d/watchdog/finish
@@ -1,8 +1,11 @@
-#!/usr/bin/execlineb -S1
+#!/usr/bin/env bashio
 # ==============================================================================
 # Take down the S6 supervision tree when Watchdog fails
 # ==============================================================================
-if { s6-test ${1} -ne 0 }
-if { s6-test ${1} -ne 256 }

-s6-svscanctl -t /var/run/s6/services
+if [[ "$1" -ne 0 ]] && [[ "$1" -ne 256 ]]; then
+  bashio::log.warning "Halt Supervisor (Wuff)"
+  /run/s6/basedir/bin/halt
+fi
+
+bashio::log.info "Watchdog restart after closing"
--- a/rootfs/etc/services.d/watchdog/run
+++ b/rootfs/etc/services.d/watchdog/run
@@ -31,4 +31,4 @@ do

 done

-basio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"
+bashio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"
--- a/rootfs/root/.cas-trusted-signing-pub-key
+++ b/rootfs/root/.cas-trusted-signing-pub-key
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE03LvYuz79GTJx4uKp3w6NrSe5JZI
+iBtgzzYi0YQYtZO/r+xFpgDJEa0gLHkXtl94fpqrFiN89In83lzaszbZtA==
+-----END PUBLIC KEY-----
--- a/rootfs/root/.cas/config.json
+++ b/rootfs/root/.cas/config.json
@@ -0,0 +1,8 @@
+{
+  "currentcontext": {
+    "LcHost": "cas.codenotary.com",
+    "LcPort": "443"
+  },
+  "schemaversion": 3,
+  "users": null
+}
--- a/scripts/common.sh
+++ b/scripts/common.sh
@@ -1,61 +0,0 @@
-#!/bin/bash
-
-function start_docker() {
-    local starttime
-    local endtime
-
-    update-alternatives --set iptables /usr/sbin/iptables-legacy || echo "Fails adjust iptables"
-    update-alternatives --set ip6tables /usr/sbin/iptables-legacy || echo "Fails adjust ip6tables"
-
-    echo "Starting docker."
-    dockerd 2> /dev/null &
-    DOCKER_PID=$!
-
-    echo "Waiting for docker to initialize..."
-    starttime="$(date +%s)"
-    endtime="$(date +%s)"
-    until docker info >/dev/null 2>&1; do
-        if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
-            sleep 1
-            endtime=$(date +%s)
-        else
-            echo "Timeout while waiting for docker to come up"
-            exit 1
-        fi
-    done
-    echo "Docker was initialized"
-}
-
-function stop_docker() {
-    local starttime
-    local endtime
-
-    echo "Stopping in container docker..."
-    if [ "$DOCKER_PID" -gt 0 ] && kill -0 "$DOCKER_PID" 2> /dev/null; then
-        starttime="$(date +%s)"
-        endtime="$(date +%s)"
-
-        # Now wait for it to die
-        kill "$DOCKER_PID"
-        while kill -0 "$DOCKER_PID" 2> /dev/null; do
-            if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
-                sleep 1
-                endtime=$(date +%s)
-            else
-                echo "Timeout while waiting for container docker to die"
-                exit 1
-            fi
-        done
-    else
-        echo "Your host might have been left with unreleased resources"
-    fi
-}
-
-function cleanup_lastboot() {
-    if [[ -f /workspaces/test_supervisor/config.json ]]; then
-        echo "Cleaning up last boot"
-        cp /workspaces/test_supervisor/config.json /tmp/config.json
-        jq -rM 'del(.last_boot)' /tmp/config.json > /workspaces/test_supervisor/config.json
-        rm /tmp/config.json
-    fi
-}
--- a/scripts/supervisor.sh
+++ b/scripts/supervisor.sh
@@ -1,133 +0,0 @@
-#!/bin/bash
-source "${BASH_SOURCE[0]%/*}/common.sh"
-
-set -eE
-
-DOCKER_TIMEOUT=30
-DOCKER_PID=0
-
-function build_supervisor() {
-    docker pull homeassistant/amd64-builder:dev
-
-    docker run --rm \
-        --privileged \
-        -v /run/docker.sock:/run/docker.sock \
-        -v "$(pwd):/data" \
-        homeassistant/amd64-builder:dev \
-            --generic latest \
-            --target /data \
-            --test \
-            --amd64 \
-            --no-cache
-}
-
-
-function cleanup_docker() {
-    echo "Cleaning up stopped containers..."
-    docker rm $(docker ps -a -q) || true
-}
-
-
-function run_supervisor() {
-    mkdir -p /workspaces/test_supervisor
-
-    echo "Start Supervisor"
-    docker run --rm --privileged \
-        --name hassio_supervisor \
-        --privileged \
-        --security-opt seccomp=unconfined \
-        --security-opt apparmor:unconfined \
-        -v /run/docker.sock:/run/docker.sock:rw \
-        -v /run/dbus:/run/dbus:ro \
-        -v /run/udev:/run/udev:ro \
-        -v "/workspaces/test_supervisor":/data:rw \
-        -v /etc/machine-id:/etc/machine-id:ro \
-        -v /workspaces/supervisor:/usr/src/supervisor \
-        -e SUPERVISOR_SHARE="/workspaces/test_supervisor" \
-        -e SUPERVISOR_NAME=hassio_supervisor \
-        -e SUPERVISOR_DEV=1 \
-        -e SUPERVISOR_MACHINE="qemux86-64" \
-        homeassistant/amd64-hassio-supervisor:latest
-
-}
-
-
-function init_dbus() {
-    if pgrep dbus-daemon; then
-        echo "Dbus is running"
-        return 0
-    fi
-
-    echo "Startup dbus"
-    mkdir -p /var/lib/dbus
-    cp -f /etc/machine-id /var/lib/dbus/machine-id
-
-    # cleanups
-    mkdir -p /run/dbus
-    rm -f /run/dbus/pid
-
-    # run
-    dbus-daemon --system --print-address
-}
-
-
-function init_udev() {
-    if pgrep systemd-udevd; then
-        echo "udev is running"
-        return 0
-    fi
-
-    echo "Startup udev"
-
-    # cleanups
-    mkdir -p /run/udev
-
-    # run
-    /lib/systemd/systemd-udevd --daemon
-    sleep 3
-    udevadm trigger && udevadm settle
-}
-
-function init_os-agent() {
-    if pgrep os-agent; then
-        echo "os-agent is running"
-        return 0
-    fi
-
-    if [ ! -f /usr/sbin/os-agent ]; then
-        curl -Lo /usr/sbin/os-agent https://github.com/home-assistant/os-agent/releases/latest/download/os-agent-debian-amd64.bin
-        curl -Lo /etc/dbus-1/system.d/io.hass.conf https://raw.githubusercontent.com/home-assistant/os-agent/main/contrib/io.hass.conf
-        chmod a+x /usr/sbin/os-agent
-    fi
-
-    /usr/sbin/os-agent &
-}
-
-echo "Run Supervisor"
-
-start_docker
-trap "stop_docker" ERR
-
-
-if [ "$( docker container inspect -f '{{.State.Status}}' hassio_supervisor )" == "running" ]; then
-    echo "Restarting Supervisor"
-    docker rm -f hassio_supervisor
-    init_dbus
-    init_udev
-    init_os-agent
-    cleanup_lastboot
-    run_supervisor
-    stop_docker
-
-else
-    echo "Starting Supervisor"
-    docker system prune -f
-    build_supervisor
-    cleanup_lastboot
-    cleanup_docker
-    init_dbus
-    init_udev
-    init_os-agent
-    run_supervisor
-    stop_docker
-fi
--- a/scripts/update-frontend.sh
+++ b/scripts/update-frontend.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
+source "/etc/supervisor_scripts/common"
+
 set -e

 # Update frontend
@@ -9,6 +11,10 @@ cd home-assistant-polymer
 nvm install
 script/bootstrap

+# Download translations
+start_docker
+./script/translations_download
+
 # build frontend
 cd hassio
 ./script/build_hassio
@@ -16,3 +22,9 @@ cd hassio
 # Copy frontend
 rm -rf ../../supervisor/api/panel/*
 cp -rf build/* ../../supervisor/api/panel/
+
+# Reset frontend git
+cd ..
+git reset --hard HEAD
+
+stop_docker
--- a/setup.cfg
+++ b/setup.cfg
@@ -4,9 +4,8 @@ include_trailing_comma=True
 force_grid_wrap=0
 line_length=88
 indent = "    "
-not_skip = __init__.py
 force_sort_within_sections = true
-sections = FUTURE,STDLIB,INBETWEENS,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
+sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
 default_section = THIRDPARTY
 forced_separate = tests
 combine_as_imports = true
@@ -28,3 +27,5 @@ ignore =
    E203,
    D202,
    W504
+per-file-ignores =
+    tests/dbus_service_mocks/*.py: F821,F722
--- a/setup.py
+++ b/setup.py
@@ -35,7 +35,7 @@ setup(
        "supervisor.api",
        "supervisor.backups",
        "supervisor.dbus.network",
-        "supervisor.dbus.payloads",
+        "supervisor.dbus.network.setting",
        "supervisor.dbus",
        "supervisor.discovery.services",
        "supervisor.discovery",
@@ -49,6 +49,7 @@ setup(
        "supervisor.resolution.evaluations",
        "supervisor.resolution.fixups",
        "supervisor.resolution",
+        "supervisor.security",
        "supervisor.services.modules",
        "supervisor.services",
        "supervisor.store",
--- a/supervisor/main.py
+++ b/supervisor/main.py
@@ -28,7 +28,8 @@ if __name__ == "__main__":
    bootstrap.initialize_logging()

    # Init async event loop
-    loop = asyncio.get_event_loop()
+    loop = asyncio.new_event_loop()
+    asyncio.set_event_loop(loop)

    # Check if all information are available to setup Supervisor
    bootstrap.check_environment()
@@ -39,6 +40,7 @@ if __name__ == "__main__":

    _LOGGER.info("Initializing Supervisor setup")
    coresys = loop.run_until_complete(bootstrap.initialize_coresys())
+    loop.set_debug(coresys.config.debug)
    loop.run_until_complete(coresys.core.connect())

    bootstrap.supervisor_debugger(coresys)
--- a/supervisor/addons/init.py
+++ b/supervisor/addons/init.py
@@ -3,7 +3,7 @@ import asyncio
 from contextlib import suppress
 import logging
 import tarfile
-from typing import Dict, List, Optional, Union
+from typing import Union

 from ..const import AddonBoot, AddonStartup, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
@@ -23,7 +23,9 @@ from ..jobs.decorator import Job, JobCondition
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
 from ..utils import check_exception_chain
+from ..utils.sentry import capture_exception
 from .addon import Addon
+from .const import ADDON_UPDATE_CONDITIONS
 from .data import AddonsData

 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -38,21 +40,21 @@ class AddonManager(CoreSysAttributes):
        """Initialize Docker base wrapper."""
        self.coresys: CoreSys = coresys
        self.data: AddonsData = AddonsData(coresys)
-        self.local: Dict[str, Addon] = {}
-        self.store: Dict[str, AddonStore] = {}
+        self.local: dict[str, Addon] = {}
+        self.store: dict[str, AddonStore] = {}

    @property
-    def all(self) -> List[AnyAddon]:
+    def all(self) -> list[AnyAddon]:
        """Return a list of all add-ons."""
-        addons: Dict[str, AnyAddon] = {**self.store, **self.local}
+        addons: dict[str, AnyAddon] = {**self.store, **self.local}
        return list(addons.values())

    @property
-    def installed(self) -> List[Addon]:
+    def installed(self) -> list[Addon]:
        """Return a list of all installed add-ons."""
        return list(self.local.values())

-    def get(self, addon_slug: str, local_only: bool = False) -> Optional[AnyAddon]:
+    def get(self, addon_slug: str, local_only: bool = False) -> AnyAddon | None:
        """Return an add-on from slug.

        Prio:
@@ -65,7 +67,7 @@ class AddonManager(CoreSysAttributes):
            return self.store.get(addon_slug)
        return None

-    def from_token(self, token: str) -> Optional[Addon]:
+    def from_token(self, token: str) -> Addon | None:
        """Return an add-on from Supervisor token."""
        for addon in self.installed:
            if token == addon.supervisor_token:
@@ -77,7 +79,7 @@ class AddonManager(CoreSysAttributes):
        tasks = []
        for slug in self.data.system:
            addon = self.local[slug] = Addon(self.coresys, slug)
-            tasks.append(addon.load())
+            tasks.append(self.sys_create_task(addon.load()))

        # Run initial tasks
        _LOGGER.info("Found %d installed add-ons", len(tasks))
@@ -89,7 +91,7 @@ class AddonManager(CoreSysAttributes):

    async def boot(self, stage: AddonStartup) -> None:
        """Boot add-ons with mode auto."""
-        tasks: List[Addon] = []
+        tasks: list[Addon] = []
        for addon in self.installed:
            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
                continue
@@ -113,7 +115,7 @@ class AddonManager(CoreSysAttributes):
                    addon.boot = AddonBoot.MANUAL
                    addon.save_persist()
            except Exception as err:  # pylint: disable=broad-except
-                self.sys_capture_exception(err)
+                capture_exception(err)
            else:
                continue

@@ -123,7 +125,7 @@ class AddonManager(CoreSysAttributes):

    async def shutdown(self, stage: AddonStartup) -> None:
        """Shutdown addons."""
-        tasks: List[Addon] = []
+        tasks: list[Addon] = []
        for addon in self.installed:
            if addon.state != AddonState.STARTED or addon.startup != stage:
                continue
@@ -141,14 +143,10 @@ class AddonManager(CoreSysAttributes):
                await addon.stop()
            except Exception as err:  # pylint: disable=broad-except
                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
-                self.sys_capture_exception(err)
+                capture_exception(err)

    @Job(
-        conditions=[
-            JobCondition.FREE_SPACE,
-            JobCondition.INTERNET_HOST,
-            JobCondition.HEALTHY,
-        ],
+        conditions=ADDON_UPDATE_CONDITIONS,
        on_condition=AddonsJobError,
    )
    async def install(self, slug: str) -> None:
@@ -158,15 +156,13 @@ class AddonManager(CoreSysAttributes):
        store = self.store.get(slug)

        if not store:
-            raise AddonsError(f"Add-on {slug} not exists", _LOGGER.error)
+            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)

-        if not store.available:
-            raise AddonsNotSupportedError(
-                f"Add-on {slug} not supported on that platform", _LOGGER.error
-            )
+        store.validate_availability()

        self.data.install(store)
        addon = Addon(self.coresys, slug)
+        await addon.load()

        if not addon.path_data.is_dir():
            _LOGGER.info(
@@ -178,12 +174,12 @@ class AddonManager(CoreSysAttributes):
        await addon.install_apparmor()

        try:
-            await addon.instance.install(store.version, store.image)
+            await addon.instance.install(store.version, store.image, arch=addon.arch)
        except DockerError as err:
            self.data.uninstall(addon)
            raise AddonsError() from err
-        else:
-            self.local[slug] = addon
+
+        self.local[slug] = addon

        # Reload ingress tokens
        if addon.with_ingress:
@@ -202,10 +198,10 @@ class AddonManager(CoreSysAttributes):
            await addon.instance.remove()
        except DockerError as err:
            raise AddonsError() from err
-        else:
-            addon.state = AddonState.UNKNOWN

-        await addon.remove_data()
+        addon.state = AddonState.UNKNOWN
+
+        await addon.unload()

        # Cleanup audio settings
        if addon.path_pulse.exists():
@@ -245,14 +241,10 @@ class AddonManager(CoreSysAttributes):
        _LOGGER.info("Add-on '%s' successfully removed", slug)

    @Job(
-        conditions=[
-            JobCondition.FREE_SPACE,
-            JobCondition.INTERNET_HOST,
-            JobCondition.HEALTHY,
-        ],
+        conditions=ADDON_UPDATE_CONDITIONS,
        on_condition=AddonsJobError,
    )
-    async def update(self, slug: str) -> None:
+    async def update(self, slug: str, backup: bool | None = False) -> None:
        """Update add-on."""
        if slug not in self.local:
            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
@@ -268,9 +260,13 @@ class AddonManager(CoreSysAttributes):
            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)

        # Check if available, Maybe something have changed
-        if not store.available:
-            raise AddonsNotSupportedError(
-                f"Add-on {slug} not supported on that platform", _LOGGER.error
+        store.validate_availability()
+
+        if backup:
+            await self.sys_backups.do_backup_partial(
+                name=f"addon_{addon.slug}_{addon.version}",
+                homeassistant=False,
+                addons=[addon.slug],
            )

        # Update instance
@@ -306,22 +302,24 @@ class AddonManager(CoreSysAttributes):
    async def rebuild(self, slug: str) -> None:
        """Perform a rebuild of local build add-on."""
        if slug not in self.local:
-            _LOGGER.error("Add-on %s is not installed", slug)
-            raise AddonsError()
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
        addon = self.local[slug]

        if addon.is_detached:
-            _LOGGER.error("Add-on %s is not available inside store", slug)
-            raise AddonsError()
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
        store = self.store[slug]

        # Check if a rebuild is possible now
        if addon.version != store.version:
-            _LOGGER.error("Version changed, use Update instead Rebuild")
-            raise AddonsError()
+            raise AddonsError(
+                "Version changed, use Update instead Rebuild", _LOGGER.error
+            )
        if not addon.need_build:
-            _LOGGER.error("Can't rebuild a image based add-on")
-            raise AddonsNotSupportedError()
+            raise AddonsNotSupportedError(
+                "Can't rebuild a image based add-on", _LOGGER.error
+            )

        # remove docker container but not addon config
        last_state: AddonState = addon.state
@@ -330,9 +328,9 @@ class AddonManager(CoreSysAttributes):
            await addon.instance.install(addon.version)
        except DockerError as err:
            raise AddonsError() from err
-        else:
-            self.data.update(store)
-            _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
+
+        self.data.update(store)
+        _LOGGER.info("Add-on '%s' successfully rebuilt", slug)

        # restore state
        if last_state == AddonState.STARTED:
@@ -371,7 +369,7 @@ class AddonManager(CoreSysAttributes):
    @Job(conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST])
    async def repair(self) -> None:
        """Repair local add-ons."""
-        needs_repair: List[Addon] = []
+        needs_repair: list[Addon] = []

        # Evaluate Add-ons to repair
        for addon in self.installed:
@@ -418,7 +416,7 @@ class AddonManager(CoreSysAttributes):
                    reference=addon.slug,
                    suggestions=[SuggestionType.EXECUTE_REPAIR],
                )
-                self.sys_capture_exception(err)
+                capture_exception(err)
            else:
                self.sys_plugins.dns.add_host(
                    ipv4=addon.ip_address, names=[addon.hostname], write=False
--- a/supervisor/addons/addon.py
+++ b/supervisor/addons/addon.py
@@ -1,5 +1,6 @@
 """Init file for Supervisor add-ons."""
 import asyncio
+from collections.abc import Awaitable
 from contextlib import suppress
 from copy import deepcopy
 from ipaddress import IPv4Address
@@ -10,12 +11,15 @@ import secrets
 import shutil
 import tarfile
 from tempfile import TemporaryDirectory
-from typing import Any, Awaitable, Dict, List, Optional, Set
+from typing import Any, Final

 import aiohttp
+from deepmerge import Merger
+from securetar import atomic_contents_add, secure_path
 import voluptuous as vol
 from voluptuous.humanize import humanize_error

+from ..bus import EventListener
 from ..const import (
    ATTR_ACCESS_TOKEN,
    ATTR_AUDIO_INPUT,
@@ -46,26 +50,37 @@ from ..const import (
    AddonBoot,
    AddonStartup,
    AddonState,
+    BusEvent,
 )
 from ..coresys import CoreSys
 from ..docker.addon import DockerAddon
+from ..docker.const import ContainerState
+from ..docker.monitor import DockerContainerStateEvent
 from ..docker.stats import DockerStats
 from ..exceptions import (
    AddonConfigurationError,
    AddonsError,
+    AddonsJobError,
    AddonsNotSupportedError,
    ConfigurationFileError,
    DockerError,
-    DockerRequestError,
    HostAppArmorError,
 )
 from ..hardware.data import Device
 from ..homeassistant.const import WSEvent, WSType
+from ..jobs.const import JobExecutionLimit
+from ..jobs.decorator import Job
 from ..utils import check_port
 from ..utils.apparmor import adjust_profile
 from ..utils.json import read_json_file, write_json_file
-from ..utils.tar import atomic_contents_add, secure_path
-from .const import AddonBackupMode
+from ..utils.sentry import capture_exception
+from .const import (
+    WATCHDOG_MAX_ATTEMPTS,
+    WATCHDOG_RETRY_SECONDS,
+    WATCHDOG_THROTTLE_MAX_CALLS,
+    WATCHDOG_THROTTLE_PERIOD,
+    AddonBackupMode,
+)
 from .model import AddonModel, Data
 from .options import AddonOptions
 from .utils import remove_data
@@ -83,10 +98,14 @@ RE_WATCHDOG = re.compile(
    r":\/\/\[HOST\]:(?:\[PORT:)?(?P<t_port>\d+)\]?(?P<s_suffix>.*)$"
 )

-RE_OLD_AUDIO = re.compile(r"\d+,\d+")
-
 WATCHDOG_TIMEOUT = aiohttp.ClientTimeout(total=10)

+_OPTIONS_MERGER: Final = Merger(
+    type_strategies=[(dict, ["merge"])],
+    fallback_strategies=["override"],
+    type_conflict_strategies=["override"],
+)
+

 class Addon(AddonModel):
    """Hold data for add-on inside Supervisor."""
@@ -96,6 +115,58 @@ class Addon(AddonModel):
        super().__init__(coresys, slug)
        self.instance: DockerAddon = DockerAddon(coresys, self)
        self._state: AddonState = AddonState.UNKNOWN
+        self._manual_stop: bool = (
+            self.sys_hardware.helper.last_boot != self.sys_config.last_boot
+        )
+        self._listeners: list[EventListener] = []
+
+        @Job(
+            name=f"addon_{slug}_restart_after_problem",
+            limit=JobExecutionLimit.THROTTLE_RATE_LIMIT,
+            throttle_period=WATCHDOG_THROTTLE_PERIOD,
+            throttle_max_calls=WATCHDOG_THROTTLE_MAX_CALLS,
+            on_condition=AddonsJobError,
+        )
+        async def restart_after_problem(addon: Addon, state: ContainerState):
+            """Restart unhealthy or failed addon."""
+            attempts = 0
+            while await addon.instance.current_state() == state:
+                if not addon.in_progress:
+                    _LOGGER.warning(
+                        "Watchdog found addon %s is %s, restarting...",
+                        addon.name,
+                        state.value,
+                    )
+                    try:
+                        if state == ContainerState.FAILED:
+                            # Ensure failed container is removed before attempting reanimation
+                            if attempts == 0:
+                                with suppress(DockerError):
+                                    await addon.instance.stop(remove_container=True)
+
+                            await addon.start()
+                        else:
+                            await addon.restart()
+                    except AddonsError as err:
+                        attempts = attempts + 1
+                        _LOGGER.error(
+                            "Watchdog restart of addon %s failed!", addon.name
+                        )
+                        capture_exception(err)
+                    else:
+                        break
+
+                if attempts >= WATCHDOG_MAX_ATTEMPTS:
+                    _LOGGER.critical(
+                        "Watchdog cannot restart addon %s, failed all %s attempts",
+                        addon.name,
+                        attempts,
+                    )
+                    break
+
+                await asyncio.sleep(WATCHDOG_RETRY_SECONDS)
+
+        self._restart_after_problem = restart_after_problem

    def __repr__(self) -> str:
        """Return internal representation."""
@@ -112,7 +183,7 @@ class Addon(AddonModel):
        if self._state == new_state:
            return
        self._state = new_state
-        self.sys_homeassistant.websocket.send_command(
+        self.sys_homeassistant.websocket.send_message(
            {
                ATTR_TYPE: WSType.SUPERVISOR_EVENT,
                ATTR_DATA: {
@@ -130,15 +201,20 @@ class Addon(AddonModel):

    async def load(self) -> None:
        """Async initialize of object."""
+        self._listeners.append(
+            self.sys_bus.register_event(
+                BusEvent.DOCKER_CONTAINER_STATE_CHANGE, self.container_state_changed
+            )
+        )
+        self._listeners.append(
+            self.sys_bus.register_event(
+                BusEvent.DOCKER_CONTAINER_STATE_CHANGE, self.watchdog_container
+            )
+        )
+
        with suppress(DockerError):
            await self.instance.attach(version=self.version)

-            # Evaluate state
-            if await self.instance.is_running():
-                self.state = AddonState.STARTED
-            else:
-                self.state = AddonState.STOPPED
-
    @property
    def ip_address(self) -> IPv4Address:
        """Return IP of add-on instance."""
@@ -175,7 +251,7 @@ class Addon(AddonModel):
        return self._available(self.data_store)

    @property
-    def version(self) -> Optional[str]:
+    def version(self) -> str | None:
        """Return installed version."""
        return self.persist[ATTR_VERSION]

@@ -187,17 +263,19 @@ class Addon(AddonModel):
        return self.version != self.latest_version

    @property
-    def dns(self) -> List[str]:
+    def dns(self) -> list[str]:
        """Return list of DNS name for that add-on."""
        return [f"{self.hostname}.{DNS_SUFFIX}"]

    @property
-    def options(self) -> Dict[str, Any]:
+    def options(self) -> dict[str, Any]:
        """Return options with local changes."""
-        return {**self.data[ATTR_OPTIONS], **self.persist[ATTR_OPTIONS]}
+        return _OPTIONS_MERGER.merge(
+            deepcopy(self.data[ATTR_OPTIONS]), deepcopy(self.persist[ATTR_OPTIONS])
+        )

    @options.setter
-    def options(self, value: Optional[Dict[str, Any]]) -> None:
+    def options(self, value: dict[str, Any] | None) -> None:
        """Store user add-on options."""
        self.persist[ATTR_OPTIONS] = {} if value is None else deepcopy(value)

@@ -242,17 +320,17 @@ class Addon(AddonModel):
        return self.persist[ATTR_UUID]

    @property
-    def supervisor_token(self) -> Optional[str]:
+    def supervisor_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return self.persist.get(ATTR_ACCESS_TOKEN)

    @property
-    def ingress_token(self) -> Optional[str]:
+    def ingress_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return self.persist.get(ATTR_INGRESS_TOKEN)

    @property
-    def ingress_entry(self) -> Optional[str]:
+    def ingress_entry(self) -> str | None:
        """Return ingress external URL."""
        if self.with_ingress:
            return f"/api/hassio_ingress/{self.ingress_token}"
@@ -274,12 +352,12 @@ class Addon(AddonModel):
        self.persist[ATTR_PROTECTED] = value

    @property
-    def ports(self) -> Optional[Dict[str, Optional[int]]]:
+    def ports(self) -> dict[str, int | None] | None:
        """Return ports of add-on."""
        return self.persist.get(ATTR_NETWORK, super().ports)

    @ports.setter
-    def ports(self, value: Optional[Dict[str, Optional[int]]]) -> None:
+    def ports(self, value: dict[str, int | None] | None) -> None:
        """Set custom ports of add-on."""
        if value is None:
            self.persist.pop(ATTR_NETWORK, None)
@@ -294,7 +372,7 @@ class Addon(AddonModel):
        self.persist[ATTR_NETWORK] = new_ports

    @property
-    def ingress_url(self) -> Optional[str]:
+    def ingress_url(self) -> str | None:
        """Return URL to ingress url."""
        if not self.with_ingress:
            return None
@@ -305,7 +383,7 @@ class Addon(AddonModel):
        return url

    @property
-    def webui(self) -> Optional[str]:
+    def webui(self) -> str | None:
        """Return URL to webui or None."""
        url = super().webui
        if not url:
@@ -333,7 +411,7 @@ class Addon(AddonModel):
        return f"{proto}://[HOST]:{port}{s_suffix}"

    @property
-    def ingress_port(self) -> Optional[int]:
+    def ingress_port(self) -> int | None:
        """Return Ingress port."""
        if not self.with_ingress:
            return None
@@ -344,8 +422,11 @@ class Addon(AddonModel):
        return port

    @property
-    def ingress_panel(self) -> Optional[bool]:
+    def ingress_panel(self) -> bool | None:
        """Return True if the add-on access support ingress."""
+        if not self.with_ingress:
+            return None
+
        return self.persist[ATTR_INGRESS_PANEL]

    @ingress_panel.setter
@@ -354,43 +435,32 @@ class Addon(AddonModel):
        self.persist[ATTR_INGRESS_PANEL] = value

    @property
-    def audio_output(self) -> Optional[str]:
+    def audio_output(self) -> str | None:
        """Return a pulse profile for output or None."""
        if not self.with_audio:
            return None
-
-        # Fallback with old audio settings
-        # Remove after 210
-        output_data = self.persist.get(ATTR_AUDIO_OUTPUT)
-        if output_data and RE_OLD_AUDIO.fullmatch(output_data):
-            return None
-        return output_data
+        return self.persist.get(ATTR_AUDIO_OUTPUT)

    @audio_output.setter
-    def audio_output(self, value: Optional[str]):
+    def audio_output(self, value: str | None):
        """Set audio output profile settings."""
        self.persist[ATTR_AUDIO_OUTPUT] = value

    @property
-    def audio_input(self) -> Optional[str]:
+    def audio_input(self) -> str | None:
        """Return pulse profile for input or None."""
        if not self.with_audio:
            return None

-        # Fallback with old audio settings
-        # Remove after 210
-        input_data = self.persist.get(ATTR_AUDIO_INPUT)
-        if input_data and RE_OLD_AUDIO.fullmatch(input_data):
-            return None
-        return input_data
+        return self.persist.get(ATTR_AUDIO_INPUT)

    @audio_input.setter
-    def audio_input(self, value: Optional[str]) -> None:
+    def audio_input(self, value: str | None) -> None:
        """Set audio input settings."""
        self.persist[ATTR_AUDIO_INPUT] = value

    @property
-    def image(self) -> Optional[str]:
+    def image(self) -> str | None:
        """Return image name of add-on."""
        return self.persist.get(ATTR_IMAGE)

@@ -399,6 +469,11 @@ class Addon(AddonModel):
        """Return True if this  add-on need a local build."""
        return ATTR_IMAGE not in self.data

+    @property
+    def latest_need_build(self) -> bool:
+        """Return True if the latest version of the addon needs a local build."""
+        return ATTR_IMAGE not in self.data_store
+
    @property
    def path_data(self) -> Path:
        """Return add-on data path inside Supervisor."""
@@ -425,7 +500,7 @@ class Addon(AddonModel):
        return Path(self.sys_config.path_extern_tmp, f"{self.slug}_pulse")

    @property
-    def devices(self) -> Set[Device]:
+    def devices(self) -> set[Device]:
        """Extract devices from add-on options."""
        options_schema = self.schema
        with suppress(vol.Invalid):
@@ -434,7 +509,7 @@ class Addon(AddonModel):
        return options_schema.devices

    @property
-    def pwned(self) -> Set[str]:
+    def pwned(self) -> set[str]:
        """Extract pwned data for add-on options."""
        options_schema = self.schema
        with suppress(vol.Invalid):
@@ -442,6 +517,11 @@ class Addon(AddonModel):

        return options_schema.pwned

+    @property
+    def loaded(self) -> bool:
+        """Is add-on loaded."""
+        return bool(self._listeners)
+
    def save_persist(self) -> None:
        """Save data of add-on."""
        self.sys_addons.data.save_data()
@@ -510,8 +590,11 @@ class Addon(AddonModel):

        raise AddonConfigurationError()

-    async def remove_data(self) -> None:
-        """Remove add-on data."""
+    async def unload(self) -> None:
+        """Unload add-on and remove data."""
+        for listener in self._listeners:
+            self.sys_bus.remove_listener(listener)
+
        if not self.path_data.is_dir():
            return

@@ -530,8 +613,7 @@ class Addon(AddonModel):

        # Write pulse config
        try:
-            with self.path_pulse.open("w") as config_file:
-                config_file.write(pulse_config)
+            self.path_pulse.write_text(pulse_config, encoding="utf-8")
        except OSError as err:
            _LOGGER.error(
                "Add-on %s can't write pulse/client.config: %s", self.slug, err
@@ -579,7 +661,9 @@ class Addon(AddonModel):
            return True

        # merge options
-        options = {**self.persist[ATTR_OPTIONS], **default_options}
+        options = _OPTIONS_MERGER.merge(
+            deepcopy(default_options), deepcopy(self.persist[ATTR_OPTIONS])
+        )

        # create voluptuous
        new_schema = vol.Schema(
@@ -616,27 +700,18 @@ class Addon(AddonModel):
        # Start Add-on
        try:
            await self.instance.run()
-        except DockerRequestError as err:
-            self.state = AddonState.ERROR
-            raise AddonsError() from err
        except DockerError as err:
            self.state = AddonState.ERROR
            raise AddonsError() from err
-        else:
-            self.state = AddonState.STARTED

    async def stop(self) -> None:
        """Stop add-on."""
+        self._manual_stop = True
        try:
            await self.instance.stop()
-        except DockerRequestError as err:
-            self.state = AddonState.ERROR
-            raise AddonsError() from err
        except DockerError as err:
            self.state = AddonState.ERROR
            raise AddonsError() from err
-        else:
-            self.state = AddonState.STOPPED

    async def restart(self) -> None:
        """Restart add-on."""
@@ -671,8 +746,9 @@ class Addon(AddonModel):
        Return a coroutine.
        """
        if not self.with_stdin:
-            _LOGGER.error("Add-on %s does not support writing to stdin!", self.slug)
-            raise AddonsNotSupportedError()
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} does not support writing to stdin!", _LOGGER.error
+            )

        try:
            return await self.instance.write_stdin(data)
@@ -683,16 +759,18 @@ class Addon(AddonModel):
        try:
            command_return = await self.instance.run_inside(command)
            if command_return.exit_code != 0:
-                _LOGGER.error(
-                    "Pre-/Post backup command returned error code: %s",
-                    command_return.exit_code,
+                _LOGGER.debug(
+                    "Pre-/Post backup command failed with: %s", command_return.output
+                )
+                raise AddonsError(
+                    f"Pre-/Post backup command returned error code: {command_return.exit_code}",
+                    _LOGGER.error,
                )
-                raise AddonsError()
        except DockerError as err:
-            _LOGGER.error(
-                "Failed running pre-/post backup command %s: %s", command, err
-            )
-            raise AddonsError() from err
+            raise AddonsError(
+                f"Failed running pre-/post backup command {command}: {str(err)}",
+                _LOGGER.error,
+            ) from err

    async def backup(self, tar_file: tarfile.TarFile) -> None:
        """Backup state of an add-on."""
@@ -719,24 +797,25 @@ class Addon(AddonModel):
            try:
                write_json_file(temp_path.joinpath("addon.json"), data)
            except ConfigurationFileError as err:
-                _LOGGER.error("Can't save meta for %s", self.slug)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't save meta for {self.slug}", _LOGGER.error
+                ) from err

            # Store AppArmor Profile
            if self.sys_host.apparmor.exists(self.slug):
                profile = temp_path.joinpath("apparmor.txt")
                try:
-                    self.sys_host.apparmor.backup_profile(self.slug, profile)
+                    await self.sys_host.apparmor.backup_profile(self.slug, profile)
                except HostAppArmorError as err:
-                    _LOGGER.error("Can't backup AppArmor profile")
-                    raise AddonsError() from err
+                    raise AddonsError(
+                        "Can't backup AppArmor profile", _LOGGER.error
+                    ) from err

            # write into tarfile
            def _write_tarfile():
                """Write tar inside loop."""
                with tar_file as backup:
-                    # Backup system
-
+                    # Backup metadata
                    backup.add(temp, arcname=".")

                    # Backup data
@@ -761,8 +840,9 @@ class Addon(AddonModel):
                _LOGGER.info("Building backup for add-on %s", self.slug)
                await self.sys_run_in_executor(_write_tarfile)
            except (tarfile.TarError, OSError) as err:
-                _LOGGER.error("Can't write tarfile %s: %s", tar_file, err)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't write tarfile {tar_file}: {err}", _LOGGER.error
+                ) from err
            finally:
                if (
                    is_running
@@ -788,8 +868,9 @@ class Addon(AddonModel):
            try:
                await self.sys_run_in_executor(_extract_tarfile)
            except tarfile.TarError as err:
-                _LOGGER.error("Can't read tarfile %s: %s", tar_file, err)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't read tarfile {tar_file}: {err}", _LOGGER.error
+                ) from err

            # Read backup data
            try:
@@ -801,17 +882,17 @@ class Addon(AddonModel):
            try:
                data = SCHEMA_ADDON_BACKUP(data)
            except vol.Invalid as err:
-                _LOGGER.error(
-                    "Can't validate %s, backup data: %s",
-                    self.slug,
-                    humanize_error(data, err),
-                )
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't validate {self.slug}, backup data: {humanize_error(data, err)}",
+                    _LOGGER.error,
+                ) from err

            # If available
            if not self._available(data[ATTR_SYSTEM]):
-                _LOGGER.error("Add-on %s is not available for this platform", self.slug)
-                raise AddonsNotSupportedError()
+                raise AddonsNotSupportedError(
+                    f"Add-on {self.slug} is not available for this platform",
+                    _LOGGER.error,
+                )

            # Restore local add-on information
            _LOGGER.info("Restore config for addon %s", self.slug)
@@ -844,7 +925,11 @@ class Addon(AddonModel):
            # Restore data
            def _restore_data():
                """Restore data."""
-                shutil.copytree(Path(temp, "data"), self.path_data, symlinks=True)
+                temp_data = Path(temp, "data")
+                if temp_data.is_dir():
+                    shutil.copytree(temp_data, self.path_data, symlinks=True)
+                else:
+                    self.path_data.mkdir()

            _LOGGER.info("Restoring data for addon %s", self.slug)
            if self.path_data.is_dir():
@@ -852,8 +937,9 @@ class Addon(AddonModel):
            try:
                await self.sys_run_in_executor(_restore_data)
            except shutil.Error as err:
-                _LOGGER.error("Can't restore origin data: %s", err)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't restore origin data: {err}", _LOGGER.error
+                ) from err

            # Restore AppArmor
            profile_file = Path(temp, "apparmor.txt")
@@ -866,8 +952,52 @@ class Addon(AddonModel):
                    )
                    raise AddonsError() from err

+            # Is add-on loaded
+            if not self.loaded:
+                await self.load()
+
            # Run add-on
            if data[ATTR_STATE] == AddonState.STARTED:
                return await self.start()

        _LOGGER.info("Finished restore for add-on %s", self.slug)
+
+    def check_trust(self) -> Awaitable[None]:
+        """Calculate Addon docker content trust.
+
+        Return Coroutine.
+        """
+        return self.instance.check_trust()
+
+    async def container_state_changed(self, event: DockerContainerStateEvent) -> None:
+        """Set addon state from container state."""
+        if event.name != self.instance.name:
+            return
+
+        if event.state in [
+            ContainerState.RUNNING,
+            ContainerState.HEALTHY,
+            ContainerState.UNHEALTHY,
+        ]:
+            self._manual_stop = False
+            self.state = AddonState.STARTED
+        elif event.state == ContainerState.STOPPED:
+            self.state = AddonState.STOPPED
+        elif event.state == ContainerState.FAILED:
+            self.state = AddonState.ERROR
+
+    async def watchdog_container(self, event: DockerContainerStateEvent) -> None:
+        """Process state changes in addon container and restart if necessary."""
+        if event.name != self.instance.name:
+            return
+
+        # Skip watchdog if not enabled or manual stopped
+        if not self.watchdog or self._manual_stop:
+            return
+
+        if event.state in [
+            ContainerState.FAILED,
+            ContainerState.STOPPED,
+            ContainerState.UNHEALTHY,
+        ]:
+            await self._restart_after_problem(self, event.state)
--- a/supervisor/addons/build.py
+++ b/supervisor/addons/build.py
@@ -1,8 +1,9 @@
 """Supervisor add-on build environment."""
 from __future__ import annotations

+from functools import cached_property
 from pathlib import Path
-from typing import TYPE_CHECKING, Dict
+from typing import TYPE_CHECKING

 from awesomeversion import AwesomeVersion

@@ -15,7 +16,8 @@ from ..const import (
    META_ADDON,
 )
 from ..coresys import CoreSys, CoreSysAttributes
-from ..exceptions import ConfigurationFileError
+from ..docker.interface import MAP_ARCH
+from ..exceptions import ConfigurationFileError, HassioArchNotFound
 from ..utils.common import FileConfiguration, find_one_filetype
 from .validate import SCHEMA_BUILD_CONFIG

@@ -44,15 +46,33 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
        """Ignore save function."""
        raise RuntimeError()

+    @cached_property
+    def arch(self) -> str:
+        """Return arch of the add-on."""
+        return self.sys_arch.match(self.addon.arch)
+
    @property
    def base_image(self) -> str:
        """Return base image for this add-on."""
        if not self._data[ATTR_BUILD_FROM]:
            return f"ghcr.io/home-assistant/{self.sys_arch.default}-base:latest"

+        if isinstance(self._data[ATTR_BUILD_FROM], str):
+            return self._data[ATTR_BUILD_FROM]
+
        # Evaluate correct base image
-        arch = self.sys_arch.match(list(self._data[ATTR_BUILD_FROM].keys()))
-        return self._data[ATTR_BUILD_FROM][arch]
+        if self.arch not in self._data[ATTR_BUILD_FROM]:
+            raise HassioArchNotFound(
+                f"Add-on {self.addon.slug} is not supported on {self.arch}"
+            )
+        return self._data[ATTR_BUILD_FROM][self.arch]
+
+    @property
+    def dockerfile(self) -> Path:
+        """Return Dockerfile path."""
+        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
+            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
+        return self.addon.path_location.joinpath("Dockerfile")

    @property
    def squash(self) -> bool:
@@ -60,36 +80,41 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
        return self._data[ATTR_SQUASH]

    @property
-    def additional_args(self) -> Dict[str, str]:
+    def additional_args(self) -> dict[str, str]:
        """Return additional Docker build arguments."""
        return self._data[ATTR_ARGS]

    @property
-    def additional_labels(self) -> Dict[str, str]:
+    def additional_labels(self) -> dict[str, str]:
        """Return additional Docker labels."""
        return self._data[ATTR_LABELS]

    @property
    def is_valid(self) -> bool:
        """Return true if the build env is valid."""
-        return all(
-            [
-                self.addon.path_location.is_dir(),
-                Path(self.addon.path_location, "Dockerfile").is_file(),
-            ]
-        )
+        try:
+            return all(
+                [
+                    self.addon.path_location.is_dir(),
+                    self.dockerfile.is_file(),
+                ]
+            )
+        except HassioArchNotFound:
+            return False

    def get_docker_args(self, version: AwesomeVersion):
        """Create a dict with Docker build arguments."""
        args = {
            "path": str(self.addon.path_location),
            "tag": f"{self.addon.image}:{version!s}",
+            "dockerfile": str(self.dockerfile),
            "pull": True,
            "forcerm": not self.sys_dev,
            "squash": self.squash,
+            "platform": MAP_ARCH[self.arch],
            "labels": {
                "io.hass.version": version,
-                "io.hass.arch": self.sys_arch.default,
+                "io.hass.arch": self.arch,
                "io.hass.type": META_ADDON,
                "io.hass.name": self._fix_label("name"),
                "io.hass.description": self._fix_label("description"),
--- a/supervisor/addons/const.py
+++ b/supervisor/addons/const.py
@@ -1,6 +1,9 @@
 """Add-on static data."""
+from datetime import timedelta
 from enum import Enum

+from ..jobs.const import JobCondition
+

 class AddonBackupMode(str, Enum):
    """Backup mode of an Add-on."""
@@ -10,3 +13,18 @@ class AddonBackupMode(str, Enum):


 ATTR_BACKUP = "backup"
+ATTR_CODENOTARY = "codenotary"
+WATCHDOG_RETRY_SECONDS = 10
+WATCHDOG_MAX_ATTEMPTS = 5
+WATCHDOG_THROTTLE_PERIOD = timedelta(minutes=30)
+WATCHDOG_THROTTLE_MAX_CALLS = 10
+
+ADDON_UPDATE_CONDITIONS = [
+    JobCondition.FREE_SPACE,
+    JobCondition.HEALTHY,
+    JobCondition.INTERNET_HOST,
+    JobCondition.PLUGINS_UPDATED,
+    JobCondition.SUPERVISOR_UPDATED,
+]
+
+RE_SLUG = r"[-_.A-Za-z0-9]+"
--- a/supervisor/addons/data.py
+++ b/supervisor/addons/data.py
@@ -1,6 +1,6 @@
 """Init file for Supervisor add-on data."""
 from copy import deepcopy
-from typing import Any, Dict
+from typing import Any

 from ..const import (
    ATTR_IMAGE,
@@ -16,7 +16,7 @@ from ..utils.common import FileConfiguration
 from .addon import Addon
 from .validate import SCHEMA_ADDONS_FILE

-Config = Dict[str, Any]
+Config = dict[str, Any]


 class AddonsData(FileConfiguration, CoreSysAttributes):
--- a/supervisor/addons/model.py
+++ b/supervisor/addons/model.py
@@ -1,12 +1,13 @@
 """Init file for Supervisor add-ons."""
 from abc import ABC, abstractmethod
+from collections.abc import Awaitable, Callable
+from contextlib import suppress
+import logging
 from pathlib import Path
-from typing import Any, Awaitable, Dict, List, Optional
+from typing import Any

 from awesomeversion import AwesomeVersion, AwesomeVersionException

-from supervisor.addons.const import AddonBackupMode
-
 from ..const import (
    ATTR_ADVANCED,
    ATTR_APPARMOR,
@@ -33,6 +34,7 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
+    ATTR_HOST_UTS,
    ATTR_IMAGE,
    ATTR_INGRESS,
    ATTR_INGRESS_STREAM,
@@ -79,11 +81,14 @@ from ..const import (
 )
 from ..coresys import CoreSys, CoreSysAttributes
 from ..docker.const import Capabilities
-from .const import ATTR_BACKUP
+from ..exceptions import AddonsNotSupportedError
+from .const import ATTR_BACKUP, ATTR_CODENOTARY, AddonBackupMode
 from .options import AddonOptions, UiOptions
 from .validate import RE_SERVICE, RE_VOLUME

-Data = Dict[str, Any]
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+Data = dict[str, Any]


 class AddonModel(CoreSysAttributes, ABC):
@@ -115,7 +120,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self._available(self.data)

    @property
-    def options(self) -> Dict[str, Any]:
+    def options(self) -> dict[str, Any]:
        """Return options with local changes."""
        return self.data[ATTR_OPTIONS]

@@ -125,7 +130,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_BOOT]

    @property
-    def auto_update(self) -> Optional[bool]:
+    def auto_update(self) -> bool | None:
        """Return if auto update is enable."""
        return None

@@ -140,7 +145,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.slug.replace("_", "-")

    @property
-    def dns(self) -> List[str]:
+    def dns(self) -> list[str]:
        """Return list of DNS name for that add-on."""
        return []

@@ -150,22 +155,22 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_TIMEOUT]

    @property
-    def uuid(self) -> Optional[str]:
+    def uuid(self) -> str | None:
        """Return an API token for this add-on."""
        return None

    @property
-    def supervisor_token(self) -> Optional[str]:
+    def supervisor_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return None

    @property
-    def ingress_token(self) -> Optional[str]:
+    def ingress_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return None

    @property
-    def ingress_entry(self) -> Optional[str]:
+    def ingress_entry(self) -> str | None:
        """Return ingress external URL."""
        return None

@@ -175,7 +180,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_DESCRIPTON]

    @property
-    def long_description(self) -> Optional[str]:
+    def long_description(self) -> str | None:
        """Return README.md as long_description."""
        readme = Path(self.path_location, "README.md")

@@ -184,8 +189,7 @@ class AddonModel(CoreSysAttributes, ABC):
            return None

        # Return data
-        with readme.open("r") as readme_file:
-            return readme_file.read()
+        return readme.read_text(encoding="utf-8")

    @property
    def repository(self) -> str:
@@ -228,7 +232,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_STAGE]

    @property
-    def services_role(self) -> Dict[str, str]:
+    def services_role(self) -> dict[str, str]:
        """Return dict of services with rights."""
        services_list = self.data.get(ATTR_SERVICES, [])

@@ -241,37 +245,37 @@ class AddonModel(CoreSysAttributes, ABC):
        return services

    @property
-    def discovery(self) -> List[str]:
+    def discovery(self) -> list[str]:
        """Return list of discoverable components/platforms."""
        return self.data.get(ATTR_DISCOVERY, [])

    @property
-    def ports_description(self) -> Optional[Dict[str, str]]:
+    def ports_description(self) -> dict[str, str] | None:
        """Return descriptions of ports."""
        return self.data.get(ATTR_PORTS_DESCRIPTION)

    @property
-    def ports(self) -> Optional[Dict[str, Optional[int]]]:
+    def ports(self) -> dict[str, int | None] | None:
        """Return ports of add-on."""
        return self.data.get(ATTR_PORTS)

    @property
-    def ingress_url(self) -> Optional[str]:
+    def ingress_url(self) -> str | None:
        """Return URL to ingress url."""
        return None

    @property
-    def webui(self) -> Optional[str]:
+    def webui(self) -> str | None:
        """Return URL to webui or None."""
        return self.data.get(ATTR_WEBUI)

    @property
-    def watchdog(self) -> Optional[str]:
+    def watchdog(self) -> str | None:
        """Return URL to for watchdog or None."""
        return self.data.get(ATTR_WATCHDOG)

    @property
-    def ingress_port(self) -> Optional[int]:
+    def ingress_port(self) -> int | None:
        """Return Ingress port."""
        return None

@@ -305,23 +309,28 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if add-on run on host IPC namespace."""
        return self.data[ATTR_HOST_IPC]

+    @property
+    def host_uts(self) -> bool:
+        """Return True if add-on run on host UTS namespace."""
+        return self.data[ATTR_HOST_UTS]
+
    @property
    def host_dbus(self) -> bool:
        """Return True if add-on run on host D-BUS."""
        return self.data[ATTR_HOST_DBUS]

    @property
-    def static_devices(self) -> List[Path]:
+    def static_devices(self) -> list[Path]:
        """Return static devices of add-on."""
        return [Path(node) for node in self.data.get(ATTR_DEVICES, [])]

    @property
-    def environment(self) -> Optional[Dict[str, str]]:
+    def environment(self) -> dict[str, str] | None:
        """Return environment of add-on."""
        return self.data.get(ATTR_ENVIRONMENT)

    @property
-    def privileged(self) -> List[Capabilities]:
+    def privileged(self) -> list[Capabilities]:
        """Return list of privilege."""
        return self.data.get(ATTR_PRIVILEGED, [])

@@ -360,17 +369,17 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_HASSIO_ROLE]

    @property
-    def backup_exclude(self) -> List[str]:
+    def backup_exclude(self) -> list[str]:
        """Return Exclude list for backup."""
        return self.data.get(ATTR_BACKUP_EXCLUDE, [])

    @property
-    def backup_pre(self) -> Optional[str]:
+    def backup_pre(self) -> str | None:
        """Return pre-backup command."""
        return self.data.get(ATTR_BACKUP_PRE)

    @property
-    def backup_post(self) -> Optional[str]:
+    def backup_post(self) -> str | None:
        """Return post-backup command."""
        return self.data.get(ATTR_BACKUP_POST)

@@ -395,7 +404,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_INGRESS]

    @property
-    def ingress_panel(self) -> Optional[bool]:
+    def ingress_panel(self) -> bool | None:
        """Return True if the add-on access support ingress."""
        return None

@@ -445,7 +454,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_DEVICETREE]

    @property
-    def with_tmpfs(self) -> Optional[str]:
+    def with_tmpfs(self) -> str | None:
        """Return if tmp is in memory of add-on."""
        return self.data[ATTR_TMPFS]

@@ -465,12 +474,12 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_VIDEO]

    @property
-    def homeassistant_version(self) -> Optional[str]:
+    def homeassistant_version(self) -> str | None:
        """Return min Home Assistant version they needed by Add-on."""
        return self.data.get(ATTR_HOMEASSISTANT)

    @property
-    def url(self) -> Optional[str]:
+    def url(self) -> str | None:
        """Return URL of add-on."""
        return self.data.get(ATTR_URL)

@@ -495,17 +504,25 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.path_documentation.exists()

    @property
-    def supported_arch(self) -> List[str]:
+    def supported_arch(self) -> list[str]:
        """Return list of supported arch."""
        return self.data[ATTR_ARCH]

    @property
-    def supported_machine(self) -> List[str]:
+    def supported_machine(self) -> list[str]:
        """Return list of supported machine."""
        return self.data.get(ATTR_MACHINE, [])

    @property
-    def image(self) -> Optional[str]:
+    def arch(self) -> str:
+        """Return architecture to use for the addon's image."""
+        if ATTR_IMAGE in self.data:
+            return self.sys_arch.match(self.data[ATTR_ARCH])
+
+        return self.sys_arch.default
+
+    @property
+    def image(self) -> str | None:
        """Generate image name from data."""
        return self._image(self.data)

@@ -515,14 +532,14 @@ class AddonModel(CoreSysAttributes, ABC):
        return ATTR_IMAGE not in self.data

    @property
-    def map_volumes(self) -> Dict[str, str]:
-        """Return a dict of {volume: policy} from add-on."""
+    def map_volumes(self) -> dict[str, bool]:
+        """Return a dict of {volume: read-only} from add-on."""
        volumes = {}
        for volume in self.data[ATTR_MAP]:
            result = RE_VOLUME.match(volume)
            if not result:
                continue
-            volumes[result.group(1)] = result.group(2) or "ro"
+            volumes[result.group(1)] = result.group(2) != "rw"

        return volumes

@@ -566,7 +583,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return AddonOptions(self.coresys, raw_schema, self.name, self.slug)

    @property
-    def schema_ui(self) -> Optional[List[Dict[any, any]]]:
+    def schema_ui(self) -> list[dict[any, any]] | None:
        """Create a UI schema for add-on options."""
        raw_schema = self.data[ATTR_SCHEMA]

@@ -579,31 +596,64 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if the add-on accesses the system journal."""
        return self.data[ATTR_JOURNALD]

+    @property
+    def signed(self) -> bool:
+        """Return True if the image is signed."""
+        return ATTR_CODENOTARY in self.data
+
+    @property
+    def codenotary(self) -> str | None:
+        """Return Signer email address for CAS."""
+        return self.data.get(ATTR_CODENOTARY)
+
+    def validate_availability(self) -> None:
+        """Validate if addon is available for current system."""
+        return self._validate_availability(self.data, logger=_LOGGER.error)
+
    def __eq__(self, other):
        """Compaired add-on objects."""
        if not isinstance(other, AddonModel):
            return False
        return self.slug == other.slug

-    def _available(self, config) -> bool:
-        """Return True if this add-on is available on this platform."""
+    def _validate_availability(
+        self, config, *, logger: Callable[..., None] | None = None
+    ) -> None:
+        """Validate if addon is available for current system."""
        # Architecture
        if not self.sys_arch.is_supported(config[ATTR_ARCH]):
-            return False
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} not supported on this platform, supported architectures: {', '.join(config[ATTR_ARCH])}",
+                logger,
+            )

        # Machine / Hardware
        machine = config.get(ATTR_MACHINE)
-        if machine and f"!{self.sys_machine}" in machine:
-            return False
-        elif machine and self.sys_machine not in machine:
-            return False
+        if machine and (
+            f"!{self.sys_machine}" in machine or self.sys_machine not in machine
+        ):
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} not supported on this machine, supported machine types: {', '.join(machine)}",
+                logger,
+            )

        # Home Assistant
-        version: Optional[AwesomeVersion] = config.get(ATTR_HOMEASSISTANT)
+        version: AwesomeVersion | None = config.get(ATTR_HOMEASSISTANT)
+        with suppress(AwesomeVersionException, TypeError):
+            if self.sys_homeassistant.version < version:
+                raise AddonsNotSupportedError(
+                    f"Add-on {self.slug} not supported on this system, requires Home Assistant version {version} or greater",
+                    logger,
+                )
+
+    def _available(self, config) -> bool:
+        """Return True if this add-on is available on this platform."""
        try:
-            return self.sys_homeassistant.version >= version
-        except (AwesomeVersionException, TypeError):
-            return True
+            self._validate_availability(config)
+        except AddonsNotSupportedError:
+            return False
+
+        return True

    def _image(self, config) -> str:
        """Generate image name from data."""
@@ -623,9 +673,9 @@ class AddonModel(CoreSysAttributes, ABC):
        """Uninstall this add-on."""
        return self.sys_addons.uninstall(self.slug)

-    def update(self) -> Awaitable[None]:
+    def update(self, backup: bool | None = False) -> Awaitable[None]:
        """Update this add-on."""
-        return self.sys_addons.update(self.slug)
+        return self.sys_addons.update(self.slug, backup=backup)

    def rebuild(self) -> Awaitable[None]:
        """Rebuild this add-on."""
--- a/supervisor/addons/options.py
+++ b/supervisor/addons/options.py
@@ -3,7 +3,7 @@ import hashlib
 import logging
 from pathlib import Path
 import re
-from typing import Any, Dict, List, Set, Union
+from typing import Any

 import voluptuous as vol

@@ -59,13 +59,13 @@ class AddonOptions(CoreSysAttributes):
    """Validate Add-ons Options."""

    def __init__(
-        self, coresys: CoreSys, raw_schema: Dict[str, Any], name: str, slug: str
+        self, coresys: CoreSys, raw_schema: dict[str, Any], name: str, slug: str
    ):
        """Validate schema."""
        self.coresys: CoreSys = coresys
-        self.raw_schema: Dict[str, Any] = raw_schema
-        self.devices: Set[Device] = set()
-        self.pwned: Set[str] = set()
+        self.raw_schema: dict[str, Any] = raw_schema
+        self.devices: set[Device] = set()
+        self.pwned: set[str] = set()
        self._name = name
        self._slug = slug

@@ -167,7 +167,7 @@ class AddonOptions(CoreSysAttributes):
                device = self.sys_hardware.get_by_path(Path(value))
            except HardwareNotFound:
                raise vol.Invalid(
-                    f"Device '{value}' does not exists! in {self._name} ({self._slug})"
+                    f"Device '{value}' does not exist in {self._name} ({self._slug})"
                ) from None

            # Have filter
@@ -187,7 +187,7 @@ class AddonOptions(CoreSysAttributes):
            f"Fatal error for option '{key}' with type '{typ}' in {self._name} ({self._slug})"
        ) from None

-    def _nested_validate_list(self, typ: Any, data_list: List[Any], key: str):
+    def _nested_validate_list(self, typ: Any, data_list: list[Any], key: str):
        """Validate nested items."""
        options = []

@@ -209,7 +209,7 @@ class AddonOptions(CoreSysAttributes):
        return options

    def _nested_validate_dict(
-        self, typ: Dict[Any, Any], data_dict: Dict[Any, Any], key: str
+        self, typ: dict[Any, Any], data_dict: dict[Any, Any], key: str
    ):
        """Validate nested items."""
        options = {}
@@ -241,7 +241,7 @@ class AddonOptions(CoreSysAttributes):
        return options

    def _check_missing_options(
-        self, origin: Dict[Any, Any], exists: Dict[Any, Any], root: str
+        self, origin: dict[Any, Any], exists: dict[Any, Any], root: str
    ) -> None:
        """Check if all options are exists."""
        missing = set(origin) - set(exists)
@@ -267,9 +267,9 @@ class UiOptions(CoreSysAttributes):
        """Initialize UI option render."""
        self.coresys = coresys

-    def __call__(self, raw_schema: Dict[str, Any]) -> List[Dict[str, Any]]:
+    def __call__(self, raw_schema: dict[str, Any]) -> list[dict[str, Any]]:
        """Generate UI schema."""
-        ui_schema: List[Dict[str, Any]] = []
+        ui_schema: list[dict[str, Any]] = []

        # read options
        for key, value in raw_schema.items():
@@ -287,13 +287,13 @@ class UiOptions(CoreSysAttributes):

    def _single_ui_option(
        self,
-        ui_schema: List[Dict[str, Any]],
+        ui_schema: list[dict[str, Any]],
        value: str,
        key: str,
        multiple: bool = False,
    ) -> None:
        """Validate a single element."""
-        ui_node: Dict[str, Union[str, bool, float, List[str]]] = {"name": key}
+        ui_node: dict[str, str | bool | float | list[str]] = {"name": key}

        # If multiple
        if multiple:
@@ -365,8 +365,8 @@ class UiOptions(CoreSysAttributes):

    def _nested_ui_list(
        self,
-        ui_schema: List[Dict[str, Any]],
-        option_list: List[Any],
+        ui_schema: list[dict[str, Any]],
+        option_list: list[Any],
        key: str,
    ) -> None:
        """UI nested list items."""
@@ -383,8 +383,8 @@ class UiOptions(CoreSysAttributes):

    def _nested_ui_dict(
        self,
-        ui_schema: List[Dict[str, Any]],
-        option_dict: Dict[str, Any],
+        ui_schema: list[dict[str, Any]],
+        option_dict: dict[str, Any],
        key: str,
        multiple: bool = False,
    ) -> None:
@@ -408,7 +408,7 @@ class UiOptions(CoreSysAttributes):
        ui_schema.append(ui_node)


-def _create_device_filter(str_filter: str) -> Dict[str, Any]:
+def _create_device_filter(str_filter: str) -> dict[str, Any]:
    """Generate device Filter."""
    raw_filter = dict(value.split("=") for value in str_filter.split(";"))

--- a/supervisor/addons/utils.py
+++ b/supervisor/addons/utils.py
@@ -16,10 +16,10 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)


 def rating_security(addon: AddonModel) -> int:
-    """Return 1-6 for security rating.
+    """Return 1-8 for security rating.

    1 = not secure
-    6 = high secure
+    8 = high secure
    """
    rating = 5

@@ -35,17 +35,24 @@ def rating_security(addon: AddonModel) -> int:
    elif addon.access_auth_api:
        rating += 1

+    # Signed
+    if addon.signed:
+        rating += 1
+
    # Privileged options
    if (
        any(
            privilege in addon.privileged
            for privilege in (
-                Capabilities.NET_ADMIN,
-                Capabilities.SYS_ADMIN,
-                Capabilities.SYS_RAWIO,
-                Capabilities.SYS_PTRACE,
-                Capabilities.SYS_MODULE,
+                Capabilities.BPF,
                Capabilities.DAC_READ_SEARCH,
+                Capabilities.NET_ADMIN,
+                Capabilities.NET_RAW,
+                Capabilities.PERFMON,
+                Capabilities.SYS_ADMIN,
+                Capabilities.SYS_MODULE,
+                Capabilities.SYS_PTRACE,
+                Capabilities.SYS_RAWIO,
            )
        )
        or addon.with_kernel_modules
@@ -66,11 +73,15 @@ def rating_security(addon: AddonModel) -> int:
    if addon.host_pid:
        rating += -2

+    # UTS host namespace allows to set hostname only with SYS_ADMIN
+    if addon.host_uts and Capabilities.SYS_ADMIN in addon.privileged:
+        rating += -1
+
    # Docker Access & full Access
    if addon.access_docker_api or addon.with_full_access:
        rating = 1

-    return max(min(6, rating), 1)
+    return max(min(8, rating), 1)


 async def remove_data(folder: Path) -> None:
--- a/supervisor/addons/validate.py
+++ b/supervisor/addons/validate.py
@@ -2,13 +2,11 @@
 import logging
 import re
 import secrets
-from typing import Any, Dict
+from typing import Any
 import uuid

 import voluptuous as vol

-from supervisor.addons.const import AddonBackupMode
-
 from ..const import (
    ARCH_ALL,
    ATTR_ACCESS_TOKEN,
@@ -43,6 +41,7 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
+    ATTR_HOST_UTS,
    ATTR_IMAGE,
    ATTR_INGRESS,
    ATTR_INGRESS_ENTRY,
@@ -110,7 +109,7 @@ from ..validate import (
    uuid_match,
    version_tag,
 )
-from .const import ATTR_BACKUP
+from .const import ATTR_BACKUP, ATTR_CODENOTARY, RE_SLUG, AddonBackupMode
 from .options import RE_SCHEMA_ELEMENT

 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -131,6 +130,7 @@ RE_MACHINE = re.compile(
    r"|generic-x86-64"
    r"|odroid-c2"
    r"|odroid-c4"
+    r"|odroid-m1"
    r"|odroid-n2"
    r"|odroid-xu"
    r"|qemuarm-64"
@@ -147,8 +147,10 @@ RE_MACHINE = re.compile(
    r")$"
 )

+RE_SLUG_FIELD = re.compile(r"^" + RE_SLUG + r"$")

-def _warn_addon_config(config: Dict[str, Any]):
+
+def _warn_addon_config(config: dict[str, Any]):
    """Warn about miss configs."""
    name = config.get(ATTR_NAME)
    if not name:
@@ -179,7 +181,7 @@ def _warn_addon_config(config: Dict[str, Any]):
 def _migrate_addon_config(protocol=False):
    """Migrate addon config."""

-    def _migrate(config: Dict[str, Any]):
+    def _migrate(config: dict[str, Any]):
        name = config.get(ATTR_NAME)
        if not name:
            raise vol.Invalid("Invalid Add-on config!")
@@ -252,7 +254,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
    {
        vol.Required(ATTR_NAME): str,
        vol.Required(ATTR_VERSION): version_tag,
-        vol.Required(ATTR_SLUG): str,
+        vol.Required(ATTR_SLUG): vol.Match(RE_SLUG_FIELD),
        vol.Required(ATTR_DESCRIPTON): str,
        vol.Required(ATTR_ARCH): [vol.In(ARCH_ALL)],
        vol.Optional(ATTR_MACHINE): vol.All([vol.Match(RE_MACHINE)], vol.Unique()),
@@ -281,10 +283,11 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): str,
        vol.Optional(ATTR_PANEL_TITLE): str,
        vol.Optional(ATTR_PANEL_ADMIN, default=True): vol.Boolean(),
-        vol.Optional(ATTR_HOMEASSISTANT): vol.Maybe(version_tag),
+        vol.Optional(ATTR_HOMEASSISTANT): version_tag,
        vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HOST_UTS, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_DBUS, default=False): vol.Boolean(),
        vol.Optional(ATTR_DEVICES): [str],
        vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),
@@ -317,6 +320,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_BACKUP, default=AddonBackupMode.HOT): vol.Coerce(
            AddonBackupMode
        ),
+        vol.Optional(ATTR_CODENOTARY): vol.Email(),
        vol.Optional(ATTR_OPTIONS, default={}): dict,
        vol.Optional(ATTR_SCHEMA, default={}): vol.Any(
            vol.Schema(
@@ -352,8 +356,9 @@ SCHEMA_ADDON_CONFIG = vol.All(
 # pylint: disable=no-value-for-parameter
 SCHEMA_BUILD_CONFIG = vol.Schema(
    {
-        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Schema(
-            {vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}
+        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Any(
+            vol.Match(RE_DOCKER_IMAGE_BUILD),
+            vol.Schema({vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}),
        ),
        vol.Optional(ATTR_SQUASH, default=False): vol.Boolean(),
        vol.Optional(ATTR_ARGS, default=dict): vol.Schema({str: str}),
--- a/supervisor/api/init.py
+++ b/supervisor/api/init.py
@@ -1,11 +1,14 @@
 """Init file for Supervisor RESTful API."""
+from functools import partial
 import logging
 from pathlib import Path
-from typing import Optional
+from typing import Any

 from aiohttp import web

+from ..const import AddonState
 from ..coresys import CoreSys, CoreSysAttributes
+from ..exceptions import APIAddonNotInstalled
 from .addons import APIAddons
 from .audio import APIAudio
 from .auth import APIAuth
@@ -17,25 +20,28 @@ from .docker import APIDocker
 from .hardware import APIHardware
 from .homeassistant import APIHomeAssistant
 from .host import APIHost
-from .info import APIInfo
 from .ingress import APIIngress
 from .jobs import APIJobs
 from .middleware.security import SecurityMiddleware
+from .mounts import APIMounts
 from .multicast import APIMulticast
 from .network import APINetwork
 from .observer import APIObserver
 from .os import APIOS
 from .proxy import APIProxy
 from .resolution import APIResoulution
+from .root import APIRoot
 from .security import APISecurity
 from .services import APIServices
 from .store import APIStore
 from .supervisor import APISupervisor
+from .utils import api_process

 _LOGGER: logging.Logger = logging.getLogger(__name__)


-MAX_CLIENT_SIZE: int = 1024 ** 2 * 16
+MAX_CLIENT_SIZE: int = 1024**2 * 16
+MAX_LINE_SIZE: int = 24570


 class RestAPI(CoreSysAttributes):
@@ -48,14 +54,20 @@ class RestAPI(CoreSysAttributes):
        self.webapp: web.Application = web.Application(
            client_max_size=MAX_CLIENT_SIZE,
            middlewares=[
+                self.security.block_bad_requests,
                self.security.system_validation,
                self.security.token_validation,
+                self.security.core_proxy,
            ],
+            handler_args={
+                "max_line_size": MAX_LINE_SIZE,
+                "max_field_size": MAX_LINE_SIZE,
+            },
        )

        # service stuff
        self._runner: web.AppRunner = web.AppRunner(self.webapp)
-        self._site: Optional[web.TCPSite] = None
+        self._site: web.TCPSite | None = None

    async def load(self) -> None:
        """Register REST API Calls."""
@@ -70,20 +82,21 @@ class RestAPI(CoreSysAttributes):
        self._register_hardware()
        self._register_homeassistant()
        self._register_host()
-        self._register_info()
+        self._register_jobs()
        self._register_ingress()
+        self._register_mounts()
        self._register_multicast()
        self._register_network()
        self._register_observer()
        self._register_os()
-        self._register_jobs()
        self._register_panel()
        self._register_proxy()
        self._register_resolution()
-        self._register_services()
-        self._register_supervisor()
-        self._register_store()
+        self._register_root()
        self._register_security()
+        self._register_services()
+        self._register_store()
+        self._register_supervisor()

        await self.start()

@@ -95,16 +108,36 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/host/info", api_host.info),
-                web.get("/host/logs", api_host.logs),
+                web.get("/host/logs", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get("/host/logs/identifiers", api_host.list_identifiers),
+                web.get("/host/logs/identifiers/{identifier}", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/identifiers/{identifier}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get("/host/logs/boots", api_host.list_boots),
+                web.get("/host/logs/boots/{bootid}", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/boots/{bootid}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get(
+                    "/host/logs/boots/{bootid}/identifiers/{identifier}",
+                    api_host.advanced_logs,
+                ),
+                web.get(
+                    "/host/logs/boots/{bootid}/identifiers/{identifier}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
                web.post("/host/reboot", api_host.reboot),
                web.post("/host/shutdown", api_host.shutdown),
                web.post("/host/reload", api_host.reload),
                web.post("/host/options", api_host.options),
                web.get("/host/services", api_host.services),
-                web.post("/host/services/{service}/stop", api_host.service_stop),
-                web.post("/host/services/{service}/start", api_host.service_start),
-                web.post("/host/services/{service}/restart", api_host.service_restart),
-                web.post("/host/services/{service}/reload", api_host.service_reload),
            ]
        )

@@ -145,6 +178,17 @@ class RestAPI(CoreSysAttributes):
                web.get("/os/info", api_os.info),
                web.post("/os/update", api_os.update),
                web.post("/os/config/sync", api_os.config_sync),
+                web.post("/os/datadisk/move", api_os.migrate_data),
+                web.get("/os/datadisk/list", api_os.list_data),
+            ]
+        )
+
+        # Boards endpoints
+        self.webapp.add_routes(
+            [
+                web.get("/os/boards/yellow", api_os.boards_yellow_info),
+                web.post("/os/boards/yellow", api_os.boards_yellow_options),
+                web.get("/os/boards/{board}", api_os.boards_other_info),
            ]
        )

@@ -157,6 +201,7 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/security/info", api_security.info),
                web.post("/security/options", api_security.options),
+                web.post("/security/integrity", api_security.integrity_check),
            ]
        )

@@ -226,12 +271,21 @@ class RestAPI(CoreSysAttributes):
            ]
        )

-    def _register_info(self) -> None:
-        """Register info functions."""
-        api_info = APIInfo()
-        api_info.coresys = self.coresys
+    def _register_root(self) -> None:
+        """Register root functions."""
+        api_root = APIRoot()
+        api_root.coresys = self.coresys

-        self.webapp.add_routes([web.get("/info", api_info.info)])
+        self.webapp.add_routes([web.get("/info", api_root.info)])
+        self.webapp.add_routes([web.post("/refresh_updates", api_root.refresh_updates)])
+        self.webapp.add_routes(
+            [web.get("/available_updates", api_root.available_updates)]
+        )
+
+        # Remove: 2023
+        self.webapp.add_routes(
+            [web.get("/supervisor/available_updates", api_root.available_updates)]
+        )

    def _register_resolution(self) -> None:
        """Register info functions."""
@@ -257,6 +311,10 @@ class RestAPI(CoreSysAttributes):
                    "/resolution/issue/{issue}",
                    api_resolution.dismiss_issue,
                ),
+                web.get(
+                    "/resolution/issue/{issue}/suggestions",
+                    api_resolution.suggestions_for_issue,
+                ),
                web.post("/resolution/healthcheck", api_resolution.healthcheck),
            ]
        )
@@ -311,17 +369,22 @@ class RestAPI(CoreSysAttributes):
                web.post("/core/start", api_hass.start),
                web.post("/core/check", api_hass.check),
                web.post("/core/rebuild", api_hass.rebuild),
-                # Remove with old Supervisor fallback
+            ]
+        )
+
+        # Reroute from legacy
+        self.webapp.add_routes(
+            [
                web.get("/homeassistant/info", api_hass.info),
                web.get("/homeassistant/logs", api_hass.logs),
                web.get("/homeassistant/stats", api_hass.stats),
                web.post("/homeassistant/options", api_hass.options),
-                web.post("/homeassistant/update", api_hass.update),
                web.post("/homeassistant/restart", api_hass.restart),
                web.post("/homeassistant/stop", api_hass.stop),
                web.post("/homeassistant/start", api_hass.start),
-                web.post("/homeassistant/check", api_hass.check),
+                web.post("/homeassistant/update", api_hass.update),
                web.post("/homeassistant/rebuild", api_hass.rebuild),
+                web.post("/homeassistant/check", api_hass.check),
            ]
        )

@@ -338,7 +401,12 @@ class RestAPI(CoreSysAttributes):
                web.post("/core/api/{path:.+}", api_proxy.api),
                web.get("/core/api/{path:.+}", api_proxy.api),
                web.get("/core/api/", api_proxy.api),
-                # Remove with old Supervisor fallback
+            ]
+        )
+
+        # Reroute from legacy
+        self.webapp.add_routes(
+            [
                web.get("/homeassistant/api/websocket", api_proxy.websocket),
                web.get("/homeassistant/websocket", api_proxy.websocket),
                web.get("/homeassistant/api/stream", api_proxy.stream),
@@ -356,8 +424,6 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/addons", api_addons.list),
-                web.post("/addons/reload", api_addons.reload),
-                web.get("/addons/{addon}/info", api_addons.info),
                web.post("/addons/{addon}/uninstall", api_addons.uninstall),
                web.post("/addons/{addon}/start", api_addons.start),
                web.post("/addons/{addon}/stop", api_addons.stop),
@@ -369,16 +435,31 @@ class RestAPI(CoreSysAttributes):
                web.get("/addons/{addon}/options/config", api_addons.options_config),
                web.post("/addons/{addon}/rebuild", api_addons.rebuild),
                web.get("/addons/{addon}/logs", api_addons.logs),
-                web.get("/addons/{addon}/icon", api_addons.icon),
-                web.get("/addons/{addon}/logo", api_addons.logo),
-                web.get("/addons/{addon}/changelog", api_addons.changelog),
-                web.get("/addons/{addon}/documentation", api_addons.documentation),
                web.post("/addons/{addon}/stdin", api_addons.stdin),
                web.post("/addons/{addon}/security", api_addons.security),
                web.get("/addons/{addon}/stats", api_addons.stats),
            ]
        )

+        # Legacy routing to support requests for not installed addons
+        api_store = APIStore()
+        api_store.coresys = self.coresys
+
+        @api_process
+        async def addons_addon_info(request: web.Request) -> dict[str, Any]:
+            """Route to store if info requested for not installed addon."""
+            try:
+                return await api_addons.info(request)
+            except APIAddonNotInstalled:
+                # Route to store/{addon}/info but add missing fields
+                return dict(
+                    await api_store.addons_addon_info_wrapped(request),
+                    state=AddonState.UNKNOWN,
+                    options=self.sys_addons.store[request.match_info["addon"]].options,
+                )
+
+        self.webapp.add_routes([web.get("/addons/{addon}/info", addons_addon_info)])
+
    def _register_ingress(self) -> None:
        """Register Ingress functions."""
        api_ingress = APIIngress()
@@ -400,27 +481,14 @@ class RestAPI(CoreSysAttributes):

        self.webapp.add_routes(
            [
-                web.get("/snapshots", api_backups.list),
-                web.post("/snapshots/reload", api_backups.reload),
-                web.post("/snapshots/new/full", api_backups.backup_full),
-                web.post("/snapshots/new/partial", api_backups.backup_partial),
-                web.post("/snapshots/new/upload", api_backups.upload),
-                web.get("/snapshots/{slug}/info", api_backups.info),
-                web.delete("/snapshots/{slug}", api_backups.remove),
-                web.post("/snapshots/{slug}/restore/full", api_backups.restore_full),
-                web.post(
-                    "/snapshots/{slug}/restore/partial",
-                    api_backups.restore_partial,
-                ),
-                web.get("/snapshots/{slug}/download", api_backups.download),
-                web.post("/snapshots/{slug}/remove", api_backups.remove),
-                # June 2021: /snapshots was renamed to /backups
                web.get("/backups", api_backups.list),
+                web.get("/backups/info", api_backups.info),
+                web.post("/backups/options", api_backups.options),
                web.post("/backups/reload", api_backups.reload),
                web.post("/backups/new/full", api_backups.backup_full),
                web.post("/backups/new/partial", api_backups.backup_partial),
                web.post("/backups/new/upload", api_backups.upload),
-                web.get("/backups/{slug}/info", api_backups.info),
+                web.get("/backups/{slug}/info", api_backups.backup_info),
                web.delete("/backups/{slug}", api_backups.remove),
                web.post("/backups/{slug}/restore/full", api_backups.restore_full),
                web.post(
@@ -480,6 +548,8 @@ class RestAPI(CoreSysAttributes):
        """Register Audio functions."""
        api_audio = APIAudio()
        api_audio.coresys = self.coresys
+        api_host = APIHost()
+        api_host.coresys = self.coresys

        self.webapp.add_routes(
            [
@@ -498,6 +568,22 @@ class RestAPI(CoreSysAttributes):
            ]
        )

+    def _register_mounts(self) -> None:
+        """Register mounts endpoints."""
+        api_mounts = APIMounts()
+        api_mounts.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/mounts", api_mounts.info),
+                web.post("/mounts/options", api_mounts.options),
+                web.post("/mounts", api_mounts.create_mount),
+                web.put("/mounts/{mount}", api_mounts.update_mount),
+                web.delete("/mounts/{mount}", api_mounts.delete_mount),
+                web.post("/mounts/{mount}/reload", api_mounts.reload_mount),
+            ]
+        )
+
    def _register_store(self) -> None:
        """Register store endpoints."""
        api_store = APIStore()
@@ -509,6 +595,15 @@ class RestAPI(CoreSysAttributes):
                web.get("/store/addons", api_store.addons_list),
                web.get("/store/addons/{addon}", api_store.addons_addon_info),
                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
+                web.get("/store/addons/{addon}/icon", api_store.addons_addon_icon),
+                web.get("/store/addons/{addon}/logo", api_store.addons_addon_logo),
+                web.get(
+                    "/store/addons/{addon}/changelog", api_store.addons_addon_changelog
+                ),
+                web.get(
+                    "/store/addons/{addon}/documentation",
+                    api_store.addons_addon_documentation,
+                ),
                web.post(
                    "/store/addons/{addon}/install", api_store.addons_addon_install
                ),
@@ -527,14 +622,26 @@ class RestAPI(CoreSysAttributes):
                    "/store/repositories/{repository}",
                    api_store.repositories_repository_info,
                ),
+                web.post("/store/repositories", api_store.add_repository),
+                web.delete(
+                    "/store/repositories/{repository}", api_store.remove_repository
+                ),
            ]
        )

        # Reroute from legacy
        self.webapp.add_routes(
            [
+                web.post("/addons/reload", api_store.reload),
                web.post("/addons/{addon}/install", api_store.addons_addon_install),
                web.post("/addons/{addon}/update", api_store.addons_addon_update),
+                web.get("/addons/{addon}/icon", api_store.addons_addon_icon),
+                web.get("/addons/{addon}/logo", api_store.addons_addon_logo),
+                web.get("/addons/{addon}/changelog", api_store.addons_addon_changelog),
+                web.get(
+                    "/addons/{addon}/documentation",
+                    api_store.addons_addon_documentation,
+                ),
            ]
        )

--- a/supervisor/api/addons.py
+++ b/supervisor/api/addons.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict, List
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -45,6 +46,7 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
+    ATTR_HOST_UTS,
    ATTR_HOSTNAME,
    ATTR_ICON,
    ATTR_INGRESS,
@@ -52,13 +54,11 @@ from ..const import (
    ATTR_INGRESS_PANEL,
    ATTR_INGRESS_PORT,
    ATTR_INGRESS_URL,
-    ATTR_INSTALLED,
    ATTR_IP_ADDRESS,
    ATTR_KERNEL_MODULES,
    ATTR_LOGO,
    ATTR_LONG_DESCRIPTION,
    ATTR_MACHINE,
-    ATTR_MAINTAINER,
    ATTR_MEMORY_LIMIT,
    ATTR_MEMORY_PERCENT,
    ATTR_MEMORY_USAGE,
@@ -73,12 +73,10 @@ from ..const import (
    ATTR_PROTECTED,
    ATTR_PWNED,
    ATTR_RATING,
-    ATTR_REPOSITORIES,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
-    ATTR_SOURCE,
    ATTR_STAGE,
    ATTR_STARTUP,
    ATTR_STATE,
@@ -95,22 +93,25 @@ from ..const import (
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
-    CONTENT_TYPE_BINARY,
-    CONTENT_TYPE_PNG,
-    CONTENT_TYPE_TEXT,
    REQUEST_FROM,
    AddonBoot,
-    AddonState,
 )
 from ..coresys import CoreSysAttributes
 from ..docker.stats import DockerStats
-from ..exceptions import APIError, APIForbidden, PwnedError, PwnedSecret
+from ..exceptions import (
+    APIAddonNotInstalled,
+    APIError,
+    APIForbidden,
+    PwnedError,
+    PwnedSecret,
+)
 from ..validate import docker_ports
+from .const import ATTR_SIGNED, CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate, json_loads

 _LOGGER: logging.Logger = logging.getLogger(__name__)

-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): str})

 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema(
@@ -118,8 +119,8 @@ SCHEMA_OPTIONS = vol.Schema(
        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
        vol.Optional(ATTR_NETWORK): vol.Maybe(docker_ports),
        vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
        vol.Optional(ATTR_INGRESS_PANEL): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
    }
@@ -132,7 +133,7 @@ SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
 class APIAddons(CoreSysAttributes):
    """Handle RESTful API for add-on functions."""

-    def _extract_addon(self, request: web.Request) -> AnyAddon:
+    def _extract_addon(self, request: web.Request) -> Addon:
        """Return addon, throw an exception it it doesn't exist."""
        addon_slug: str = request.match_info.get("addon")

@@ -146,17 +147,13 @@ class APIAddons(CoreSysAttributes):
        addon = self.sys_addons.get(addon_slug)
        if not addon:
            raise APIError(f"Addon {addon_slug} does not exist")
-
-        return addon
-
-    def _extract_addon_installed(self, request: web.Request) -> Addon:
-        addon = self._extract_addon(request)
        if not isinstance(addon, Addon) or not addon.is_installed:
-            raise APIError("Addon is not installed")
+            raise APIAddonNotInstalled("Addon is not installed")
+
        return addon

    @api_process
-    async def list(self, request: web.Request) -> Dict[str, Any]:
+    async def list(self, request: web.Request) -> dict[str, Any]:
        """Return all add-ons or repositories."""
        data_addons = [
            {
@@ -165,43 +162,30 @@ class APIAddons(CoreSysAttributes):
                ATTR_DESCRIPTON: addon.description,
                ATTR_ADVANCED: addon.advanced,
                ATTR_STAGE: addon.stage,
-                ATTR_VERSION: addon.version if addon.is_installed else None,
+                ATTR_VERSION: addon.version,
                ATTR_VERSION_LATEST: addon.latest_version,
-                ATTR_UPDATE_AVAILABLE: addon.need_update
-                if addon.is_installed
-                else False,
-                ATTR_INSTALLED: addon.is_installed,
+                ATTR_UPDATE_AVAILABLE: addon.need_update,
                ATTR_AVAILABLE: addon.available,
                ATTR_DETACHED: addon.is_detached,
                ATTR_HOMEASSISTANT: addon.homeassistant_version,
+                ATTR_STATE: addon.state,
                ATTR_REPOSITORY: addon.repository,
                ATTR_BUILD: addon.need_build,
                ATTR_URL: addon.url,
                ATTR_ICON: addon.with_icon,
                ATTR_LOGO: addon.with_logo,
            }
-            for addon in self.sys_addons.all
+            for addon in self.sys_addons.installed
        ]

-        data_repositories = [
-            {
-                ATTR_SLUG: repository.slug,
-                ATTR_NAME: repository.name,
-                ATTR_SOURCE: repository.source,
-                ATTR_URL: repository.url,
-                ATTR_MAINTAINER: repository.maintainer,
-            }
-            for repository in self.sys_store.all
-        ]
-        return {ATTR_ADDONS: data_addons, ATTR_REPOSITORIES: data_repositories}
+        return {ATTR_ADDONS: data_addons}

    @api_process
    async def reload(self, request: web.Request) -> None:
        """Reload all add-on data from store."""
        await asyncio.shield(self.sys_store.reload())

-    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return add-on information."""
        addon: AnyAddon = self._extract_addon(request)

@@ -214,11 +198,8 @@ class APIAddons(CoreSysAttributes):
            ATTR_LONG_DESCRIPTION: addon.long_description,
            ATTR_ADVANCED: addon.advanced,
            ATTR_STAGE: addon.stage,
-            ATTR_AUTO_UPDATE: None,
            ATTR_REPOSITORY: addon.repository,
-            ATTR_VERSION: None,
            ATTR_VERSION_LATEST: addon.latest_version,
-            ATTR_UPDATE_AVAILABLE: False,
            ATTR_PROTECTED: addon.protected,
            ATTR_RATING: rating_security(addon),
            ATTR_BOOT: addon.boot,
@@ -228,7 +209,6 @@ class APIAddons(CoreSysAttributes):
            ATTR_MACHINE: addon.supported_machine,
            ATTR_HOMEASSISTANT: addon.homeassistant_version,
            ATTR_URL: addon.url,
-            ATTR_STATE: AddonState.UNKNOWN,
            ATTR_DETACHED: addon.is_detached,
            ATTR_AVAILABLE: addon.available,
            ATTR_BUILD: addon.need_build,
@@ -237,17 +217,16 @@ class APIAddons(CoreSysAttributes):
            ATTR_HOST_NETWORK: addon.host_network,
            ATTR_HOST_PID: addon.host_pid,
            ATTR_HOST_IPC: addon.host_ipc,
+            ATTR_HOST_UTS: addon.host_uts,
            ATTR_HOST_DBUS: addon.host_dbus,
            ATTR_PRIVILEGED: addon.privileged,
            ATTR_FULL_ACCESS: addon.with_full_access,
            ATTR_APPARMOR: addon.apparmor,
-            ATTR_DEVICES: addon.static_devices,
            ATTR_ICON: addon.with_icon,
            ATTR_LOGO: addon.with_logo,
            ATTR_CHANGELOG: addon.with_changelog,
            ATTR_DOCUMENTATION: addon.with_documentation,
            ATTR_STDIN: addon.with_stdin,
-            ATTR_WEBUI: None,
            ATTR_HASSIO_API: addon.access_hassio_api,
            ATTR_HASSIO_ROLE: addon.hassio_role,
            ATTR_AUTH_API: addon.access_auth_api,
@@ -261,55 +240,42 @@ class APIAddons(CoreSysAttributes):
            ATTR_DOCKER_API: addon.access_docker_api,
            ATTR_VIDEO: addon.with_video,
            ATTR_AUDIO: addon.with_audio,
-            ATTR_AUDIO_INPUT: None,
-            ATTR_AUDIO_OUTPUT: None,
            ATTR_STARTUP: addon.startup,
            ATTR_SERVICES: _pretty_services(addon),
            ATTR_DISCOVERY: addon.discovery,
-            ATTR_IP_ADDRESS: None,
            ATTR_TRANSLATIONS: addon.translations,
            ATTR_INGRESS: addon.with_ingress,
-            ATTR_INGRESS_ENTRY: None,
-            ATTR_INGRESS_URL: None,
-            ATTR_INGRESS_PORT: None,
-            ATTR_INGRESS_PANEL: None,
-            ATTR_WATCHDOG: None,
+            ATTR_SIGNED: addon.signed,
+            ATTR_STATE: addon.state,
+            ATTR_WEBUI: addon.webui,
+            ATTR_INGRESS_ENTRY: addon.ingress_entry,
+            ATTR_INGRESS_URL: addon.ingress_url,
+            ATTR_INGRESS_PORT: addon.ingress_port,
+            ATTR_INGRESS_PANEL: addon.ingress_panel,
+            ATTR_AUDIO_INPUT: addon.audio_input,
+            ATTR_AUDIO_OUTPUT: addon.audio_output,
+            ATTR_AUTO_UPDATE: addon.auto_update,
+            ATTR_IP_ADDRESS: str(addon.ip_address),
+            ATTR_VERSION: addon.version,
+            ATTR_UPDATE_AVAILABLE: addon.need_update,
+            ATTR_WATCHDOG: addon.watchdog,
+            ATTR_DEVICES: addon.static_devices
+            + [device.path for device in addon.devices],
        }

-        if isinstance(addon, Addon) and addon.is_installed:
-            data.update(
-                {
-                    ATTR_STATE: addon.state,
-                    ATTR_WEBUI: addon.webui,
-                    ATTR_INGRESS_ENTRY: addon.ingress_entry,
-                    ATTR_INGRESS_URL: addon.ingress_url,
-                    ATTR_INGRESS_PORT: addon.ingress_port,
-                    ATTR_INGRESS_PANEL: addon.ingress_panel,
-                    ATTR_AUDIO_INPUT: addon.audio_input,
-                    ATTR_AUDIO_OUTPUT: addon.audio_output,
-                    ATTR_AUTO_UPDATE: addon.auto_update,
-                    ATTR_IP_ADDRESS: str(addon.ip_address),
-                    ATTR_VERSION: addon.version,
-                    ATTR_UPDATE_AVAILABLE: addon.need_update,
-                    ATTR_WATCHDOG: addon.watchdog,
-                    ATTR_DEVICES: addon.static_devices
-                    + [device.path for device in addon.devices],
-                }
-            )
-
        return data

    @api_process
    async def options(self, request: web.Request) -> None:
        """Store user options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)

        # Update secrets for validation
        await self.sys_homeassistant.secrets.reload()

        # Extend schema with add-on specific validation
        addon_schema = SCHEMA_OPTIONS.extend(
-            {vol.Optional(ATTR_OPTIONS): vol.Any(None, addon.schema)}
+            {vol.Optional(ATTR_OPTIONS): vol.Maybe(addon.schema)}
        )

        # Validate/Process Body
@@ -337,7 +303,7 @@ class APIAddons(CoreSysAttributes):
    @api_process
    async def options_validate(self, request: web.Request) -> None:
        """Validate user options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        data = {ATTR_MESSAGE: "", ATTR_VALID: True, ATTR_PWNED: False}

        options = await request.json(loads=json_loads) or addon.options
@@ -379,8 +345,10 @@ class APIAddons(CoreSysAttributes):
        slug: str = request.match_info.get("addon")
        if slug != "self":
            raise APIForbidden("This can be only read by the Add-on itself!")
+        addon = self._extract_addon(request)

-        addon = self._extract_addon_installed(request)
+        # Lookup/reload secrets
+        await self.sys_homeassistant.secrets.reload()
        try:
            return addon.schema.validate(addon.options)
        except vol.Invalid:
@@ -389,8 +357,8 @@ class APIAddons(CoreSysAttributes):
    @api_process
    async def security(self, request: web.Request) -> None:
        """Store security options for add-on."""
-        addon = self._extract_addon_installed(request)
-        body: Dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
+        addon = self._extract_addon(request)
+        body: dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)

        if ATTR_PROTECTED in body:
            _LOGGER.warning("Changing protected flag for %s!", addon.slug)
@@ -399,9 +367,9 @@ class APIAddons(CoreSysAttributes):
        addon.save_persist()

    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)

        stats: DockerStats = await addon.stats()

@@ -419,83 +387,43 @@ class APIAddons(CoreSysAttributes):
    @api_process
    def uninstall(self, request: web.Request) -> Awaitable[None]:
        """Uninstall add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return asyncio.shield(addon.uninstall())

    @api_process
    def start(self, request: web.Request) -> Awaitable[None]:
        """Start add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return asyncio.shield(addon.start())

    @api_process
    def stop(self, request: web.Request) -> Awaitable[None]:
        """Stop add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return asyncio.shield(addon.stop())

    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart add-on."""
-        addon: Addon = self._extract_addon_installed(request)
+        addon: Addon = self._extract_addon(request)
        return asyncio.shield(addon.restart())

    @api_process
    def rebuild(self, request: web.Request) -> Awaitable[None]:
        """Rebuild local build add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return asyncio.shield(addon.rebuild())

    @api_process_raw(CONTENT_TYPE_BINARY)
    def logs(self, request: web.Request) -> Awaitable[bytes]:
        """Return logs from add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return addon.logs()

-    @api_process_raw(CONTENT_TYPE_PNG)
-    async def icon(self, request: web.Request) -> bytes:
-        """Return icon from add-on."""
-        addon = self._extract_addon(request)
-        if not addon.with_icon:
-            raise APIError(f"No icon found for add-on {addon.slug}!")
-
-        with addon.path_icon.open("rb") as png:
-            return png.read()
-
-    @api_process_raw(CONTENT_TYPE_PNG)
-    async def logo(self, request: web.Request) -> bytes:
-        """Return logo from add-on."""
-        addon = self._extract_addon(request)
-        if not addon.with_logo:
-            raise APIError(f"No logo found for add-on {addon.slug}!")
-
-        with addon.path_logo.open("rb") as png:
-            return png.read()
-
-    @api_process_raw(CONTENT_TYPE_TEXT)
-    async def changelog(self, request: web.Request) -> str:
-        """Return changelog from add-on."""
-        addon = self._extract_addon(request)
-        if not addon.with_changelog:
-            raise APIError(f"No changelog found for add-on {addon.slug}!")
-
-        with addon.path_changelog.open("r") as changelog:
-            return changelog.read()
-
-    @api_process_raw(CONTENT_TYPE_TEXT)
-    async def documentation(self, request: web.Request) -> str:
-        """Return documentation from add-on."""
-        addon = self._extract_addon(request)
-        if not addon.with_documentation:
-            raise APIError(f"No documentation found for add-on {addon.slug}!")
-
-        with addon.path_documentation.open("r") as documentation:
-            return documentation.read()
-
    @api_process
    async def stdin(self, request: web.Request) -> None:
        """Write to stdin of add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        if not addon.with_stdin:
            raise APIError(f"STDIN not supported the {addon.slug} add-on")

@@ -503,6 +431,6 @@ class APIAddons(CoreSysAttributes):
        await asyncio.shield(addon.write_stdin(data))


-def _pretty_services(addon: AnyAddon) -> List[str]:
+def _pretty_services(addon: Addon) -> list[str]:
    """Return a simplified services role list."""
    return [f"{name}:{access}" for name, access in addon.services_role.items()]
--- a/supervisor/api/audio.py
+++ b/supervisor/api/audio.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Audio RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any

 from aiohttp import web
 import attr
@@ -29,12 +30,12 @@ from ..const import (
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_VOLUME,
-    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..host.sound import StreamType
 from ..validate import version_tag
+from .const import CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -56,10 +57,10 @@ SCHEMA_MUTE = vol.Schema(
    }
 )

-SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): vol.Coerce(str)})
+SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): str})

 SCHEMA_PROFILE = vol.Schema(
-    {vol.Required(ATTR_CARD): vol.Coerce(str), vol.Required(ATTR_NAME): vol.Coerce(str)}
+    {vol.Required(ATTR_CARD): str, vol.Required(ATTR_NAME): str}
 )


@@ -67,7 +68,7 @@ class APIAudio(CoreSysAttributes):
    """Handle RESTful API for Audio functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return Audio information."""
        return {
            ATTR_VERSION: self.sys_plugins.audio.version,
@@ -89,7 +90,7 @@ class APIAudio(CoreSysAttributes):
        }

    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.audio.stats()

--- a/supervisor/api/auth.py
+++ b/supervisor/api/auth.py
@@ -1,7 +1,6 @@
 """Init file for Supervisor auth/SSO RESTful API."""
 import asyncio
 import logging
-from typing import Dict

 from aiohttp import BasicAuth, web
 from aiohttp.hdrs import AUTHORIZATION, CONTENT_TYPE, WWW_AUTHENTICATE
@@ -9,27 +8,22 @@ from aiohttp.web_exceptions import HTTPUnauthorized
 import voluptuous as vol

 from ..addons.addon import Addon
-from ..const import (
-    ATTR_PASSWORD,
-    ATTR_USERNAME,
-    CONTENT_TYPE_JSON,
-    CONTENT_TYPE_URL,
-    REQUEST_FROM,
-)
+from ..const import ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIForbidden
+from .const import CONTENT_TYPE_JSON, CONTENT_TYPE_URL
 from .utils import api_process, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)

 SCHEMA_PASSWORD_RESET = vol.Schema(
    {
-        vol.Required(ATTR_USERNAME): vol.Coerce(str),
-        vol.Required(ATTR_PASSWORD): vol.Coerce(str),
+        vol.Required(ATTR_USERNAME): str,
+        vol.Required(ATTR_PASSWORD): str,
    }
 )

-REALM_HEADER: Dict[str, str] = {
+REALM_HEADER: dict[str, str] = {
    WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'
 }

@@ -46,7 +40,7 @@ class APIAuth(CoreSysAttributes):
        return self.sys_auth.check_login(addon, auth.login, auth.password)

    def _process_dict(
-        self, request: web.Request, addon: Addon, data: Dict[str, str]
+        self, request: web.Request, addon: Addon, data: dict[str, str]
    ) -> bool:
        """Process login with dict data.

@@ -86,7 +80,7 @@ class APIAuth(CoreSysAttributes):
    @api_process
    async def reset(self, request: web.Request) -> None:
        """Process reset password request."""
-        body: Dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
+        body: dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
        await asyncio.shield(
            self.sys_auth.change_password(body[ATTR_USERNAME], body[ATTR_PASSWORD])
        )
--- a/supervisor/api/backups.py
+++ b/supervisor/api/backups.py
@@ -4,66 +4,82 @@ import logging
 from pathlib import Path
 import re
 from tempfile import TemporaryDirectory
+from typing import Any

 from aiohttp import web
 from aiohttp.hdrs import CONTENT_DISPOSITION
 import voluptuous as vol

-from ..backups.validate import ALL_FOLDERS
+from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT, days_until_stale
 from ..const import (
    ATTR_ADDONS,
    ATTR_BACKUPS,
+    ATTR_COMPRESSED,
    ATTR_CONTENT,
    ATTR_DATE,
+    ATTR_DAYS_UNTIL_STALE,
    ATTR_FOLDERS,
    ATTR_HOMEASSISTANT,
+    ATTR_LOCATON,
    ATTR_NAME,
    ATTR_PASSWORD,
    ATTR_PROTECTED,
    ATTR_REPOSITORIES,
    ATTR_SIZE,
    ATTR_SLUG,
+    ATTR_SUPERVISOR_VERSION,
    ATTR_TYPE,
    ATTR_VERSION,
-    CONTENT_TYPE_TAR,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
+from ..mounts.const import MountUsage
+from .const import CONTENT_TYPE_TAR
 from .utils import api_process, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)

 RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")

+# Backwards compatible
+# Remove: 2022.08
+_ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
+
 # pylint: disable=no-value-for-parameter
 SCHEMA_RESTORE_PARTIAL = vol.Schema(
    {
-        vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
+        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
-        vol.Optional(ATTR_ADDONS): vol.All([vol.Coerce(str)], vol.Unique()),
-        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(ALL_FOLDERS)], vol.Unique()),
+        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
+        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
    }
 )

-SCHEMA_RESTORE_FULL = vol.Schema(
-    {vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str))}
-)
+SCHEMA_RESTORE_FULL = vol.Schema({vol.Optional(ATTR_PASSWORD): vol.Maybe(str)})

 SCHEMA_BACKUP_FULL = vol.Schema(
    {
-        vol.Optional(ATTR_NAME): vol.Coerce(str),
-        vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
+        vol.Optional(ATTR_NAME): str,
+        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
+        vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
+        vol.Optional(ATTR_LOCATON): vol.Maybe(str),
    }
 )

 SCHEMA_BACKUP_PARTIAL = SCHEMA_BACKUP_FULL.extend(
    {
-        vol.Optional(ATTR_ADDONS): vol.All([vol.Coerce(str)], vol.Unique()),
-        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(ALL_FOLDERS)], vol.Unique()),
+        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
+        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
    }
 )

+SCHEMA_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_DAYS_UNTIL_STALE): days_until_stale,
+    }
+)
+

 class APIBackups(CoreSysAttributes):
    """Handle RESTful API for backups functions."""
@@ -75,25 +91,30 @@ class APIBackups(CoreSysAttributes):
            raise APIError("Backup does not exist")
        return backup

+    def _list_backups(self):
+        """Return list of backups."""
+        return [
+            {
+                ATTR_SLUG: backup.slug,
+                ATTR_NAME: backup.name,
+                ATTR_DATE: backup.date,
+                ATTR_TYPE: backup.sys_type,
+                ATTR_SIZE: backup.size,
+                ATTR_PROTECTED: backup.protected,
+                ATTR_COMPRESSED: backup.compressed,
+                ATTR_CONTENT: {
+                    ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
+                    ATTR_ADDONS: backup.addon_list,
+                    ATTR_FOLDERS: backup.folders,
+                },
+            }
+            for backup in self.sys_backups.list_backups
+        ]
+
    @api_process
    async def list(self, request):
        """Return backup list."""
-        data_backups = []
-        for backup in self.sys_backups.list_backups:
-            data_backups.append(
-                {
-                    ATTR_SLUG: backup.slug,
-                    ATTR_NAME: backup.name,
-                    ATTR_DATE: backup.date,
-                    ATTR_TYPE: backup.sys_type,
-                    ATTR_PROTECTED: backup.protected,
-                    ATTR_CONTENT: {
-                        ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
-                        ATTR_ADDONS: backup.addon_list,
-                        ATTR_FOLDERS: backup.folders,
-                    },
-                }
-            )
+        data_backups = self._list_backups()

        if request.path == "/snapshots":
            # Kept for backwards compability
@@ -101,6 +122,24 @@ class APIBackups(CoreSysAttributes):

        return {ATTR_BACKUPS: data_backups}

+    @api_process
+    async def info(self, request):
+        """Return backup list and manager info."""
+        return {
+            ATTR_BACKUPS: self._list_backups(),
+            ATTR_DAYS_UNTIL_STALE: self.sys_backups.days_until_stale,
+        }
+
+    @api_process
+    async def options(self, request):
+        """Set backup manager options."""
+        body = await api_validate(SCHEMA_OPTIONS, request)
+
+        if ATTR_DAYS_UNTIL_STALE in body:
+            self.sys_backups.days_until_stale = body[ATTR_DAYS_UNTIL_STALE]
+
+        self.sys_backups.save_data()
+
    @api_process
    async def reload(self, request):
        """Reload backup list."""
@@ -108,7 +147,7 @@ class APIBackups(CoreSysAttributes):
        return True

    @api_process
-    async def info(self, request):
+    async def backup_info(self, request):
        """Return backup info."""
        backup = self._extract_slug(request)

@@ -129,18 +168,36 @@ class APIBackups(CoreSysAttributes):
            ATTR_NAME: backup.name,
            ATTR_DATE: backup.date,
            ATTR_SIZE: backup.size,
+            ATTR_COMPRESSED: backup.compressed,
            ATTR_PROTECTED: backup.protected,
+            ATTR_SUPERVISOR_VERSION: backup.supervisor_version,
            ATTR_HOMEASSISTANT: backup.homeassistant_version,
            ATTR_ADDONS: data_addons,
            ATTR_REPOSITORIES: backup.repositories,
            ATTR_FOLDERS: backup.folders,
        }

+    def _location_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
+        """Change location field to mount if necessary."""
+        if not body.get(ATTR_LOCATON):
+            return body
+
+        body[ATTR_LOCATON] = self.sys_mounts.get(body[ATTR_LOCATON])
+        if body[ATTR_LOCATON].usage != MountUsage.BACKUP:
+            raise APIError(
+                f"Mount {body[ATTR_LOCATON].name} is not used for backups, cannot backup to there"
+            )
+
+        return body
+
    @api_process
    async def backup_full(self, request):
        """Create full backup."""
        body = await api_validate(SCHEMA_BACKUP_FULL, request)
-        backup = await asyncio.shield(self.sys_backups.do_backup_full(**body))
+
+        backup = await asyncio.shield(
+            self.sys_backups.do_backup_full(**self._location_to_mount(body))
+        )

        if backup:
            return {ATTR_SLUG: backup.slug}
@@ -150,7 +207,9 @@ class APIBackups(CoreSysAttributes):
    async def backup_partial(self, request):
        """Create a partial backup."""
        body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
-        backup = await asyncio.shield(self.sys_backups.do_backup_partial(**body))
+        backup = await asyncio.shield(
+            self.sys_backups.do_backup_partial(**self._location_to_mount(body))
+        )

        if backup:
            return {ATTR_SLUG: backup.slug}
--- a/supervisor/api/cli.py
+++ b/supervisor/api/cli.py
@@ -1,7 +1,7 @@
 """Init file for Supervisor HA cli RESTful API."""
 import asyncio
 import logging
-from typing import Any, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -32,7 +32,7 @@ class APICli(CoreSysAttributes):
    """Handle RESTful API for HA Cli functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return HA cli information."""
        return {
            ATTR_VERSION: self.sys_plugins.cli.version,
@@ -41,7 +41,7 @@ class APICli(CoreSysAttributes):
        }

    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.cli.stats()

--- a/supervisor/api/const.py
+++ b/supervisor/api/const.py
@@ -1,6 +1,55 @@
 """Const for API."""

-ATTR_USE_RTC = "use_rtc"
-ATTR_USE_NTP = "use_ntp"
-ATTR_DT_UTC = "dt_utc"
+CONTENT_TYPE_BINARY = "application/octet-stream"
+CONTENT_TYPE_JSON = "application/json"
+CONTENT_TYPE_PNG = "image/png"
+CONTENT_TYPE_TAR = "application/tar"
+CONTENT_TYPE_TEXT = "text/plain"
+CONTENT_TYPE_URL = "application/x-www-form-urlencoded"
+
+COOKIE_INGRESS = "ingress_session"
+
+ATTR_AGENT_VERSION = "agent_version"
+ATTR_APPARMOR_VERSION = "apparmor_version"
+ATTR_ATTRIBUTES = "attributes"
+ATTR_AVAILABLE_UPDATES = "available_updates"
+ATTR_BOOT_TIMESTAMP = "boot_timestamp"
+ATTR_BOOTS = "boots"
+ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
+ATTR_BROADCAST_MDNS = "broadcast_mdns"
+ATTR_BY_ID = "by_id"
+ATTR_CHILDREN = "children"
+ATTR_CONNECTION_BUS = "connection_bus"
+ATTR_DATA_DISK = "data_disk"
+ATTR_DEVICE = "device"
+ATTR_DEV_PATH = "dev_path"
+ATTR_DISK_LED = "disk_led"
+ATTR_DISKS = "disks"
+ATTR_DRIVES = "drives"
 ATTR_DT_SYNCHRONIZED = "dt_synchronized"
+ATTR_DT_UTC = "dt_utc"
+ATTR_EJECTABLE = "ejectable"
+ATTR_FALLBACK = "fallback"
+ATTR_FILESYSTEMS = "filesystems"
+ATTR_HEARTBEAT_LED = "heartbeat_led"
+ATTR_IDENTIFIERS = "identifiers"
+ATTR_LLMNR = "llmnr"
+ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
+ATTR_MDNS = "mdns"
+ATTR_MODEL = "model"
+ATTR_MOUNTS = "mounts"
+ATTR_MOUNT_POINTS = "mount_points"
+ATTR_PANEL_PATH = "panel_path"
+ATTR_POWER_LED = "power_led"
+ATTR_REMOVABLE = "removable"
+ATTR_REVISION = "revision"
+ATTR_SEAT = "seat"
+ATTR_SIGNED = "signed"
+ATTR_STARTUP_TIME = "startup_time"
+ATTR_SUBSYSTEM = "subsystem"
+ATTR_SYSFS = "sysfs"
+ATTR_TIME_DETECTED = "time_detected"
+ATTR_UPDATE_TYPE = "update_type"
+ATTR_USE_NTP = "use_ntp"
+ATTR_USAGE = "usage"
+ATTR_VENDOR = "vendor"
--- a/supervisor/api/dns.py
+++ b/supervisor/api/dns.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor DNS RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -21,17 +22,22 @@ from ..const import (
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
-    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import dns_server_list, version_tag
+from .const import ATTR_FALLBACK, ATTR_LLMNR, ATTR_MDNS, CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)

 # pylint: disable=no-value-for-parameter
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_SERVERS): dns_server_list})
+SCHEMA_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_SERVERS): dns_server_list,
+        vol.Optional(ATTR_FALLBACK): vol.Boolean(),
+    }
+)

 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})

@@ -40,7 +46,7 @@ class APICoreDNS(CoreSysAttributes):
    """Handle RESTful API for DNS functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return DNS information."""
        return {
            ATTR_VERSION: self.sys_plugins.dns.version,
@@ -49,21 +55,32 @@ class APICoreDNS(CoreSysAttributes):
            ATTR_HOST: str(self.sys_docker.network.dns),
            ATTR_SERVERS: self.sys_plugins.dns.servers,
            ATTR_LOCALS: self.sys_plugins.dns.locals,
+            ATTR_MDNS: self.sys_plugins.dns.mdns,
+            ATTR_LLMNR: self.sys_plugins.dns.llmnr,
+            ATTR_FALLBACK: self.sys_plugins.dns.fallback,
        }

    @api_process
    async def options(self, request: web.Request) -> None:
        """Set DNS options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
+        restart_required = False

        if ATTR_SERVERS in body:
            self.sys_plugins.dns.servers = body[ATTR_SERVERS]
+            restart_required = True
+
+        if ATTR_FALLBACK in body:
+            self.sys_plugins.dns.fallback = body[ATTR_FALLBACK]
+            restart_required = True
+
+        if restart_required:
            self.sys_create_task(self.sys_plugins.dns.restart())

        self.sys_plugins.dns.save_data()

    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.dns.stats()

--- a/supervisor/api/docker.py
+++ b/supervisor/api/docker.py
@@ -1,6 +1,6 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import logging
-from typing import Any, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -21,7 +21,7 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)

 SCHEMA_DOCKER_REGISTRY = vol.Schema(
    {
-        vol.Coerce(str): {
+        str: {
            vol.Required(ATTR_USERNAME): str,
            vol.Required(ATTR_PASSWORD): str,
        }
@@ -33,7 +33,7 @@ class APIDocker(CoreSysAttributes):
    """Handle RESTful API for Docker configuration."""

    @api_process
-    async def registries(self, request) -> Dict[str, Any]:
+    async def registries(self, request) -> dict[str, Any]:
        """Return the list of registries."""
        data_registries = {}
        for hostname, registry in self.sys_docker.config.registries.items():
--- a/supervisor/api/hardware.py
+++ b/supervisor/api/hardware.py
@@ -1,26 +1,52 @@
 """Init file for Supervisor hardware RESTful API."""
 import logging
-from typing import Any, Dict
+from typing import Any

 from aiohttp import web

-from ..const import ATTR_AUDIO, ATTR_DEVICES, ATTR_INPUT, ATTR_NAME, ATTR_OUTPUT
+from ..const import (
+    ATTR_AUDIO,
+    ATTR_DEVICES,
+    ATTR_ID,
+    ATTR_INPUT,
+    ATTR_NAME,
+    ATTR_OUTPUT,
+    ATTR_SERIAL,
+    ATTR_SIZE,
+    ATTR_SYSTEM,
+)
 from ..coresys import CoreSysAttributes
-from ..hardware.const import (
+from ..dbus.udisks2 import UDisks2
+from ..dbus.udisks2.block import UDisks2Block
+from ..dbus.udisks2.drive import UDisks2Drive
+from ..hardware.data import Device
+from .const import (
    ATTR_ATTRIBUTES,
    ATTR_BY_ID,
+    ATTR_CHILDREN,
+    ATTR_CONNECTION_BUS,
    ATTR_DEV_PATH,
+    ATTR_DEVICE,
+    ATTR_DRIVES,
+    ATTR_EJECTABLE,
+    ATTR_FILESYSTEMS,
+    ATTR_MODEL,
+    ATTR_MOUNT_POINTS,
+    ATTR_REMOVABLE,
+    ATTR_REVISION,
+    ATTR_SEAT,
    ATTR_SUBSYSTEM,
    ATTR_SYSFS,
+    ATTR_TIME_DETECTED,
+    ATTR_VENDOR,
 )
-from ..hardware.data import Device
 from .utils import api_process

 _LOGGER: logging.Logger = logging.getLogger(__name__)


-def device_struct(device: Device) -> Dict[str, Any]:
-    """Return a dict with information of a interface to be used in th API."""
+def device_struct(device: Device) -> dict[str, Any]:
+    """Return a dict with information of a interface to be used in the API."""
    return {
        ATTR_NAME: device.name,
        ATTR_SYSFS: device.sysfs,
@@ -28,6 +54,43 @@ def device_struct(device: Device) -> Dict[str, Any]:
        ATTR_SUBSYSTEM: device.subsystem,
        ATTR_BY_ID: device.by_id,
        ATTR_ATTRIBUTES: device.attributes,
+        ATTR_CHILDREN: device.children,
+    }
+
+
+def filesystem_struct(fs_block: UDisks2Block) -> dict[str, Any]:
+    """Return a dict with information of a filesystem block device to be used in the API."""
+    return {
+        ATTR_DEVICE: str(fs_block.device),
+        ATTR_ID: fs_block.id,
+        ATTR_SIZE: fs_block.size,
+        ATTR_NAME: fs_block.id_label,
+        ATTR_SYSTEM: fs_block.hint_system,
+        ATTR_MOUNT_POINTS: [
+            str(mount_point) for mount_point in fs_block.filesystem.mount_points
+        ],
+    }
+
+
+def drive_struct(udisks2: UDisks2, drive: UDisks2Drive) -> dict[str, Any]:
+    """Return a dict with information of a disk to be used in the API."""
+    return {
+        ATTR_VENDOR: drive.vendor,
+        ATTR_MODEL: drive.model,
+        ATTR_REVISION: drive.revision,
+        ATTR_SERIAL: drive.serial,
+        ATTR_ID: drive.id,
+        ATTR_SIZE: drive.size,
+        ATTR_TIME_DETECTED: drive.time_detected.isoformat(),
+        ATTR_CONNECTION_BUS: drive.connection_bus,
+        ATTR_SEAT: drive.seat,
+        ATTR_REMOVABLE: drive.removable,
+        ATTR_EJECTABLE: drive.ejectable,
+        ATTR_FILESYSTEMS: [
+            filesystem_struct(block)
+            for block in udisks2.block_devices
+            if block.filesystem and block.drive == drive.object_path
+        ],
    }


@@ -35,16 +98,20 @@ class APIHardware(CoreSysAttributes):
    """Handle RESTful API for hardware functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Show hardware info."""
        return {
            ATTR_DEVICES: [
                device_struct(device) for device in self.sys_hardware.devices
-            ]
+            ],
+            ATTR_DRIVES: [
+                drive_struct(self.sys_dbus.udisks2, drive)
+                for drive in self.sys_dbus.udisks2.drives
+            ],
        }

    @api_process
-    async def audio(self, request: web.Request) -> Dict[str, Any]:
+    async def audio(self, request: web.Request) -> dict[str, Any]:
        """Show pulse audio profiles."""
        return {
            ATTR_AUDIO: {
--- a/supervisor/api/homeassistant.py
+++ b/supervisor/api/homeassistant.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -10,6 +11,7 @@ from ..const import (
    ATTR_ARCH,
    ATTR_AUDIO_INPUT,
    ATTR_AUDIO_OUTPUT,
+    ATTR_BACKUP,
    ATTR_BLK_READ,
    ATTR_BLK_WRITE,
    ATTR_BOOT,
@@ -28,13 +30,12 @@ from ..const import (
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
-    ATTR_WAIT_BOOT,
    ATTR_WATCHDOG,
-    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import docker_image, network_port, version_tag
+from .const import CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -43,25 +44,29 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_BOOT): vol.Boolean(),
-        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_IMAGE): vol.Maybe(docker_image),
        vol.Optional(ATTR_PORT): network_port,
        vol.Optional(ATTR_SSL): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
-        vol.Optional(ATTR_WAIT_BOOT): vol.All(vol.Coerce(int), vol.Range(min=60)),
-        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
    }
 )

-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+SCHEMA_UPDATE = vol.Schema(
+    {
+        vol.Optional(ATTR_VERSION): version_tag,
+        vol.Optional(ATTR_BACKUP): bool,
+    }
+)


 class APIHomeAssistant(CoreSysAttributes):
    """Handle RESTful API for Home Assistant functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return host information."""
        return {
            ATTR_VERSION: self.sys_homeassistant.version,
@@ -75,11 +80,8 @@ class APIHomeAssistant(CoreSysAttributes):
            ATTR_PORT: self.sys_homeassistant.api_port,
            ATTR_SSL: self.sys_homeassistant.api_ssl,
            ATTR_WATCHDOG: self.sys_homeassistant.watchdog,
-            ATTR_WAIT_BOOT: self.sys_homeassistant.wait_boot,
            ATTR_AUDIO_INPUT: self.sys_homeassistant.audio_input,
            ATTR_AUDIO_OUTPUT: self.sys_homeassistant.audio_output,
-            # Remove end of Q3 2020
-            "last_version": self.sys_homeassistant.latest_version,
        }

    @api_process
@@ -102,9 +104,6 @@ class APIHomeAssistant(CoreSysAttributes):
        if ATTR_WATCHDOG in body:
            self.sys_homeassistant.watchdog = body[ATTR_WATCHDOG]

-        if ATTR_WAIT_BOOT in body:
-            self.sys_homeassistant.wait_boot = body[ATTR_WAIT_BOOT]
-
        if ATTR_REFRESH_TOKEN in body:
            self.sys_homeassistant.refresh_token = body[ATTR_REFRESH_TOKEN]

@@ -117,7 +116,7 @@ class APIHomeAssistant(CoreSysAttributes):
        self.sys_homeassistant.save_data()

    @api_process
-    async def stats(self, request: web.Request) -> Dict[Any, str]:
+    async def stats(self, request: web.Request) -> dict[Any, str]:
        """Return resource information."""
        stats = await self.sys_homeassistant.core.stats()
        if not stats:
@@ -137,10 +136,14 @@ class APIHomeAssistant(CoreSysAttributes):
    @api_process
    async def update(self, request: web.Request) -> None:
        """Update Home Assistant."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.sys_homeassistant.latest_version)
+        body = await api_validate(SCHEMA_UPDATE, request)

-        await asyncio.shield(self.sys_homeassistant.core.update(version))
+        await asyncio.shield(
+            self.sys_homeassistant.core.update(
+                version=body.get(ATTR_VERSION, self.sys_homeassistant.latest_version),
+                backup=body.get(ATTR_BACKUP),
+            )
+        )

    @api_process
    def stop(self, request: web.Request) -> Awaitable[None]:
--- a/supervisor/api/host.py
+++ b/supervisor/api/host.py
@@ -1,9 +1,12 @@
 """Init file for Supervisor host RESTful API."""
 import asyncio
-from typing import Awaitable
+from contextlib import suppress
+import logging

 from aiohttp import web
+from aiohttp.hdrs import ACCEPT, RANGE
 import voluptuous as vol
+from voluptuous.error import CoerceInvalid

 from ..const import (
    ATTR_CHASSIS,
@@ -22,15 +25,34 @@ from ..const import (
    ATTR_SERVICES,
    ATTR_STATE,
    ATTR_TIMEZONE,
-    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
-from .const import ATTR_DT_SYNCHRONIZED, ATTR_DT_UTC, ATTR_USE_NTP, ATTR_USE_RTC
-from .utils import api_process, api_process_raw, api_validate
+from ..exceptions import APIError, HostLogError
+from ..host.const import PARAM_BOOT_ID, PARAM_FOLLOW, PARAM_SYSLOG_IDENTIFIER
+from .const import (
+    ATTR_AGENT_VERSION,
+    ATTR_APPARMOR_VERSION,
+    ATTR_BOOT_TIMESTAMP,
+    ATTR_BOOTS,
+    ATTR_BROADCAST_LLMNR,
+    ATTR_BROADCAST_MDNS,
+    ATTR_DT_SYNCHRONIZED,
+    ATTR_DT_UTC,
+    ATTR_IDENTIFIERS,
+    ATTR_LLMNR_HOSTNAME,
+    ATTR_STARTUP_TIME,
+    ATTR_USE_NTP,
+    CONTENT_TYPE_TEXT,
+)
+from .utils import api_process, api_validate

-SERVICE = "service"
+_LOGGER: logging.Logger = logging.getLogger(__name__)

-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): vol.Coerce(str)})
+IDENTIFIER = "identifier"
+BOOTID = "bootid"
+DEFAULT_RANGE = 100
+
+SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): str})


 class APIHost(CoreSysAttributes):
@@ -40,6 +62,8 @@ class APIHost(CoreSysAttributes):
    async def info(self, request):
        """Return host information."""
        return {
+            ATTR_AGENT_VERSION: self.sys_dbus.agent.version,
+            ATTR_APPARMOR_VERSION: self.sys_host.apparmor.version,
            ATTR_CHASSIS: self.sys_host.info.chassis,
            ATTR_CPE: self.sys_host.info.cpe,
            ATTR_DEPLOYMENT: self.sys_host.info.deployment,
@@ -49,13 +73,17 @@ class APIHost(CoreSysAttributes):
            ATTR_DISK_LIFE_TIME: self.sys_host.info.disk_life_time,
            ATTR_FEATURES: self.sys_host.features,
            ATTR_HOSTNAME: self.sys_host.info.hostname,
+            ATTR_LLMNR_HOSTNAME: self.sys_host.info.llmnr_hostname,
            ATTR_KERNEL: self.sys_host.info.kernel,
            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
            ATTR_TIMEZONE: self.sys_host.info.timezone,
            ATTR_DT_UTC: self.sys_host.info.dt_utc,
            ATTR_DT_SYNCHRONIZED: self.sys_host.info.dt_synchronized,
            ATTR_USE_NTP: self.sys_host.info.use_ntp,
-            ATTR_USE_RTC: self.sys_host.info.use_rtc,
+            ATTR_STARTUP_TIME: self.sys_host.info.startup_time,
+            ATTR_BOOT_TIMESTAMP: self.sys_host.info.boot_timestamp,
+            ATTR_BROADCAST_LLMNR: self.sys_host.info.broadcast_llmnr,
+            ATTR_BROADCAST_MDNS: self.sys_host.info.broadcast_mdns,
        }

    @api_process
@@ -82,11 +110,7 @@ class APIHost(CoreSysAttributes):
    @api_process
    def reload(self, request):
        """Reload host data."""
-        return asyncio.shield(
-            asyncio.wait(
-                [self.sys_host.reload(), self.sys_resolution.evaluate.evaluate_system()]
-            )
-        )
+        return asyncio.shield(self.sys_host.reload())

    @api_process
    async def services(self, request):
@@ -104,30 +128,75 @@ class APIHost(CoreSysAttributes):
        return {ATTR_SERVICES: services}

    @api_process
-    def service_start(self, request):
-        """Start a service."""
-        unit = request.match_info.get(SERVICE)
-        return asyncio.shield(self.sys_host.services.start(unit))
+    async def list_boots(self, _: web.Request):
+        """Return a list of boot IDs."""
+        boot_ids = await self.sys_host.logs.get_boot_ids()
+        return {
+            ATTR_BOOTS: {
+                str(1 + i - len(boot_ids)): boot_id
+                for i, boot_id in enumerate(boot_ids)
+            }
+        }

    @api_process
-    def service_stop(self, request):
-        """Stop a service."""
-        unit = request.match_info.get(SERVICE)
-        return asyncio.shield(self.sys_host.services.stop(unit))
+    async def list_identifiers(self, _: web.Request):
+        """Return a list of syslog identifiers."""
+        return {ATTR_IDENTIFIERS: await self.sys_host.logs.get_identifiers()}
+
+    async def _get_boot_id(self, possible_offset: str) -> str:
+        """Convert offset into boot ID if required."""
+        with suppress(CoerceInvalid):
+            offset = vol.Coerce(int)(possible_offset)
+            try:
+                return await self.sys_host.logs.get_boot_id(offset)
+            except (ValueError, HostLogError) as err:
+                raise APIError() from err
+        return possible_offset

    @api_process
-    def service_reload(self, request):
-        """Reload a service."""
-        unit = request.match_info.get(SERVICE)
-        return asyncio.shield(self.sys_host.services.reload(unit))
+    async def advanced_logs(
+        self, request: web.Request, identifier: str | None = None, follow: bool = False
+    ) -> web.StreamResponse:
+        """Return systemd-journald logs."""
+        params = {}
+        if identifier:
+            params[PARAM_SYSLOG_IDENTIFIER] = identifier
+        elif IDENTIFIER in request.match_info:
+            params[PARAM_SYSLOG_IDENTIFIER] = request.match_info.get(IDENTIFIER)
+        else:
+            params[PARAM_SYSLOG_IDENTIFIER] = self.sys_host.logs.default_identifiers

-    @api_process
-    def service_restart(self, request):
-        """Restart a service."""
-        unit = request.match_info.get(SERVICE)
-        return asyncio.shield(self.sys_host.services.restart(unit))
+        if BOOTID in request.match_info:
+            params[PARAM_BOOT_ID] = await self._get_boot_id(
+                request.match_info.get(BOOTID)
+            )
+        if follow:
+            params[PARAM_FOLLOW] = ""

-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return host kernel logs."""
-        return self.sys_host.info.get_dmesg()
+        if ACCEPT in request.headers and request.headers[ACCEPT] not in [
+            CONTENT_TYPE_TEXT,
+            "*/*",
+        ]:
+            raise APIError(
+                "Invalid content type requested. Only text/plain supported for now."
+            )
+
+        if RANGE in request.headers:
+            range_header = request.headers.get(RANGE)
+        else:
+            range_header = f"entries=:-{DEFAULT_RANGE}:"
+
+        async with self.sys_host.logs.journald_logs(
+            params=params, range_header=range_header
+        ) as resp:
+            try:
+                response = web.StreamResponse()
+                response.content_type = CONTENT_TYPE_TEXT
+                await response.prepare(request)
+                async for data in resp.content:
+                    await response.write(data)
+            except ConnectionResetError as ex:
+                raise APIError(
+                    "Connection reset when trying to fetch data from systemd-journald."
+                ) from ex
+            return response
--- a/supervisor/api/info.py
+++ b/supervisor/api/info.py
@@ -1,52 +0,0 @@
-"""Init file for Supervisor info RESTful API."""
-import logging
-from typing import Any, Dict
-
-from aiohttp import web
-
-from ..const import (
-    ATTR_ARCH,
-    ATTR_CHANNEL,
-    ATTR_DOCKER,
-    ATTR_FEATURES,
-    ATTR_HASSOS,
-    ATTR_HOMEASSISTANT,
-    ATTR_HOSTNAME,
-    ATTR_LOGGING,
-    ATTR_MACHINE,
-    ATTR_OPERATING_SYSTEM,
-    ATTR_STATE,
-    ATTR_SUPERVISOR,
-    ATTR_SUPPORTED,
-    ATTR_SUPPORTED_ARCH,
-    ATTR_TIMEZONE,
-)
-from ..coresys import CoreSysAttributes
-from .utils import api_process
-
-_LOGGER: logging.Logger = logging.getLogger(__name__)
-
-
-class APIInfo(CoreSysAttributes):
-    """Handle RESTful API for info functions."""
-
-    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
-        """Show system info."""
-        return {
-            ATTR_SUPERVISOR: self.sys_supervisor.version,
-            ATTR_HOMEASSISTANT: self.sys_homeassistant.version,
-            ATTR_HASSOS: self.sys_hassos.version,
-            ATTR_DOCKER: self.sys_docker.info.version,
-            ATTR_HOSTNAME: self.sys_host.info.hostname,
-            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
-            ATTR_FEATURES: self.sys_host.features,
-            ATTR_MACHINE: self.sys_machine,
-            ATTR_ARCH: self.sys_arch.default,
-            ATTR_STATE: self.sys_core.state,
-            ATTR_SUPPORTED_ARCH: self.sys_arch.supported,
-            ATTR_SUPPORTED: self.sys_core.supported,
-            ATTR_CHANNEL: self.sys_updater.channel,
-            ATTR_LOGGING: self.sys_config.logging,
-            ATTR_TIMEZONE: self.sys_timezone,
-        }
--- a/supervisor/api/ingress.py
+++ b/supervisor/api/ingress.py
@@ -2,7 +2,7 @@
 import asyncio
 from ipaddress import ip_address
 import logging
-from typing import Any, Dict, Union
+from typing import Any

 import aiohttp
 from aiohttp import ClientTimeout, hdrs, web
@@ -22,11 +22,11 @@ from ..const import (
    ATTR_PANELS,
    ATTR_SESSION,
    ATTR_TITLE,
-    COOKIE_INGRESS,
    HEADER_TOKEN,
    HEADER_TOKEN_OLD,
 )
 from ..coresys import CoreSysAttributes
+from .const import COOKIE_INGRESS
 from .utils import api_process, api_validate, require_home_assistant

 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -54,7 +54,7 @@ class APIIngress(CoreSysAttributes):
        return f"http://{addon.ip_address}:{addon.ingress_port}/{path}"

    @api_process
-    async def panels(self, request: web.Request) -> Dict[str, Any]:
+    async def panels(self, request: web.Request) -> dict[str, Any]:
        """Create a list of panel data."""
        addons = {}
        for addon in self.sys_ingress.addons:
@@ -69,14 +69,14 @@ class APIIngress(CoreSysAttributes):

    @api_process
    @require_home_assistant
-    async def create_session(self, request: web.Request) -> Dict[str, Any]:
+    async def create_session(self, request: web.Request) -> dict[str, Any]:
        """Create a new session."""
        session = self.sys_ingress.create_session()
        return {ATTR_SESSION: session}

    @api_process
    @require_home_assistant
-    async def validate_session(self, request: web.Request) -> Dict[str, Any]:
+    async def validate_session(self, request: web.Request) -> dict[str, Any]:
        """Validate session and extending how long it's valid for."""
        data = await api_validate(VALIDATE_SESSION_DATA, request)

@@ -85,10 +85,9 @@ class APIIngress(CoreSysAttributes):
            _LOGGER.warning("No valid ingress session %s", data[ATTR_SESSION])
            raise HTTPUnauthorized()

-    @require_home_assistant
    async def handler(
        self, request: web.Request
-    ) -> Union[web.Response, web.StreamResponse, web.WebSocketResponse]:
+    ) -> web.Response | web.StreamResponse | web.WebSocketResponse:
        """Route data to Supervisor ingress service."""

        # Check Ingress Session
@@ -149,8 +148,8 @@ class APIIngress(CoreSysAttributes):
            # Proxy requests
            await asyncio.wait(
                [
-                    _websocket_forward(ws_server, ws_client),
-                    _websocket_forward(ws_client, ws_server),
+                    self.sys_create_task(_websocket_forward(ws_server, ws_client)),
+                    self.sys_create_task(_websocket_forward(ws_client, ws_server)),
                ],
                return_when=asyncio.FIRST_COMPLETED,
            )
@@ -159,7 +158,7 @@ class APIIngress(CoreSysAttributes):

    async def _handle_request(
        self, request: web.Request, addon: Addon, path: str
-    ) -> Union[web.Response, web.StreamResponse]:
+    ) -> web.Response | web.StreamResponse:
        """Ingress route for request."""
        url = self._create_url(addon, path)
        source_header = _init_header(request, addon)
@@ -182,6 +181,7 @@ class APIIngress(CoreSysAttributes):
            allow_redirects=False,
            data=data,
            timeout=ClientTimeout(total=None),
+            skip_auto_headers={hdrs.CONTENT_TYPE},
        ) as result:
            headers = _response_header(result)

@@ -218,9 +218,7 @@ class APIIngress(CoreSysAttributes):
            return response


-def _init_header(
-    request: web.Request, addon: str
-) -> Union[CIMultiDict, Dict[str, str]]:
+def _init_header(request: web.Request, addon: str) -> CIMultiDict | dict[str, str]:
    """Create initial header."""
    headers = {}

@@ -248,7 +246,7 @@ def _init_header(
    return headers


-def _response_header(response: aiohttp.ClientResponse) -> Dict[str, str]:
+def _response_header(response: aiohttp.ClientResponse) -> dict[str, str]:
    """Create response header."""
    headers = {}

--- a/supervisor/api/jobs.py
+++ b/supervisor/api/jobs.py
@@ -1,6 +1,6 @@
 """Init file for Supervisor Jobs RESTful API."""
 import logging
-from typing import Any, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -20,7 +20,7 @@ class APIJobs(CoreSysAttributes):
    """Handle RESTful API for OS functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return JobManager information."""
        return {
            ATTR_IGNORE_CONDITIONS: self.sys_jobs.ignore_conditions,
--- a/supervisor/api/middleware/security.py
+++ b/supervisor/api/middleware/security.py
@@ -1,10 +1,14 @@
 """Handle security part of this API."""
 import logging
 import re
+from typing import Final
+from urllib.parse import unquote

 from aiohttp.web import Request, RequestHandler, Response, middleware
-from aiohttp.web_exceptions import HTTPForbidden, HTTPUnauthorized
+from aiohttp.web_exceptions import HTTPBadRequest, HTTPForbidden, HTTPUnauthorized
+from awesomeversion import AwesomeVersion

+from ...addons.const import RE_SLUG
 from ...const import (
    REQUEST_FROM,
    ROLE_ADMIN,
@@ -18,11 +22,22 @@ from ...coresys import CoreSys, CoreSysAttributes
 from ..utils import api_return_error, excract_supervisor_token

 _LOGGER: logging.Logger = logging.getLogger(__name__)
+_CORE_VERSION: Final = AwesomeVersion("2023.3.4")

 # fmt: off

+_CORE_FRONTEND_PATHS: Final = (
+    r"|/app/.*\.(?:js|gz|json|map|woff2)"
+    r"|/(store/)?addons/" + RE_SLUG + r"/(logo|icon)"
+)
+
+CORE_FRONTEND: Final = re.compile(
+    r"^(?:" + _CORE_FRONTEND_PATHS + r")$"
+)
+
+
 # Block Anytime
-BLACKLIST = re.compile(
+BLACKLIST: Final = re.compile(
    r"^(?:"
    r"|/homeassistant/api/hassio/.*"
    r"|/core/api/hassio/.*"
@@ -30,25 +45,27 @@ BLACKLIST = re.compile(
 )

 # Free to call or have own security concepts
-NO_SECURITY_CHECK = re.compile(
+NO_SECURITY_CHECK: Final = re.compile(
    r"^(?:"
    r"|/homeassistant/api/.*"
    r"|/homeassistant/websocket"
    r"|/core/api/.*"
    r"|/core/websocket"
    r"|/supervisor/ping"
-    r")$"
+    r"|/ingress/[-_A-Za-z0-9]+/.*"
+    + _CORE_FRONTEND_PATHS
+    + r")$"
 )

 # Observer allow API calls
-OBSERVER_CHECK = re.compile(
+OBSERVER_CHECK: Final = re.compile(
    r"^(?:"
    r"|/.+/info"
    r")$"
 )

 # Can called by every add-on
-ADDONS_API_BYPASS = re.compile(
+ADDONS_API_BYPASS: Final = re.compile(
    r"^(?:"
    r"|/addons/self/(?!security|update)[^/]+"
    r"|/addons/self/options/config"
@@ -60,7 +77,7 @@ ADDONS_API_BYPASS = re.compile(
 )

 # Policy role add-on API access
-ADDONS_ROLE_ACCESS = {
+ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
    ROLE_DEFAULT: re.compile(
        r"^(?:"
        r"|/.+/info"
@@ -77,13 +94,12 @@ ADDONS_ROLE_ACCESS = {
        r"^(?:"
        r"|/.+/info"
        r"|/backups.*"
-        r"|/snapshots.*"
        r")$"
    ),
    ROLE_MANAGER: re.compile(
        r"^(?:"
        r"|/.+/info"
-        r"|/addons(?:/[^/]+/(?!security).+|/reload)?"
+        r"|/addons(?:/" + RE_SLUG + r"/(?!security).+|/reload)?"
        r"|/audio/.+"
        r"|/auth/cache"
        r"|/cli/.+"
@@ -112,6 +128,26 @@ ADDONS_ROLE_ACCESS = {
    ),
 }

+FILTERS: Final = re.compile(
+    r"(?:"
+
+    # Common exploits
+    r"proc/self/environ"
+    r"|(<|%3C).*script.*(>|%3E)"
+
+    # File Injections
+    r"|(\.\.//?)+"  # ../../anywhere
+    r"|[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"  # .html?v=/.//test
+
+    # SQL Injections
+    r"|union.*select.*\("
+    r"|union.*all.*select.*"
+    r"|concat.*\("
+
+    r")",
+    flags=re.IGNORECASE,
+)
+
 # fmt: on


@@ -122,6 +158,32 @@ class SecurityMiddleware(CoreSysAttributes):
        """Initialize security middleware."""
        self.coresys: CoreSys = coresys

+    def _recursive_unquote(self, value: str) -> str:
+        """Handle values that are encoded multiple times."""
+        if (unquoted := unquote(value)) != value:
+            unquoted = self._recursive_unquote(unquoted)
+        return unquoted
+
+    @middleware
+    async def block_bad_requests(
+        self, request: Request, handler: RequestHandler
+    ) -> Response:
+        """Process request and tblock commonly known exploit attempts."""
+        if FILTERS.search(self._recursive_unquote(request.path)):
+            _LOGGER.warning(
+                "Filtered a potential harmful request to: %s", request.raw_path
+            )
+            raise HTTPBadRequest
+
+        if FILTERS.search(self._recursive_unquote(request.query_string)):
+            _LOGGER.warning(
+                "Filtered a request with a potential harmful query string: %s",
+                request.raw_path,
+            )
+            raise HTTPBadRequest
+
+        return await handler(request)
+
    @middleware
    async def system_validation(
        self, request: Request, handler: RequestHandler
@@ -154,6 +216,7 @@ class SecurityMiddleware(CoreSysAttributes):
        # Ignore security check
        if NO_SECURITY_CHECK.match(request.path):
            _LOGGER.debug("Passthrough %s", request.path)
+            request[REQUEST_FROM] = None
            return await handler(request)

        # Not token
@@ -173,7 +236,7 @@ class SecurityMiddleware(CoreSysAttributes):

        # Observer
        if supervisor_token == self.sys_plugins.observer.supervisor_token:
-            if not OBSERVER_CHECK.match(request.url):
+            if not OBSERVER_CHECK.match(request.path):
                _LOGGER.warning("%s invalid Observer access", request.path)
                raise HTTPForbidden()
            _LOGGER.debug("%s access from Observer", request.path)
@@ -206,3 +269,45 @@ class SecurityMiddleware(CoreSysAttributes):

        _LOGGER.error("Invalid token for access %s", request.path)
        raise HTTPForbidden()
+
+    @middleware
+    async def core_proxy(self, request: Request, handler: RequestHandler) -> Response:
+        """Validate user from Core API proxy."""
+        if (
+            request[REQUEST_FROM] != self.sys_homeassistant
+            or self.sys_homeassistant.version >= _CORE_VERSION
+        ):
+            return await handler(request)
+
+        authorization_index: int | None = None
+        content_type_index: int | None = None
+        user_request: bool = False
+        admin_request: bool = False
+        ingress_request: bool = False
+
+        for idx, (key, value) in enumerate(request.raw_headers):
+            if key in (b"Authorization", b"X-Hassio-Key"):
+                authorization_index = idx
+            elif key == b"Content-Type":
+                content_type_index = idx
+            elif key == b"X-Hass-User-ID":
+                user_request = True
+            elif key == b"X-Hass-Is-Admin":
+                admin_request = value == b"1"
+            elif key == b"X-Ingress-Path":
+                ingress_request = True
+
+        if (user_request or admin_request) and not ingress_request:
+            return await handler(request)
+
+        is_proxy_request = (
+            authorization_index is not None
+            and content_type_index is not None
+            and content_type_index - authorization_index == 1
+        )
+
+        if (
+            not CORE_FRONTEND.match(request.path) and is_proxy_request
+        ) or ingress_request:
+            raise HTTPBadRequest()
+        return await handler(request)
--- a/supervisor/api/mounts.py
+++ b/supervisor/api/mounts.py
@@ -0,0 +1,124 @@
+"""Inits file for supervisor mounts REST API."""
+
+from typing import Any
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..const import ATTR_NAME, ATTR_STATE
+from ..coresys import CoreSysAttributes
+from ..exceptions import APIError
+from ..mounts.const import ATTR_DEFAULT_BACKUP_MOUNT, MountUsage
+from ..mounts.mount import Mount
+from ..mounts.validate import SCHEMA_MOUNT_CONFIG
+from .const import ATTR_MOUNTS
+from .utils import api_process, api_validate
+
+SCHEMA_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_DEFAULT_BACKUP_MOUNT): vol.Maybe(str),
+    }
+)
+
+
+class APIMounts(CoreSysAttributes):
+    """Handle REST API for mounting options."""
+
+    @api_process
+    async def info(self, request: web.Request) -> dict[str, Any]:
+        """Return MountManager info."""
+        return {
+            ATTR_DEFAULT_BACKUP_MOUNT: self.sys_mounts.default_backup_mount.name
+            if self.sys_mounts.default_backup_mount
+            else None,
+            ATTR_MOUNTS: [
+                mount.to_dict() | {ATTR_STATE: mount.state}
+                for mount in self.sys_mounts.mounts
+            ],
+        }
+
+    @api_process
+    async def options(self, request: web.Request) -> None:
+        """Set Mount Manager options."""
+        body = await api_validate(SCHEMA_OPTIONS, request)
+
+        if ATTR_DEFAULT_BACKUP_MOUNT in body:
+            name: str | None = body[ATTR_DEFAULT_BACKUP_MOUNT]
+            if name is None:
+                self.sys_mounts.default_backup_mount = None
+            elif (mount := self.sys_mounts.get(name)).usage != MountUsage.BACKUP:
+                raise APIError(
+                    f"Mount {name} is not used for backups, cannot use it as default backup mount"
+                )
+            else:
+                self.sys_mounts.default_backup_mount = mount
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def create_mount(self, request: web.Request) -> None:
+        """Create a new mount in supervisor."""
+        body = await api_validate(SCHEMA_MOUNT_CONFIG, request)
+
+        if body[ATTR_NAME] in self.sys_mounts:
+            raise APIError(f"A mount already exists with name {body[ATTR_NAME]}")
+
+        mount = Mount.from_dict(self.coresys, body)
+        await self.sys_mounts.create_mount(mount)
+
+        # If it's a backup mount, reload backups
+        if mount.usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
+
+            # If there's no default backup mount, set it to the new mount
+            if not self.sys_mounts.default_backup_mount:
+                self.sys_mounts.default_backup_mount = mount
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def update_mount(self, request: web.Request) -> None:
+        """Update an existing mount in supervisor."""
+        name = request.match_info.get("mount")
+        name_schema = vol.Schema(
+            {vol.Optional(ATTR_NAME, default=name): name}, extra=vol.ALLOW_EXTRA
+        )
+        body = await api_validate(vol.All(name_schema, SCHEMA_MOUNT_CONFIG), request)
+
+        if name not in self.sys_mounts:
+            raise APIError(f"No mount exists with name {name}")
+
+        mount = Mount.from_dict(self.coresys, body)
+        await self.sys_mounts.create_mount(mount)
+
+        # If it's a backup mount, reload backups
+        if mount.usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
+
+        # If this mount was the default backup mount and isn't for backups any more, remove it
+        elif self.sys_mounts.default_backup_mount == mount:
+            self.sys_mounts.default_backup_mount = None
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def delete_mount(self, request: web.Request) -> None:
+        """Delete an existing mount in supervisor."""
+        name = request.match_info.get("mount")
+        mount = await self.sys_mounts.remove_mount(name)
+
+        # If it was a backup mount, reload backups
+        if mount.usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def reload_mount(self, request: web.Request) -> None:
+        """Reload an existing mount in supervisor."""
+        name = request.match_info.get("mount")
+        await self.sys_mounts.reload_mount(name)
+
+        # If it's a backup mount, reload backups
+        if self.sys_mounts.get(name).usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
--- a/supervisor/api/multicast.py
+++ b/supervisor/api/multicast.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Multicast RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -18,11 +19,11 @@ from ..const import (
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
-    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import version_tag
+from .const import CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -34,7 +35,7 @@ class APIMulticast(CoreSysAttributes):
    """Handle RESTful API for Multicast functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return Multicast information."""
        return {
            ATTR_VERSION: self.sys_plugins.multicast.version,
@@ -43,7 +44,7 @@ class APIMulticast(CoreSysAttributes):
        }

    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.multicast.stats()

--- a/supervisor/api/network.py
+++ b/supervisor/api/network.py
@@ -1,7 +1,8 @@
 """REST API for network."""
 import asyncio
+from collections.abc import Awaitable
 from ipaddress import ip_address, ip_interface
-from typing import Any, Awaitable, Dict
+from typing import Any

 from aiohttp import web
 import attr
@@ -30,6 +31,7 @@ from ..const import (
    ATTR_PARENT,
    ATTR_PRIMARY,
    ATTR_PSK,
+    ATTR_READY,
    ATTR_SIGNAL,
    ATTR_SSID,
    ATTR_SUPERVISOR_INTERNET,
@@ -82,17 +84,18 @@ SCHEMA_UPDATE = vol.Schema(
 )


-def ipconfig_struct(config: IpConfig) -> Dict[str, Any]:
+def ipconfig_struct(config: IpConfig) -> dict[str, Any]:
    """Return a dict with information about ip configuration."""
    return {
        ATTR_METHOD: config.method,
        ATTR_ADDRESS: [address.with_prefixlen for address in config.address],
        ATTR_NAMESERVERS: [str(address) for address in config.nameservers],
        ATTR_GATEWAY: str(config.gateway) if config.gateway else None,
+        ATTR_READY: config.ready,
    }


-def wifi_struct(config: WifiConfig) -> Dict[str, Any]:
+def wifi_struct(config: WifiConfig) -> dict[str, Any]:
    """Return a dict with information about wifi configuration."""
    return {
        ATTR_MODE: config.mode,
@@ -102,7 +105,7 @@ def wifi_struct(config: WifiConfig) -> Dict[str, Any]:
    }


-def vlan_struct(config: VlanConfig) -> Dict[str, Any]:
+def vlan_struct(config: VlanConfig) -> dict[str, Any]:
    """Return a dict with information about VLAN configuration."""
    return {
        ATTR_ID: config.id,
@@ -110,7 +113,7 @@ def vlan_struct(config: VlanConfig) -> Dict[str, Any]:
    }


-def interface_struct(interface: Interface) -> Dict[str, Any]:
+def interface_struct(interface: Interface) -> dict[str, Any]:
    """Return a dict with information of a interface to be used in th API."""
    return {
        ATTR_INTERFACE: interface.name,
@@ -125,7 +128,7 @@ def interface_struct(interface: Interface) -> Dict[str, Any]:
    }


-def accesspoint_struct(accesspoint: AccessPoint) -> Dict[str, Any]:
+def accesspoint_struct(accesspoint: AccessPoint) -> dict[str, Any]:
    """Return a dict for AccessPoint."""
    return {
        ATTR_MODE: accesspoint.mode,
@@ -141,9 +144,7 @@ class APINetwork(CoreSysAttributes):

    def _get_interface(self, name: str) -> Interface:
        """Get Interface by name or default."""
-        name = name.lower()
-
-        if name == "default":
+        if name.lower() == "default":
            for interface in self.sys_host.network.interfaces:
                if not interface.primary:
                    continue
@@ -158,7 +159,7 @@ class APINetwork(CoreSysAttributes):
        raise APIError(f"Interface {name} does not exist") from None

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return network information."""
        return {
            ATTR_INTERFACES: [
@@ -176,7 +177,7 @@ class APINetwork(CoreSysAttributes):
        }

    @api_process
-    async def interface_info(self, request: web.Request) -> Dict[str, Any]:
+    async def interface_info(self, request: web.Request) -> dict[str, Any]:
        """Return network information for a interface."""
        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))

@@ -196,12 +197,14 @@ class APINetwork(CoreSysAttributes):
        for key, config in body.items():
            if key == ATTR_IPV4:
                interface.ipv4 = attr.evolve(
-                    interface.ipv4 or IpConfig(InterfaceMethod.STATIC, [], None, []),
+                    interface.ipv4
+                    or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
                    **config,
                )
            elif key == ATTR_IPV6:
                interface.ipv6 = attr.evolve(
-                    interface.ipv6 or IpConfig(InterfaceMethod.STATIC, [], None, []),
+                    interface.ipv6
+                    or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
                    **config,
                )
            elif key == ATTR_WIFI:
@@ -220,10 +223,12 @@ class APINetwork(CoreSysAttributes):
    @api_process
    def reload(self, request: web.Request) -> Awaitable[None]:
        """Reload network data."""
-        return asyncio.shield(self.sys_host.network.update())
+        return asyncio.shield(
+            self.sys_host.network.update(force_connectivity_check=True)
+        )

    @api_process
-    async def scan_accesspoints(self, request: web.Request) -> Dict[str, Any]:
+    async def scan_accesspoints(self, request: web.Request) -> dict[str, Any]:
        """Scan and return a list of available networks."""
        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))

@@ -257,6 +262,7 @@ class APINetwork(CoreSysAttributes):
                body[ATTR_IPV4].get(ATTR_ADDRESS, []),
                body[ATTR_IPV4].get(ATTR_GATEWAY, None),
                body[ATTR_IPV4].get(ATTR_NAMESERVERS, []),
+                None,
            )

        ipv6_config = None
@@ -266,6 +272,7 @@ class APINetwork(CoreSysAttributes):
                body[ATTR_IPV6].get(ATTR_ADDRESS, []),
                body[ATTR_IPV6].get(ATTR_GATEWAY, None),
                body[ATTR_IPV6].get(ATTR_NAMESERVERS, []),
+                None,
            )

        vlan_interface = Interface(
--- a/supervisor/api/observer.py
+++ b/supervisor/api/observer.py
@@ -1,7 +1,7 @@
 """Init file for Supervisor Observer RESTful API."""
 import asyncio
 import logging
-from typing import Any, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -33,7 +33,7 @@ class APIObserver(CoreSysAttributes):
    """Handle RESTful API for Observer functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return HA Observer information."""
        return {
            ATTR_HOST: str(self.sys_docker.network.observer),
@@ -43,7 +43,7 @@ class APIObserver(CoreSysAttributes):
        }

    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.observer.stats()

--- a/supervisor/api/os.py
+++ b/supervisor/api/os.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor HassOS RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any

 from aiohttp import web
 import voluptuous as vol
@@ -9,42 +10,136 @@ import voluptuous as vol
 from ..const import (
    ATTR_BOARD,
    ATTR_BOOT,
+    ATTR_DEVICES,
+    ATTR_ID,
+    ATTR_NAME,
+    ATTR_SERIAL,
+    ATTR_SIZE,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
+from ..exceptions import BoardInvalidError
+from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..validate import version_tag
+from .const import (
+    ATTR_DATA_DISK,
+    ATTR_DEV_PATH,
+    ATTR_DEVICE,
+    ATTR_DISK_LED,
+    ATTR_DISKS,
+    ATTR_HEARTBEAT_LED,
+    ATTR_MODEL,
+    ATTR_POWER_LED,
+    ATTR_VENDOR,
+)
 from .utils import api_process, api_validate

 _LOGGER: logging.Logger = logging.getLogger(__name__)

 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): str})
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_YELLOW_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_DISK_LED): vol.Boolean(),
+        vol.Optional(ATTR_HEARTBEAT_LED): vol.Boolean(),
+        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
+    }
+)


 class APIOS(CoreSysAttributes):
    """Handle RESTful API for OS functions."""

    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return OS information."""
        return {
-            ATTR_VERSION: self.sys_hassos.version,
-            ATTR_VERSION_LATEST: self.sys_hassos.latest_version,
-            ATTR_UPDATE_AVAILABLE: self.sys_hassos.need_update,
-            ATTR_BOARD: self.sys_hassos.board,
+            ATTR_VERSION: self.sys_os.version,
+            ATTR_VERSION_LATEST: self.sys_os.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_os.need_update,
+            ATTR_BOARD: self.sys_os.board,
            ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
+            ATTR_DATA_DISK: self.sys_os.datadisk.disk_used_id,
        }

    @api_process
    async def update(self, request: web.Request) -> None:
        """Update OS."""
        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.sys_hassos.latest_version)
+        version = body.get(ATTR_VERSION, self.sys_os.latest_version)

-        await asyncio.shield(self.sys_hassos.update(version))
+        await asyncio.shield(self.sys_os.update(version))

    @api_process
    def config_sync(self, request: web.Request) -> Awaitable[None]:
        """Trigger config reload on OS."""
-        return asyncio.shield(self.sys_hassos.config_sync())
+        return asyncio.shield(self.sys_os.config_sync())
+
+    @api_process
+    async def migrate_data(self, request: web.Request) -> None:
+        """Trigger data disk migration on Host."""
+        body = await api_validate(SCHEMA_DISK, request)
+
+        await asyncio.shield(self.sys_os.datadisk.migrate_disk(body[ATTR_DEVICE]))
+
+    @api_process
+    async def list_data(self, request: web.Request) -> dict[str, Any]:
+        """Return possible data targets."""
+        return {
+            ATTR_DEVICES: [disk.id for disk in self.sys_os.datadisk.available_disks],
+            ATTR_DISKS: [
+                {
+                    ATTR_NAME: disk.name,
+                    ATTR_VENDOR: disk.vendor,
+                    ATTR_MODEL: disk.model,
+                    ATTR_SERIAL: disk.serial,
+                    ATTR_SIZE: disk.size,
+                    ATTR_ID: disk.id,
+                    ATTR_DEV_PATH: disk.device_path.as_posix(),
+                }
+                for disk in self.sys_os.datadisk.available_disks
+            ],
+        }
+
+    @api_process
+    async def boards_yellow_info(self, request: web.Request) -> dict[str, Any]:
+        """Get yellow board settings."""
+        return {
+            ATTR_DISK_LED: self.sys_dbus.agent.board.yellow.disk_led,
+            ATTR_HEARTBEAT_LED: self.sys_dbus.agent.board.yellow.heartbeat_led,
+            ATTR_POWER_LED: self.sys_dbus.agent.board.yellow.power_led,
+        }
+
+    @api_process
+    async def boards_yellow_options(self, request: web.Request) -> None:
+        """Update yellow board settings."""
+        body = await api_validate(SCHEMA_YELLOW_OPTIONS, request)
+
+        if ATTR_DISK_LED in body:
+            self.sys_dbus.agent.board.yellow.disk_led = body[ATTR_DISK_LED]
+
+        if ATTR_HEARTBEAT_LED in body:
+            self.sys_dbus.agent.board.yellow.heartbeat_led = body[ATTR_HEARTBEAT_LED]
+
+        if ATTR_POWER_LED in body:
+            self.sys_dbus.agent.board.yellow.power_led = body[ATTR_POWER_LED]
+
+        self.sys_resolution.create_issue(
+            IssueType.REBOOT_REQUIRED,
+            ContextType.SYSTEM,
+            suggestions=[SuggestionType.EXECUTE_REBOOT],
+        )
+
+    @api_process
+    async def boards_other_info(self, request: web.Request) -> dict[str, Any]:
+        """Empty success return if board is in use, error otherwise."""
+        if request.match_info["board"] != self.sys_os.board:
+            raise BoardInvalidError(
+                f"{request.match_info['board']} board is not in use", _LOGGER.error
+            )
+
+        return {}
--- a/supervisor/api/panel/entrypoint.js
+++ b/supervisor/api/panel/entrypoint.js
@@ -1,16 +1 @@
-
-function loadES5() {
-  var el = document.createElement('script');
-  el.src = '/api/hassio/app/frontend_es5/entrypoint.ef32933f.js';
-  document.body.appendChild(el);
-}
-if (/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent)) {
-    loadES5();
-} else {
-  try {
-    new Function("import('/api/hassio/app/frontend_latest/entrypoint.7ca7c83a.js')")();
-  } catch (err) {
-    loadES5();
-  }
-}
-  
+!function(){function n(n){var t=document.createElement("script");t.src=n,document.body.appendChild(t)}if(/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent))n("/api/hassio/app/frontend_es5/entrypoint-NoHhvMA3Ku8.js");else try{new Function("import('/api/hassio/app/frontend_latest/entrypoint-G81gb268sps.js')")()}catch(t){n("/api/hassio/app/frontend_es5/entrypoint-NoHhvMA3Ku8.js")}}()
--- a/supervisor/api/panel/entrypoint.js.gz
+++ b/supervisor/api/panel/entrypoint.js.gz
--- a/supervisor/api/panel/frontend_es5/01378878.js
+++ b/supervisor/api/panel/frontend_es5/01378878.js
@@ -1,2 +0,0 @@
-(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[534],{68441:function(e,t){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var l=new WeakMap;t.default=function(e){var t=l.get(e);return t||(t=Object.create(null),l.set(e,t)),t}},78643:function(e,t,l){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.PluralRules=void 0;var a=l(87480),n=l(43965),r=a.__importDefault(l(68441));function o(e,t){if(!(e instanceof u))throw new TypeError("Method Intl.PluralRules.prototype."+t+" called on incompatible receiver "+String(e))}function i(e,t,l,a){var n=a.IntegerDigits,r=a.NumberOfFractionDigits,o=a.FractionDigits;return u.localeData[e].fn(r?n+"."+o:n,"ordinal"===t)}var u=function(){function e(t,l){if(!(this&&this instanceof e?this.constructor:void 0))throw new TypeError("Intl.PluralRules must be called with 'new'");return n.InitializePluralRules(this,t,l,{availableLocales:e.availableLocales,relevantExtensionKeys:e.relevantExtensionKeys,localeData:e.localeData,getDefaultLocale:e.getDefaultLocale,getInternalSlots:r.default})}return e.prototype.resolvedOptions=function(){o(this,"resolvedOptions");var t=Object.create(null),l=r.default(this);return t.locale=l.locale,t.type=l.type,["minimumIntegerDigits","minimumFractionDigits","maximumFractionDigits","minimumSignificantDigits","maximumSignificantDigits"].forEach((function(e){var a=l[e];void 0!==a&&(t[e]=a)})),t.pluralCategories=a.__spreadArray([],e.localeData[t.locale].categories[t.type]),t},e.prototype.select=function(e){o(this,"select");var t=n.ToNumber(e);return n.ResolvePlural(this,t,{getInternalSlots:r.default,PluralRuleSelect:i})},e.prototype.toString=function(){return"[object Intl.PluralRules]"},e.supportedLocalesOf=function(t,l){return n.SupportedLocales(e.availableLocales,n.CanonicalizeLocaleList(t),l)},e.__addLocaleData=function(){for(var t=[],l=0;l<arguments.length;l++)t[l]=arguments[l];for(var a=0,n=t;a<n.length;a++){var r=n[a],o=r.data,i=r.locale;e.localeData[i]=o,e.availableLocales.add(i),e.__defaultLocale||(e.__defaultLocale=i)}},e.getDefaultLocale=function(){return e.__defaultLocale},e.localeData={},e.availableLocales=new Set,e.__defaultLocale="",e.relevantExtensionKeys=[],e.polyfilled=!0,e}();t.PluralRules=u;try{"undefined"!=typeof Symbol&&Object.defineProperty(u.prototype,Symbol.toStringTag,{value:"Intl.PluralRules",writable:!1,enumerable:!1,configurable:!0});try{Object.defineProperty(u,"length",{value:0,writable:!1,enumerable:!1,configurable:!0})}catch(c){}Object.defineProperty(u.prototype.constructor,"length",{value:0,writable:!1,enumerable:!1,configurable:!0}),Object.defineProperty(u.supportedLocalesOf,"length",{value:1,writable:!1,enumerable:!1,configurable:!0})}catch(s){}},25534:function(e,t,l){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var a=l(78643);l(27815).shouldPolyfill()&&Object.defineProperty(Intl,"PluralRules",{value:a.PluralRules,writable:!0,enumerable:!1,configurable:!0})},27815:function(e,t){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.shouldPolyfill=void 0,t.shouldPolyfill=function(){return"undefined"==typeof Intl||!("PluralRules"in Intl)||"one"===new Intl.PluralRules("en",{minimumFractionDigits:2}).select(1)}}}]);
-//# sourceMappingURL=01378878.js.map
--- a/supervisor/api/panel/frontend_es5/01378878.js.gz
+++ b/supervisor/api/panel/frontend_es5/01378878.js.gz
--- a/supervisor/api/panel/frontend_es5/01378878.js.map
+++ b/supervisor/api/panel/frontend_es5/01378878.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"01378878.js","sources":["webpack://home-assistant-frontend/01378878.js"],"mappings":"AAAA","sourceRoot":""}
--- a/supervisor/api/panel/frontend_es5/05b049f0.js
+++ b/supervisor/api/panel/frontend_es5/05b049f0.js
--- a/supervisor/api/panel/frontend_es5/05b049f0.js.gz
+++ b/supervisor/api/panel/frontend_es5/05b049f0.js.gz
--- a/supervisor/api/panel/frontend_es5/05b049f0.js.map
+++ b/supervisor/api/panel/frontend_es5/05b049f0.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"05b049f0.js","sources":["webpack://home-assistant-frontend/05b049f0.js"],"mappings":"AAAA","sourceRoot":""}
--- a/supervisor/api/panel/frontend_es5/0bbd5196.js
+++ b/supervisor/api/panel/frontend_es5/0bbd5196.js
--- a/supervisor/api/panel/frontend_es5/0bbd5196.js.gz
+++ b/supervisor/api/panel/frontend_es5/0bbd5196.js.gz
--- a/supervisor/api/panel/frontend_es5/0bbd5196.js.map
+++ b/supervisor/api/panel/frontend_es5/0bbd5196.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"0bbd5196.js","sources":["webpack://home-assistant-frontend/0bbd5196.js"],"mappings":";AAAA","sourceRoot":""}
--- a/supervisor/api/panel/frontend_es5/1036-6IMueKVv3m4.js
+++ b/supervisor/api/panel/frontend_es5/1036-6IMueKVv3m4.js
--- a/supervisor/api/panel/frontend_es5/1036-6IMueKVv3m4.js.gz
+++ b/supervisor/api/panel/frontend_es5/1036-6IMueKVv3m4.js.gz
--- a/supervisor/api/panel/frontend_es5/1036-6IMueKVv3m4.js.map
+++ b/supervisor/api/panel/frontend_es5/1036-6IMueKVv3m4.js.map
--- a/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js
+++ b/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js
@@ -0,0 +1,2 @@
+"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[1047],{32594:function(e,t,r){r.d(t,{U:function(){return n}});var n=function(e){return e.stopPropagation()}},75054:function(e,t,r){r.r(t),r.d(t,{HaTimeDuration:function(){return f}});var n,a=r(88962),i=r(33368),o=r(71650),d=r(82390),u=r(69205),l=r(70906),s=r(91808),c=r(68144),v=r(79932),f=(r(47289),(0,s.Z)([(0,v.Mo)("ha-selector-duration")],(function(e,t){var r=function(t){(0,u.Z)(n,t);var r=(0,l.Z)(n);function n(){var t;(0,o.Z)(this,n);for(var a=arguments.length,i=new Array(a),u=0;u<a;u++)i[u]=arguments[u];return t=r.call.apply(r,[this].concat(i)),e((0,d.Z)(t)),t}return(0,i.Z)(n)}(t);return{F:r,d:[{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"hass",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"selector",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"value",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"label",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"helper",value:void 0},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"disabled",value:function(){return!1}},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"required",value:function(){return!0}},{kind:"method",key:"render",value:function(){var e;return(0,c.dy)(n||(n=(0,a.Z)([' <ha-duration-input .label="','" .helper="','" .data="','" .disabled="','" .required="','" ?enableDay="','"></ha-duration-input> '])),this.label,this.helper,this.value,this.disabled,this.required,null===(e=this.selector.duration)||void 0===e?void 0:e.enable_day)}}]}}),c.oi))}}]);
+//# sourceMappingURL=1047-g7fFLS9eP4I.js.map
--- a/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.gz
+++ b/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.gz
--- a/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map
+++ b/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230601.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230601.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}
--- a/supervisor/api/panel/frontend_es5/1116-YCx9f7hKX80.js
+++ b/supervisor/api/panel/frontend_es5/1116-YCx9f7hKX80.js
--- a/supervisor/api/panel/frontend_es5/1116-YCx9f7hKX80.js.gz
+++ b/supervisor/api/panel/frontend_es5/1116-YCx9f7hKX80.js.gz
--- a/supervisor/api/panel/frontend_es5/1116-YCx9f7hKX80.js.map
+++ b/supervisor/api/panel/frontend_es5/1116-YCx9f7hKX80.js.map
--- a/supervisor/api/panel/frontend_es5/1193-AhESuEdTugg.js
+++ b/supervisor/api/panel/frontend_es5/1193-AhESuEdTugg.js
--- a/supervisor/api/panel/frontend_es5/1193-AhESuEdTugg.js.gz
+++ b/supervisor/api/panel/frontend_es5/1193-AhESuEdTugg.js.gz
--- a/supervisor/api/panel/frontend_es5/1193-AhESuEdTugg.js.map
+++ b/supervisor/api/panel/frontend_es5/1193-AhESuEdTugg.js.map
--- a/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js
+++ b/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js
--- a/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js.LICENSE.txt
+++ b/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js.LICENSE.txt
@@ -0,0 +1,5 @@
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
--- a/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js.gz
+++ b/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js.gz
--- a/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js.map
+++ b/supervisor/api/panel/frontend_es5/1246-xNkZ7MzqHIg.js.map
--- a/supervisor/api/panel/frontend_es5/1265-DN3w24TEgis.js
+++ b/supervisor/api/panel/frontend_es5/1265-DN3w24TEgis.js
--- a/supervisor/api/panel/frontend_es5/1265-DN3w24TEgis.js.gz
+++ b/supervisor/api/panel/frontend_es5/1265-DN3w24TEgis.js.gz
--- a/supervisor/api/panel/frontend_es5/1265-DN3w24TEgis.js.map
+++ b/supervisor/api/panel/frontend_es5/1265-DN3w24TEgis.js.map
--- a/supervisor/api/panel/frontend_es5/1281-YwF-4nfc5C4.js
+++ b/supervisor/api/panel/frontend_es5/1281-YwF-4nfc5C4.js
--- a/supervisor/api/panel/frontend_es5/1281-YwF-4nfc5C4.js.gz
+++ b/supervisor/api/panel/frontend_es5/1281-YwF-4nfc5C4.js.gz
--- a/supervisor/api/panel/frontend_es5/1281-YwF-4nfc5C4.js.map
+++ b/supervisor/api/panel/frontend_es5/1281-YwF-4nfc5C4.js.map
--- a/supervisor/api/panel/frontend_es5/14a4eab7.js
+++ b/supervisor/api/panel/frontend_es5/14a4eab7.js
--- a/supervisor/api/panel/frontend_es5/14a4eab7.js.gz
+++ b/supervisor/api/panel/frontend_es5/14a4eab7.js.gz
--- a/supervisor/api/panel/frontend_es5/14a4eab7.js.map
+++ b/supervisor/api/panel/frontend_es5/14a4eab7.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"14a4eab7.js","sources":["webpack://home-assistant-frontend/14a4eab7.js"],"mappings":"AAAA","sourceRoot":""}
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`{"version":3,"file":"01378878.js","sources":["webpack://home-assistant-frontend/01378878.js"],"mappings":"AAAA","sourceRoot":""}`
				`@@ -1 +0,0 @@`
				`{"version":3,"file":"05b049f0.js","sources":["webpack://home-assistant-frontend/05b049f0.js"],"mappings":"AAAA","sourceRoot":""}`
				`@@ -1 +0,0 @@`
				`{"version":3,"file":"0bbd5196.js","sources":["webpack://home-assistant-frontend/0bbd5196.js"],"mappings":";AAAA","sourceRoot":""}`
				`@@ -0,0 +1 @@`
				{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230601.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230601.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}
				`@@ -1 +0,0 @@`
				`{"version":3,"file":"14a4eab7.js","sources":["webpack://home-assistant-frontend/14a4eab7.js"],"mappings":"AAAA","sourceRoot":""}`