add missing id

Co-authored-by: Franck Nijhof <git@frenck.dev>

.devcontainer/Dockerfile

@@ -1,19 +1,29 @@
-FROM python:3.7
+FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.8
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-c"]
 
 WORKDIR /workspaces
 
+# Set Docker daemon config
+RUN \
+    mkdir -p /etc/docker \
+    && echo '{"storage-driver": "vfs"}' > /etc/docker/daemon.json
+
 # Install Node/Yarn for Frontent
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+    && apt-get update \
+    && apt-get update && apt-get install -y --no-install-recommends \
         curl \
         git \
         apt-utils \
         apt-transport-https \
-    && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
     && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
     && apt-get update && apt-get install -y --no-install-recommends \
         nodejs \
         yarn \
-    && curl -o - https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash \
+    && curl -o - https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
     && rm -rf /var/lib/apt/lists/*
 ENV NVM_DIR /root/.nvm
 
@@ -39,13 +49,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
         dbus \
         network-manager \
         libpulse0 \
+    && bash <(curl https://getvcn.codenotary.com -L) \
     && rm -rf /var/lib/apt/lists/*
 
 # Install Python dependencies from requirements.txt if it exists
 COPY requirements.txt requirements_tests.txt ./
-RUN pip3 install -r requirements.txt -r requirements_tests.txt \
+RUN pip3 install -U setuptools pip \
+    && pip3 install -r requirements.txt -r requirements_tests.txt \
     && pip3 install tox \
     && rm -f requirements.txt requirements_tests.txt
-
-# Set the default shell to bash instead of sh
-ENV SHELL /bin/bash

.devcontainer/devcontainer.json

@@ -1,24 +1,33 @@
-// See https://aka.ms/vscode-remote/devcontainer.json for format details.
 {
   "name": "Supervisor dev",
   "context": "..",
   "dockerFile": "Dockerfile",
   "appPort": "9123:8123",
+  "postCreateCommand": "pre-commit install",
   "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
+  "containerEnv": {"NVM_DIR":"/usr/local/share/nvm"},
   "extensions": [
     "ms-python.python",
+    "ms-python.vscode-pylance",
     "visualstudioexptteam.vscodeintellicode",
     "esbenp.prettier-vscode"
   ],
   "settings": {
-    "python.pythonPath": "/usr/local/bin/python",
-    "python.linting.pylintEnabled": true,
-    "python.linting.enabled": true,
-    "python.formatting.provider": "black",
-    "python.formatting.blackArgs": ["--target-version", "py37"],
+    "terminal.integrated.shell.linux": "/bin/bash",
     "editor.formatOnPaste": false,
     "editor.formatOnSave": true,
     "editor.formatOnType": true,
-    "files.trimTrailingWhitespace": true
+    "files.trimTrailingWhitespace": true,
+    "python.pythonPath": "/usr/local/bin/python3",
+    "python.linting.pylintEnabled": true,
+    "python.linting.enabled": true,
+    "python.formatting.provider": "black",
+    "python.formatting.blackArgs": ["--target-version", "py38"],
+    "python.formatting.blackPath": "/usr/local/bin/black",
+    "python.linting.banditPath": "/usr/local/bin/bandit",
+    "python.linting.flake8Path": "/usr/local/bin/flake8",
+    "python.linting.mypyPath": "/usr/local/bin/mypy",
+    "python.linting.pylintPath": "/usr/local/bin/pylint",
+    "python.linting.pydocstylePath": "/usr/local/bin/pydocstyle"
   }
 }

.github/ISSUE_TEMPLATE.md

@@ -1,29 +1,69 @@
+---
+name: Report a bug with the Supervisor on a supported System
+about: Report an issue related to the Home Assistant Supervisor.
+labels: bug
+---
+
 <!-- READ THIS FIRST:
 - If you need additional help with this template please refer to https://www.home-assistant.io/help/reporting_issues/
-- Make sure you are running the latest version of Home Assistant before reporting an issue: https://github.com/home-assistant/home-assistant/releases
-- Do not report issues for components here, plaese refer to https://github.com/home-assistant/home-assistant/issues
 - This is for bugs only. Feature and enhancement requests should go in our community forum: https://community.home-assistant.io/c/feature-requests
 - Provide as many details as possible. Paste logs, configuration sample and code into the backticks. Do not delete any text from this template!
-- If you have a problem with a Add-on, make a issue on there repository.
+- If you have a problem with an add-on, make an issue in it's repository.
 -->
 
-**Home Assistant release with the issue:**
 <!--
-- Frontend -> Developer tools -> Info
-- Or use this command: hass --version
+Important: You can only fill a bug repport for an supported system! If you run an unsupported installation. This report would be closed without comment.
 -->
 
-**Operating environment (HassOS/Generic):**
+### Describe the issue
+
+<!-- Provide as many details as possible. -->
+
+### Steps to reproduce
+
+<!-- What do you do to encounter the issue. -->
+
+1. ...
+2. ...
+3. ...
+
+### Enviroment details
+
+<!-- You can find these details in the system tab of the supervisor panel, or by using the `ha` CLI. -->
+
+- **Operating System:**: xxx
+- **Supervisor version:**: xxx
+- **Home Assistant version**: xxx
+
+### Supervisor logs
+
+<details>
+<summary>Supervisor logs</summary>
 <!--
-Please provide details about your environment.
+- Frontend -> Supervisor -> System
+- Or use this command: ha supervisor logs
+- Logs are more than just errors, even if you don't think it's important, it is.
 -->
 
-**Supervisor logs:**
+```
+Paste supervisor logs here
+
+```
+
+</details>
+
+### System Information
+
+<details>
+<summary>System Information</summary>
 <!--
-- Frontend -> Hass.io -> System
-- Or use this command: hassio su logs
+- Use this command: ha info
 -->
 
+```
+Paste system info here
 
-**Description of problem:**
+```
+
+</details>
 

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,106 @@
+name: Bug Report Form
+about: Report an issue related to the Home Assistant Supervisor.
+labels: bug
+title: ""
+issue_body: true
+body:
+  - type: markdown
+    attributes:
+      value: |
+        This issue form is for reporting bugs with **supported** setups only!
+
+        If you have a feature or enhancement request, please use the [feature request][fr] section of our [Community Forum][fr].
+
+        [fr]: https://community.home-assistant.io/c/feature-requests
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Describe the issue you are experiencing
+      description: Provide a clear and concise description of what the bug is.
+  - type: markdown
+    attributes:
+      value: |
+        ## Environment
+  - type: input
+    validations:
+      required: true
+    attributes:
+      label: What is the used version of the Supervisor?
+      placeholder: supervisor-
+      description: >
+        Can be found in the Supervisor panel -> System tab. Starts with
+        `supervisor-....`.
+  - type: dropdown
+    validations:
+      required: true
+    attributes:
+      label: What type of installation are you running?
+      description: >
+        If you don't know, you can find it in: Configuration panel -> Info.
+      options:
+        - Home Assistant OS
+        - Home Assistant Supervised
+  - type: dropdown
+    validations:
+      required: true
+    attributes:
+      label: Which operating system are you running on?
+      options:
+        - Home Assistant Operating System
+        - Debian
+        - Other (e.g., Raspbian/Raspberry Pi OS/Fedora)
+  - type: input
+    validations:
+      required: true
+    attributes:
+      label: What is the version of your installed operating system?
+      placeholder: "5.11"
+      description: Can be found in the Supervisor panel -> System tab.
+  - type: input
+    validations:
+      required: true
+    attributes:
+      label: What version of Home Assistant Core is installed?
+      placeholder: core-
+      description: >
+        Can be found in the Supervisor panel -> System tab. Starts with
+        `core-....`.
+  - type: markdown
+    attributes:
+      value: |
+        # Details
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Steps to reproduce the issue
+      description: |
+        Please tell us exactly how to reproduce your issue.
+        Provide clear and concise step by step instructions and add code snippets if needed.
+      value: |
+        1.
+        2.
+        3.
+        ...
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: Anything in the Supervisor logs that might be useful for us?
+      description: >
+        The Supervisor logs can be found in the Supervisor panel -> System tab.
+      value: |
+        ```txt
+        # Put your logs below this line
+
+        ```
+  - type: markdown
+    attributes:
+      value: |
+        ## Additional information
+  - type: markdown
+    attributes:
+      value: |
+        If you have any additional information for us, use the field below.
+        Please note, you can attach screenshots or screen recordings here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,25 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Report a bug/issues with an unsupported Supervisor
+    url: https://community.home-assistant.io
+    about: The Community guide can help or was updated to solve your issue
+
+  - name: Report a bug for the Supervisor panel
+    url: https://github.com/home-assistant/frontend/issues
+    about: The Supervisor panel is a part of the Home Assistant frontend
+
+  - name: Report incorrect or missing information on our developer documentation
+    url: https://github.com/home-assistant/developers.home-assistant.io/issues
+    about: Our documentation has its own issue tracker. Please report issues with the website there.
+
+  - name: Request a feature for the Supervisor
+    url: https://community.home-assistant.io/c/feature-requests
+    about: Request an new feature for the Supervisor.
+
+  - name: I have a question or need support
+    url: https://www.home-assistant.io/help
+    about: We use GitHub for tracking bugs, check our website for resources on getting help.
+
+  - name: I'm unsure where to go?
+    url: https://www.home-assistant.io/join-chat
+    about: If you are unsure where to go, then joining our chat is recommended; Just ask!

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,69 @@
+<!--
+  You are amazing! Thanks for contributing to our project!
+  Please, DO NOT DELETE ANY TEXT from this template! (unless instructed).
+-->
+
+## Proposed change
+
+<!--
+  Describe the big picture of your changes here to communicate to the
+  maintainers why we should accept this pull request. If it fixes a bug
+  or resolves a feature request, be sure to link to that issue in the
+  additional information section.
+-->
+
+## Type of change
+
+<!--
+  What type of change does your PR introduce to Home Assistant?
+  NOTE: Please, check only 1! box!
+  If your PR requires multiple boxes to be checked, you'll most likely need to
+  split it into multiple PRs. This makes things easier and faster to code review.
+-->
+
+- [ ] Dependency upgrade
+- [ ] Bugfix (non-breaking change which fixes an issue)
+- [ ] New feature (which adds functionality to the supervisor)
+- [ ] Breaking change (fix/feature causing existing functionality to break)
+- [ ] Code quality improvements to existing code or addition of tests
+
+## Additional information
+
+<!--
+  Details are important, and help maintainers processing your PR.
+  Please be sure to fill out additional details, if applicable.
+-->
+
+- This PR fixes or closes issue: fixes #
+- This PR is related to issue:
+- Link to documentation pull request:
+- Link to cli pull request:
+
+## Checklist
+
+<!--
+  Put an `x` in the boxes that apply. You can also fill these out after
+  creating the PR. If you're unsure about any of them, don't hesitate to ask.
+  We're here to help! This is simply a reminder of what we are going to look
+  for before merging your code.
+-->
+
+- [ ] The code change is tested and works locally.
+- [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
+- [ ] There is no commented out code in this PR.
+- [ ] I have followed the [development checklist][dev-checklist]
+- [ ] The code has been formatted using Black (`black --fast supervisor tests`)
+- [ ] Tests have been added to verify that the new code works.
+
+If API endpoints of add-on configuration are added/changed:
+
+- [ ] Documentation added/updated for [developers.home-assistant.io][docs-repository]
+
+<!--
+  Thank you for contributing <3
+
+  Below, some useful links you could explore:
+-->
+
+[dev-checklist]: https://developers.home-assistant.io/docs/en/development_checklist.html
+[docs-repository]: https://github.com/home-assistant/developers.home-assistant

.github/dependabot.yml

@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "06:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "06:00"
+  open-pull-requests-limit: 10

.github/lock.yml

@@ -1,27 +0,0 @@
-# Configuration for Lock Threads - https://github.com/dessant/lock-threads
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 1
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable
-skipCreatedBefore: 2020-01-01
-
-# Issues and pull requests with these labels will be ignored. Set to `[]` to disable
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. Set to `false` to disable
-lockLabel: false
-
-# Comment to post before locking. Set to `false` to disable
-lockComment: false
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: false
-
-# Limit to only `issues` or `pulls`
-only: pulls
-
-# Optionally, specify configuration settings just for `issues` or `pulls`
-issues:
-   daysUntilLock: 30

.github/release-drafter.yml

@@ -1,4 +1,49 @@
+change-template: "- #$NUMBER $TITLE @$AUTHOR"
+sort-direction: ascending
+
+categories:
+  - title: ":boom: Breaking Changes"
+    label: "breaking-change"
+
+  - title: ":wrench: Build"
+    label: "build"
+
+  - title: ":boar: Chore"
+    label: "chore"
+
+  - title: ":sparkles: New Features"
+    label: "new-feature"
+
+  - title: ":zap: Performance"
+    label: "performance"
+
+  - title: ":recycle: Refactor"
+    label: "refactor"
+
+  - title: ":green_heart: CI"
+    label: "ci"
+
+  - title: ":bug: Bug Fixes"
+    label: "bugfix"
+
+  - title: ":white_check_mark: Test"
+    label: "test"
+
+  - title: ":arrow_up: Dependency Updates"
+    label: "dependencies"
+
+include-labels:
+  - "breaking-change"
+  - "build"
+  - "chore"
+  - "performance"
+  - "refactor"
+  - "new-feature"
+  - "bugfix"
+  - "dependencies"
+  - "test"
+  - "ci"
+
 template: |
-  ## What's Changed
 
   $CHANGES

.github/stale.yml

@@ -1,17 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 60
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 7
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - pinned
-  - security
-# Label to use when marking an issue as stale
-staleLabel: wontfix
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false

.github/workflows/builder.yml

@@ -0,0 +1,252 @@
+name: Build supervisor
+
+on:
+  workflow_dispatch:
+    inputs:
+      channel:
+        description: "Channel"
+        required: true
+        default: "dev"
+      version:
+        description: "Version"
+        required: true
+      publish:
+        description: "Publish"
+        required: true
+        default: "false"
+      stable:
+        description: "Stable"
+        required: true
+        default: "false"
+  pull_request:
+    branches: ["main"]
+  release:
+    types: ["published"]
+  push:
+    branches: ["main"]
+    paths:
+      - "rootfs/**"
+      - "supervisor/**"
+      - build.json
+      - Dockerfile
+      - requirements.txt
+      - setup.py
+
+env:
+  BUILD_NAME: supervisor
+  BUILD_TYPE: supervisor
+  WHEELS_TAG: 3.8-alpine3.13
+
+jobs:
+  init:
+    name: Initialize build
+    runs-on: ubuntu-latest
+    outputs:
+      architectures: ${{ steps.info.outputs.architectures }}
+      version: ${{ steps.version.outputs.version }}
+      channel: ${{ steps.version.outputs.channel }}
+      publish: ${{ steps.version.outputs.publish }}
+      requirements: ${{ steps.requirements.outputs.changed }}
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Get information
+        id: info
+        uses: home-assistant/actions/helpers/info@master
+
+      - name: Get version
+        id: version
+        uses: home-assistant/actions/helpers/version@master
+        with:
+          type: ${{ env.BUILD_TYPE }}
+
+      - name: Get changed files
+        id: changed_files
+        if: steps.version.outputs.publish == 'false'
+        uses: jitterbit/get-changed-files@v1
+
+      - name: Check if requirements files changed
+        id: requirements
+        run: |
+          if [[ "${{ steps.changed_files.outputs.all }}" =~ requirements.txt ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
+  build:
+    name: Build ${{ matrix.arch }} supervisor
+    needs: init
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: ${{ fromJson(needs.init.outputs.architectures) }}
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Build wheels
+        if: needs.init.outputs.requirements == 'true'
+        uses: home-assistant/wheels@master
+        with:
+          tag: ${{ env.WHEELS_TAG }}
+          arch: ${{ matrix.arch }}
+          wheels-host: ${{ secrets.WHEELS_HOST }}
+          wheels-key: ${{ secrets.WHEELS_KEY }}
+          wheels-user: wheels
+          apk: "build-base;libffi-dev;openssl-dev;cargo"
+          skip-binary: aiohttp
+          requirements: "requirements.txt"
+
+      - name: Set version
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/version@master
+        with:
+          type: ${{ env.BUILD_TYPE }}
+
+      - name: Login to DockerHub
+        if: needs.init.outputs.publish == 'true'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        if: needs.init.outputs.publish == 'true'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GIT_USER }}
+          password: ${{ secrets.GIT_TOKEN }}
+
+      - name: Set build arguments
+        if: needs.init.outputs.publish == 'false'
+        run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
+
+      - name: Build supervisor
+        uses: home-assistant/builder@2021.04.0
+        with:
+          args: |
+            $BUILD_ARGS \
+            --${{ matrix.arch }} \
+            --target /data \
+            --with-codenotary "${{ secrets.VCN_USER }}" "${{ secrets.VCN_PASSWORD }}" "${{ secrets.VCN_ORG }}" \
+            --validate-from "${{ secrets.VCN_ORG }}" \
+            --validate-cache "${{ secrets.VCN_ORG }}" \
+            --generic ${{ needs.init.outputs.version }}
+
+  codenotary:
+    name: CodeNotary signature
+    needs: init
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        if: needs.init.outputs.publish == 'true'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set version
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/version@master
+        with:
+          type: ${{ env.BUILD_TYPE }}
+
+      - name: Signing image
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/codenotary@master
+        with:
+          source: dir://${{ github.workspace }}
+          user: ${{ secrets.VCN_USER }}
+          password: ${{ secrets.VCN_PASSWORD }}
+          organisation: ${{ secrets.VCN_ORG }}
+
+  version:
+    name: Update version
+    needs: ["init", "run_supervisor"]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        if: needs.init.outputs.publish == 'true'
+        uses: actions/checkout@v2
+
+      - name: Initialize git
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/git-init@master
+        with:
+          name: ${{ secrets.GIT_NAME }}
+          email: ${{ secrets.GIT_EMAIL }}
+          token: ${{ secrets.GIT_TOKEN }}
+
+      - name: Update version file
+        if: needs.init.outputs.publish == 'true'
+        uses: home-assistant/actions/helpers/version-push@master
+        with:
+          key: ${{ env.BUILD_NAME }}
+          version: ${{ needs.init.outputs.version }}
+          channel: ${{ needs.init.outputs.channel }}
+
+  run_supervisor:
+    runs-on: ubuntu-latest
+    name: Run the Supervisor
+    needs: ["build", "codenotary"]
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+
+      - name: Build the Supervisor
+        uses: home-assistant/builder@2021.04.0
+        with:
+          args: |
+            --test \
+            --amd64 \
+            --target /data \
+            --generic runner
+
+      - name: Create the Supervisor
+        run: |
+          mkdir -p /tmp/supervisor/data
+          docker create --name hassio_supervisor \
+            --privileged \
+            --security-opt seccomp=unconfined \
+            --security-opt apparmor:unconfined \
+            -v /run/docker.sock:/run/docker.sock \
+            -v /run/dbus:/run/dbus \
+            -v /tmp/supervisor/data:/data \
+            -v /etc/machine-id:/etc/machine-id:ro \
+            -e SUPERVISOR_SHARE="/tmp/supervisor/data" \
+            -e SUPERVISOR_NAME=hassio_supervisor \
+            -e SUPERVISOR_DEV=1 \
+            -e SUPERVISOR_MACHINE="qemux86-64" \
+          homeassistant/amd64-hassio-supervisor:runner
+
+      - name: Start the Supervisor
+        run: docker start hassio_supervisor
+
+      - name: Wait for Supervisor to come up
+        run: |
+          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
+          ping="error"
+          while [ "$ping" != "ok" ]; do
+            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r .result)
+            sleep 5
+          done
+
+      - name: Check the Supervisor
+        run: |
+          echo "Checking supervisor info"
+          test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r .result)
+          if [ "$test" != "ok" ];then
+            docker logs hassio_supervisor
+            exit 1
+          fi
+
+          echo "Checking supervisor network info"
+          test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r .result)
+          if [ "$test" != "ok" ];then
+            docker logs hassio_supervisor
+            exit 1
+          fi

.github/workflows/check_pr_labels.yml

@@ -0,0 +1,19 @@
+name: Check PR
+
+on:
+  pull_request:
+    branches: ["main"]
+    types: [labeled, unlabeled, synchronize]
+
+jobs:
+  init:
+    name: Check labels
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check labels
+        run: |
+          labels=$(jq -r '.pull_request.labels[] | .name' ${{github.event_path }})
+          echo "$labels"
+          if [ "$labels" == "cla-signed" ]; then
+            exit 1
+          fi

.github/workflows/ci.yaml

@@ -0,0 +1,435 @@
+name: CI
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - main
+  pull_request: ~
+
+env:
+  DEFAULT_PYTHON: 3.8
+  PRE_COMMIT_HOME: ~/.cache/pre-commit
+
+jobs:
+  # Separate job to pre-populate the base dependency cache
+  # This prevent upcoming jobs to do the same individually
+  prepare:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.8]
+    name: Prepare Python ${{ matrix.python-version }} dependencies
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ matrix.python-version }}
+        id: python
+        uses: actions/setup-python@v2.2.2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-
+      - name: Create Python virtual environment
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          python -m venv venv
+          . venv/bin/activate
+          pip install -U pip setuptools
+          pip install -r requirements.txt -r requirements_tests.txt
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pre-commit-
+      - name: Install pre-commit dependencies
+        if: steps.cache-precommit.outputs.cache-hit != 'true'
+        run: |
+          . venv/bin/activate
+          pre-commit install-hooks
+
+  lint-black:
+    name: Check black
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run black
+        run: |
+          . venv/bin/activate
+          black --target-version py38 --check supervisor tests setup.py
+
+  lint-dockerfile:
+    name: Check Dockerfile
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Register hadolint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/hadolint.json"
+      - name: Check Dockerfile
+        uses: docker://hadolint/hadolint:v1.18.0
+        with:
+          args: hadolint Dockerfile
+
+  lint-executable-shebangs:
+    name: Check executables
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Register check executables problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json"
+      - name: Run executables check
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
+
+  lint-flake8:
+    name: Check flake8
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Register flake8 problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/flake8.json"
+      - name: Run flake8
+        run: |
+          . venv/bin/activate
+          flake8 supervisor tests
+
+  lint-isort:
+    name: Check isort
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run isort
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual isort --all-files --show-diff-on-failure
+
+  lint-json:
+    name: Check JSON
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Register check-json problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/check-json.json"
+      - name: Run check-json
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual check-json --all-files
+
+  lint-pylint:
+    name: Check pylint
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Register pylint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/pylint.json"
+      - name: Run pylint
+        run: |
+          . venv/bin/activate
+          pylint supervisor tests
+
+  lint-pyupgrade:
+    name: Check pyupgrade
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run pyupgrade
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual pyupgrade --all-files --show-diff-on-failure
+
+  pytest:
+    runs-on: ubuntu-latest
+    needs: prepare
+    strategy:
+      matrix:
+        python-version: [3.8]
+    name: Run tests Python ${{ matrix.python-version }}
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install CodeNotary
+        shell: bash
+        run: |
+          bash <(curl https://getvcn.codenotary.com -L)
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Install additional system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends libpulse0 libudev1
+      - name: Register Python problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/python.json"
+      - name: Install Pytest Annotation plugin
+        run: |
+          . venv/bin/activate
+          # Ideally this should be part of our dependencies
+          # However this plugin is fairly new and doesn't run correctly
+          # on a non-GitHub environment.
+          pip install pytest-github-actions-annotate-failures
+      - name: Run pytest
+        run: |
+          . venv/bin/activate
+          pytest \
+            -qq \
+            --timeout=10 \
+            --durations=10 \
+            --cov supervisor \
+            -o console_output_style=count \
+            tests
+      - name: Upload coverage artifact
+        uses: actions/upload-artifact@v2.2.3
+        with:
+          name: coverage-${{ matrix.python-version }}
+          path: .coverage
+
+  coverage:
+    name: Process test coverage
+    runs-on: ubuntu-latest
+    needs: pytest
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        uses: actions/setup-python@v2.2.2
+        id: python
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v2.1.5
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Download all coverage artifacts
+        uses: actions/download-artifact@v2
+      - name: Combine coverage results
+        run: |
+          . venv/bin/activate
+          coverage combine coverage*/.coverage*
+          coverage report
+          coverage xml
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v1.3.2

.github/workflows/lock.yml

@@ -0,0 +1,20 @@
+name: Lock
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v2.0.3
+        with:
+          github-token: ${{ github.token }}
+          issue-lock-inactive-days: "30"
+          issue-exclude-created-before: "2020-10-01T00:00:00Z"
+          issue-lock-reason: ""
+          pr-lock-inactive-days: "1"
+          pr-exclude-created-before: "2020-11-01T00:00:00Z"
+          pr-lock-reason: ""

.github/workflows/matchers/check-executables-have-shebangs.json

@@ -0,0 +1,14 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "check-executables-have-shebangs",
+      "pattern": [
+        {
+          "regexp": "^(.+):\\s(.+)$",
+          "file": 1,
+          "message": 2
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/check-json.json

@@ -0,0 +1,16 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "check-json",
+      "pattern": [
+        {
+          "regexp": "^(.+):\\s(.+\\sline\\s(\\d+)\\scolumn\\s(\\d+).+)$",
+          "file": 1,
+          "message": 2,
+          "line": 3,
+          "column": 4
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/flake8.json

@@ -0,0 +1,30 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "flake8-error",
+      "severity": "error",
+      "pattern": [
+        {
+          "regexp": "^(.*):(\\d+):(\\d+):\\s(E\\d{3}\\s.*)$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4
+        }
+      ]
+    },
+    {
+      "owner": "flake8-warning",
+      "severity": "warning",
+      "pattern": [
+        {
+          "regexp": "^(.*):(\\d+):(\\d+):\\s([CDFNW]\\d{3}\\s.*)$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/hadolint.json

@@ -0,0 +1,16 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "hadolint",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+)\\s+((DL\\d{4}).+)$",
+          "file": 1,
+          "line": 2,
+          "message": 3,
+          "code": 4
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/pylint.json

@@ -0,0 +1,32 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "pylint-error",
+      "severity": "error",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+):(\\d+):\\s(([EF]\\d{4}):\\s.+)$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    },
+    {
+      "owner": "pylint-warning",
+      "severity": "warning",
+      "pattern": [
+        {
+          "regexp": "^(.+):(\\d+):(\\d+):\\s(([CRW]\\d{4}):\\s.+)$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}

.github/workflows/matchers/python.json

@@ -0,0 +1,18 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "python",
+      "pattern": [
+        {
+          "regexp": "^\\s*File\\s\\\"(.*)\\\",\\sline\\s(\\d+),\\sin\\s(.*)$",
+          "file": 1,
+          "line": 2
+        },
+        {
+          "regexp": "^\\s*raise\\s(.*)\\(\\'(.*)\\'\\)$",
+          "message": 2
+        }
+      ]
+    }
+  ]
+}

.github/workflows/release-drafter.yml

@@ -0,0 +1,44 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    name: Release Drafter
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Find Next Version
+        id: version
+        run: |
+          declare -i newpost
+          latest=$(git describe --tags $(git rev-list --tags --max-count=1))
+          latestpre=$(echo "$latest" | awk '{split($0,a,"."); print a[1] "." a[2]}')
+          datepre=$(date --utc '+%Y.%m')
+
+
+          if [[ "$latestpre" == "$datepre" ]]; then
+              latestpost=$(echo "$latest" | awk '{split($0,a,"."); print a[3]}')
+              newpost=$latestpost+1
+          else
+              newpost=0
+          fi
+
+          echo Current version:    $latest
+          echo New target version: $datepre.$newpost
+          echo "::set-output name=version::$datepre.$newpost"
+
+      - name: Run Release Drafter
+        uses: release-drafter/release-drafter@v5
+        with:
+          tag: ${{ steps.version.outputs.version }}
+          name: ${{ steps.version.outputs.version }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/sentry.yaml

@@ -0,0 +1,21 @@
+name: Sentry Release
+
+# yamllint disable-line rule:truthy
+on:
+  release:
+    types: [published, prereleased]
+
+jobs:
+  createSentryRelease:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v2
+      - name: Sentry Release
+        uses: getsentry/action-release@v1.1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+        with:
+          environment: production

.github/workflows/stale.yml

@@ -0,0 +1,39 @@
+name: Stale
+
+# yamllint disable-line rule:truthy
+on:
+  schedule:
+    - cron: "0 * * * *"
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v3.0.18
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 60
+          days-before-close: 7
+          stale-issue-label: "stale"
+          exempt-issue-labels: "no-stale,Help%20wanted,help-wanted,pinned,rfc,security"
+          stale-issue-message: >
+            There hasn't been any activity on this issue recently. Due to the
+            high number of incoming GitHub notifications, we have to clean some
+            of the old issues, as many of them have already been resolved with
+            the latest updates.
+
+            Please make sure to update to the latest version and check if that
+            solves the issue. Let us know if that works for you by
+            adding a comment 👍
+
+            This issue has now been marked as stale and will be closed if no
+            further activity occurs. Thank you for your contributions.
+
+          stale-pr-label: "stale"
+          exempt-pr-labels: "no-stale,pinned,rfc,security"
+          stale-pr-message: >
+            There hasn't been any activity on this pull request recently. This
+            pull request has been automatically marked as stale because of that
+            and will be closed if no further activity occurs within 7 days.
+
+            Thank you for your contributions.

.gitignore

@@ -95,3 +95,8 @@ ENV/
 .vscode/*
 !.vscode/cSpell.json
 !.vscode/tasks.json
+!.vscode/launch.json
+
+# mypy
+/.mypy_cache/*
+/.dmypy.json

.hadolint.yaml

@@ -1,5 +1,6 @@
 ignored:
-  - DL3018
+  - DL3003
   - DL3006
   - DL3013
+  - DL3018
   - SC2155

.pre-commit-config.yaml

@@ -0,0 +1,34 @@
+repos:
+  - repo: https://github.com/psf/black
+    rev: 20.8b1
+    hooks:
+      - id: black
+        args:
+          - --safe
+          - --quiet
+          - --target-version
+          - py38
+        files: ^((supervisor|tests)/.+)?[^/]+\.py$
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.8.3
+    hooks:
+      - id: flake8
+        additional_dependencies:
+          - flake8-docstrings==1.5.0
+          - pydocstyle==5.0.2
+        files: ^(supervisor|script|tests)/.+\.py$
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.1.0
+    hooks:
+      - id: check-executables-have-shebangs
+        stages: [manual]
+      - id: check-json
+  - repo: https://github.com/pre-commit/mirrors-isort
+    rev: v4.3.21
+    hooks:
+      - id: isort
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v2.6.2
+    hooks:
+      - id: pyupgrade
+        args: [--py37-plus]

.vcnignore

@@ -0,0 +1,21 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+*.egg-info/
+
+# General files
+.git
+.github
+.devcontainer
+.vscode
+.tox
+
+# Data
+home-assistant-polymer/
+script/
+tests/
+data/
+venv/

.vscode/launch.json

@@ -0,0 +1,18 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Supervisor remote debug",
+      "type": "python",
+      "request": "attach",
+      "port": 33333,
+      "host": "172.30.32.2",
+      "pathMappings": [
+        {
+          "localRoot": "${workspaceFolder}",
+          "remoteRoot": "/usr/src/supervisor"
+        }
+      ]
+    }
+  ]
+}

.vscode/tasks.json

@@ -2,9 +2,9 @@
   "version": "2.0.0",
   "tasks": [
     {
-      "label": "Run Testenv",
+      "label": "Run Supervisor",
       "type": "shell",
-      "command": "./scripts/test_env.sh",
+      "command": "./scripts/run-supervisor.sh",
       "group": {
         "kind": "test",
         "isDefault": true
@@ -16,7 +16,21 @@
       "problemMatcher": []
     },
     {
-      "label": "Run Testenv CLI",
+      "label": "Build Supervisor",
+      "type": "shell",
+      "command": "./scripts/build-supervisor.sh",
+      "group": {
+        "kind": "build",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Run Supervisor CLI",
       "type": "shell",
       "command": "docker exec -ti hassio_cli /usr/bin/cli.sh",
       "group": {
@@ -30,7 +44,7 @@
       "problemMatcher": []
     },
     {
-      "label": "Update UI",
+      "label": "Update Supervisor Panel",
       "type": "shell",
       "command": "./scripts/update-frontend.sh",
       "group": {
@@ -60,7 +74,7 @@
     {
       "label": "Flake8",
       "type": "shell",
-      "command": "flake8 hassio tests",
+      "command": "flake8 supervisor tests",
       "group": {
         "kind": "test",
         "isDefault": true
@@ -74,7 +88,7 @@
     {
       "label": "Pylint",
       "type": "shell",
-      "command": "pylint hassio",
+      "command": "pylint supervisor",
       "dependsOn": ["Install all Requirements"],
       "group": {
         "kind": "test",

Dockerfile

@@ -1,12 +1,18 @@
 ARG BUILD_FROM
-FROM $BUILD_FROM
+FROM ${BUILD_FROM}
 
 ENV \
-    S6_SERVICES_GRACETIME=10000
+    S6_SERVICES_GRACETIME=10000 \
+    SUPERVISOR_API=http://localhost
+
+ARG BUILD_ARCH
+ARG VCN_VERSION
+WORKDIR /usr/src
 
 # Install base
 RUN \
-    apk add --no-cache \
+    set -x \
+    && apk add --no-cache \
         eudev \
         eudev-libs \
         git \
@@ -15,10 +21,36 @@ RUN \
         libpulse \
         musl \
         openssl \
-        socat
-
-ARG BUILD_ARCH
-WORKDIR /usr/src
+    && apk add --no-cache --virtual .build-dependencies \
+        build-base \
+        go \
+    \
+    && git clone -b v${VCN_VERSION} --depth 1 \
+        https://github.com/codenotary/vcn \
+    && cd vcn \
+    \
+    # Fix: https://github.com/codenotary/vcn/issues/131
+    && go get github.com/codenotary/immudb@4cf9e2ae06ac2e6ec98a60364c3de3eab5524757 \
+    \
+    && if [ "${BUILD_ARCH}" = "armhf" ]; then \
+        GOARM=6 GOARCH=arm go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
+    elif [ "${BUILD_ARCH}" = "armv7" ]; then \
+        GOARM=7 GOARCH=arm go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
+    elif [ "${BUILD_ARCH}" = "aarch64" ]; then \
+        GOARCH=arm64 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
+    elif [ "${BUILD_ARCH}" = "i386" ]; then \
+        GOARCH=386 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
+    elif [ "${BUILD_ARCH}" = "amd64" ]; then \
+        GOARCH=amd64 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
+    else \
+        exit 1; \
+    fi \
+    \
+    && rm -rf /root/go /root/.cache \
+    && mv vcn /usr/bin/vcn \
+    \
+    && apk del .build-dependencies \
+    && rm -rf /usr/src/vcn
 
 # Install requirements
 COPY requirements.txt .

LICENSE

@@ -1,674 +1,201 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    <program>  Copyright (C) <year>  <name of author>
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<https://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<https://www.gnu.org/licenses/why-not-lgpl.html>.
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.md

@@ -2,25 +2,31 @@
 
 ## First private cloud solution for home automation
 
-Hass.io is a Docker-based system for managing your Home Assistant installation
-and related applications. The system is controlled via Home Assistant which
-communicates with the Supervisor. The Supervisor provides an API to manage the
-installation. This includes changing network settings or installing
-and updating software.
+Home Assistant (former Hass.io) is a container-based system for managing your
+Home Assistant Core installation and related applications. The system is
+controlled via Home Assistant which communicates with the Supervisor. The
+Supervisor provides an API to manage the installation. This includes changing
+network settings or installing and updating software.
 
 ## Installation
 
-Installation instructions can be found at <https://home-assistant.io/hassio>.
+Installation instructions can be found at https://home-assistant.io/getting-started.
 
 ## Development
 
-The development of the supervisor is a bit tricky. Not difficult but tricky.
+For small changes and bugfixes you can just follow this, but for significant changes open a RFC first.
+Development instructions can be found [here][development].
 
-- You can use the builder to build your supervisor: https://github.com/home-assistant/hassio-builder
-- Go into a HassOS device or VM and pull your supervisor.
-- Set the developer modus with cli `hassio supervisor options --channel=dev`
-- Tag it as `homeassistant/xy-hassio-supervisor:latest`
-- Restart the service like `systemctl restart hassos-supervisor | journalctl -fu hassos-supervisor`
-- Test your changes
+## Release
 
-Small Bugfix or improvements, make a PR. Significant change makes first an RFC.
+Releases are done in 3 stages (channels) with this structure:
+
+1. Pull requests are merged to the `main` branch.
+2. A new build is pushed to the `dev` stage.
+3. Releases are published.
+4. A new build is pushed to the `beta` stage.
+5. The [`stable.json`][stable] file is updated.
+6. The build that was pushed to `beta` will now be pushed to `stable`.
+
+[development]: https://developers.home-assistant.io/docs/supervisor/development
+[stable]: https://github.com/home-assistant/version/blob/master/stable.json

azure-pipelines-ci.yml

@@ -1,52 +0,0 @@
-# https://dev.azure.com/home-assistant
-
-trigger:
-  batch: true
-  branches:
-    include:
-      - master
-      - dev
-pr:
-  - dev
-variables:
-  - name: versionHadolint
-    value: "v1.16.3"
-
-jobs:
-  - job: "Tox"
-    pool:
-      vmImage: "ubuntu-latest"
-    steps:
-      - script: |
-          sudo apt-get update
-          sudo apt-get install -y libpulse0 libudev1
-        displayName: "Install Host library"
-      - task: UsePythonVersion@0
-        displayName: "Use Python 3.7"
-        inputs:
-          versionSpec: "3.7"
-      - script: pip install tox
-        displayName: "Install Tox"
-      - script: tox
-        displayName: "Run Tox"
-  - job: "JQ"
-    pool:
-      vmImage: "ubuntu-latest"
-    steps:
-      - script: sudo apt-get install -y jq
-        displayName: "Install JQ"
-      - bash: |
-          shopt -s globstar
-          cat **/*.json | jq '.'
-        displayName: "Run JQ"
-  - job: "Hadolint"
-    pool:
-      vmImage: "ubuntu-latest"
-    steps:
-      - script: sudo docker pull hadolint/hadolint:$(versionHadolint)
-        displayName: "Install Hadolint"
-      - script: |
-          sudo docker run --rm -i \
-            -v $(pwd)/.hadolint.yaml:/.hadolint.yaml:ro \
-            hadolint/hadolint:$(versionHadolint) < Dockerfile
-        displayName: "Run Hadolint"

azure-pipelines-release.yml

@@ -1,53 +0,0 @@
-# https://dev.azure.com/home-assistant
-
-trigger:
-  batch: true
-  branches:
-    include:
-      - dev
-  tags:
-    include:
-      - "*"
-pr: none
-variables:
-  - name: versionBuilder
-    value: "7.0"
-  - group: docker
-
-jobs:
-  - job: "VersionValidate"
-    pool:
-      vmImage: "ubuntu-latest"
-    steps:
-      - task: UsePythonVersion@0
-        displayName: "Use Python 3.7"
-        inputs:
-          versionSpec: "3.7"
-      - script: |
-          setup_version="$(python setup.py -V)"
-          branch_version="$(Build.SourceBranchName)"
-
-          if [ "${branch_version}" == "dev" ]; then
-            exit 0
-          elif [ "${setup_version}" != "${branch_version}" ]; then
-            echo "Version of tag ${branch_version} don't match with ${setup_version}!"
-            exit 1
-          fi
-        displayName: "Check version of branch/tag"
-  - job: "Release"
-    dependsOn:
-      - "VersionValidate"
-    pool:
-      vmImage: "ubuntu-latest"
-    steps:
-      - script: sudo docker login -u $(dockerUser) -p $(dockerPassword)
-        displayName: "Docker hub login"
-      - script: sudo docker pull homeassistant/amd64-builder:$(versionBuilder)
-        displayName: "Install Builder"
-      - script: |
-          sudo docker run --rm --privileged \
-            -v ~/.docker:/root/.docker \
-            -v /run/docker.sock:/run/docker.sock:rw -v $(pwd):/data:ro \
-            homeassistant/amd64-builder:$(versionBuilder) \
-            --generic $(Build.SourceBranchName) --all -t /data
-        displayName: "Build Release"

azure-pipelines-wheels.yml

@@ -1,26 +0,0 @@
-# https://dev.azure.com/home-assistant
-
-trigger:
-  batch: true
-  branches:
-    include:
-      - dev
-pr: none
-variables:
-  - name: versionWheels
-    value: '1.6.1-3.7-alpine3.11'
-resources:
-  repositories:
-    - repository: azure
-      type: github
-      name: 'home-assistant/ci-azure'
-      endpoint: 'home-assistant'
-
-
-jobs:
-- template: templates/azp-job-wheels.yaml@azure
-  parameters:
-    builderVersion: '$(versionWheels)'
-    builderApk: 'build-base;libffi-dev;openssl-dev'
-    builderPip: 'Cython'
-    wheelsRequirement: 'requirements.txt'

build.json

@@ -1,13 +1,18 @@
 {
   "image": "homeassistant/{arch}-hassio-supervisor",
+  "shadow_repository": "ghcr.io/home-assistant",
   "build_from": {
-    "aarch64": "homeassistant/aarch64-base-python:3.7-alpine3.11",
-    "armhf": "homeassistant/armhf-base-python:3.7-alpine3.11",
-    "armv7": "homeassistant/armv7-base-python:3.7-alpine3.11",
-    "amd64": "homeassistant/amd64-base-python:3.7-alpine3.11",
-    "i386": "homeassistant/i386-base-python:3.7-alpine3.11"
+    "aarch64": "ghcr.io/home-assistant/aarch64-base-python:3.8-alpine3.13",
+    "armhf": "ghcr.io/home-assistant/armhf-base-python:3.8-alpine3.13",
+    "armv7": "ghcr.io/home-assistant/armv7-base-python:3.8-alpine3.13",
+    "amd64": "ghcr.io/home-assistant/amd64-base-python:3.8-alpine3.13",
+    "i386": "ghcr.io/home-assistant/i386-base-python:3.8-alpine3.13"
+  },
+  "args": {
+    "VCN_VERSION": "0.9.4"
   },
   "labels": {
-    "io.hass.type": "supervisor"
+    "io.hass.type": "supervisor",
+    "org.opencontainers.image.source": "https://github.com/home-assistant/supervisor"
   }
 }

codecov.yaml

@@ -0,0 +1,11 @@
+codecov:
+  branch: dev
+coverage:
+  status:
+    project:
+      default:
+        target: 40
+        threshold: 0.09
+comment: false
+github_checks:
+    annotations: false

pylintrc

@@ -1,27 +1,30 @@
 [MASTER]
 reports=no
+jobs=2
+
+good-names=id,i,j,k,ex,Run,_,fp,T
 
 # Reasons disabled:
+# format - handled by black
 # locally-disabled - it spams too much
 # duplicate-code - unavoidable
 # cyclic-import - doesn't test if both import on load
 # abstract-class-little-used - prevents from setting right foundation
 # abstract-class-not-used - is flaky, should not show up but does
 # unused-argument - generic callbacks and setup methods create a lot of warnings
-# global-statement - used for the on-demand requirement installation
 # redefined-variable-type - this is Python, we're duck typing!
 # too-many-* - are not enforced for the sake of readability
 # too-few-* - same as too-many-*
 # abstract-method - with intro of async there are always methods missing
-
 disable=
+  format,
   abstract-class-little-used,
-  abstract-class-not-used,
   abstract-method,
   cyclic-import,
   duplicate-code,
-  global-statement,
   locally-disabled,
+  no-else-return,
+  no-self-use,
   not-context-manager,
   redefined-variable-type,
   too-few-public-methods,
@@ -34,14 +37,6 @@ disable=
   too-many-return-statements,
   too-many-statements,
   unused-argument,
-  line-too-long,
-  bad-continuation,
-  too-few-public-methods,
-  no-self-use,
-  not-async-context-manager,
-  too-many-locals,
-  too-many-branches,
-  no-else-return
 
 [EXCEPTIONS]
 overgeneral-exceptions=Exception

requirements.txt

@@ -1,18 +1,20 @@
-aiohttp==3.6.1
+aiohttp==3.7.4.post0
 async_timeout==3.0.1
-attrs==19.3.0
-cchardet==2.1.6
-colorlog==4.1.0
+atomicwrites==1.4.0
+attrs==20.3.0
+awesomeversion==21.4.0
+brotli==1.0.9
+cchardet==2.1.7
+colorlog==4.8.0
 cpe==1.2.1
-cryptography==2.9
-docker==4.2.0
-gitpython==3.1.0
-jinja2==2.11.1
-packaging==20.3
-ptvsd==4.3.2
-pulsectl==20.2.4
-pytz==2019.3
+cryptography==3.4.6
+debugpy==1.2.1
+docker==5.0.0
+gitpython==3.1.14
+jinja2==2.11.3
+pulsectl==21.3.4
+pytz==2021.1
 pyudev==0.22.0
 ruamel.yaml==0.15.100
-uvloop==0.14.0
-voluptuous==0.11.7
+sentry-sdk==1.0.0
+voluptuous==0.12.1

requirements_tests.txt

@@ -1,6 +1,14 @@
-flake8==3.7.9
-pylint==2.4.4
-pytest==5.4.1
-pytest-timeout==1.3.4
+black==20.8b1
+codecov==2.1.11
+coverage==5.5
+flake8-docstrings==1.6.0
+flake8==3.9.0
+pre-commit==2.12.0
+pydocstyle==6.0.0
+pylint==2.7.4
 pytest-aiohttp==0.3.0
-black==19.10b0
+pytest-asyncio==0.12.0 # NB!: Versions over 0.12.0 breaks pytest-aiohttp (https://github.com/aio-libs/pytest-aiohttp/issues/16)
+pytest-cov==2.11.1
+pytest-timeout==1.4.2
+pytest==6.2.3
+pyupgrade==2.12.0

rootfs/etc/cont-init.d/udev.sh

@@ -2,8 +2,19 @@
 # ==============================================================================
 # Start udev service
 # ==============================================================================
+
+if bashio::fs.directory_exists /run/udev && ! bashio::fs.file_exists /run/.old_udev; then
+    bashio::log.info "Using udev information from host"
+    bashio::exit.ok
+fi
+
+bashio::log.info "Setup udev backend inside container"
 udevd --daemon
 
-bashio::log.info "Update udev informations"
-udevadm trigger
-udevadm settle
+bashio::log.info "Update udev information"
+touch /run/.old_udev
+if udevadm trigger; then
+    udevadm settle || true
+else
+    bashio::log.warning "Triggering of udev rules fails!"
+fi

rootfs/etc/pulse/client.conf

@@ -26,7 +26,7 @@ autospawn = no
 ; daemon-binary = /usr/bin/pulseaudio
 ; extra-arguments = --log-target=syslog
 
-; cookie-file =
+cookie-file = /run/pulse-cookie
 
 ; enable-shm = yes
 ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB

rootfs/etc/services.d/supervisor/finish

@@ -1,5 +1,8 @@
-#!/usr/bin/execlineb -S0
+#!/usr/bin/execlineb -S1
 # ==============================================================================
 # Take down the S6 supervision tree when Supervisor fails
 # ==============================================================================
-s6-svscanctl -t /var/run/s6/services
+if { s6-test ${1} -ne 100 }
+if { s6-test ${1} -ne 256 }
+
+redirfd -w 2 /dev/null s6-svscanctl -t /var/run/s6/services

rootfs/etc/services.d/supervisor/run

@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
-# Start Service service
+# Start Supervisor service
 # ==============================================================================
 export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
 
-exec python3 -m supervisor
+exec python3 -m supervisor

rootfs/etc/services.d/watchdog/finish

@@ -0,0 +1,8 @@
+#!/usr/bin/execlineb -S1
+# ==============================================================================
+# Take down the S6 supervision tree when Watchdog fails
+# ==============================================================================
+if { s6-test ${1} -ne 0 }
+if { s6-test ${1} -ne 256 }
+
+s6-svscanctl -t /var/run/s6/services

rootfs/etc/services.d/watchdog/run

@@ -0,0 +1,34 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Start Watchdog service
+# ==============================================================================
+declare failed_count=0
+declare supervisor_state
+
+bashio::log.info "Starting local supervisor watchdog..."
+
+while [[ failed_count -lt 2 ]];
+do
+    sleep 300
+    supervisor_state="$(cat /run/supervisor)"
+
+    if [[ "${supervisor_state}" = "running"  ]]; then
+
+        # Check API
+        if bashio::supervisor.ping; then
+            failed_count=0
+        else
+            bashio::log.warning "Maybe found an issue on API healthy"
+            ((failed_count++))
+        fi
+
+    elif [[  "close stopping" = *"${supervisor_state}"* ]]; then
+        bashio::log.warning "Maybe found an issue on shutdown"
+        ((failed_count++))
+    else
+        failed_count=0
+    fi
+
+done
+
+basio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"

scripts/build-supervisor.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+source "${BASH_SOURCE[0]%/*}/common.sh"
+
+set -eE
+
+DOCKER_TIMEOUT=30
+DOCKER_PID=0
+
+function build_supervisor() {
+    docker pull homeassistant/amd64-builder:dev
+
+    docker run --rm \
+        --privileged \
+        -v /run/docker.sock:/run/docker.sock \
+        -v "$(pwd):/data" \
+        homeassistant/amd64-builder:dev \
+            --generic latest \
+            --target /data \
+            --test \
+            --amd64 \
+            --no-cache
+}
+
+echo "Build Supervisor"
+start_docker
+trap "stop_docker" ERR
+
+build_supervisor

scripts/common.sh

@@ -1,9 +1,4 @@
 #!/bin/bash
-set -eE
-
-DOCKER_TIMEOUT=30
-DOCKER_PID=0
-
 
 function start_docker() {
     local starttime
@@ -28,7 +23,6 @@ function start_docker() {
     echo "Docker was initialized"
 }
 
-
 function stop_docker() {
     local starttime
     local endtime
@@ -54,17 +48,6 @@ function stop_docker() {
     fi
 }
 
-
-function build_supervisor() {
-    docker pull homeassistant/amd64-builder:dev
-
-    docker run --rm --privileged \
-        -v /run/docker.sock:/run/docker.sock -v "$(pwd):/data" \
-        homeassistant/amd64-builder:dev \
-            --generic dev -t /data --test --amd64 --no-cache
-}
-
-
 function cleanup_lastboot() {
     if [[ -f /workspaces/test_supervisor/config.json ]]; then
         echo "Cleaning up last boot"
@@ -73,61 +56,3 @@ function cleanup_lastboot() {
         rm /tmp/config.json
     fi
 }
-
-
-function cleanup_docker() {
-    echo "Cleaning up stopped containers..."
-    docker rm $(docker ps -a -q) || true
-}
-
-
-function setup_test_env() {
-    mkdir -p /workspaces/test_supervisor
-
-    echo "Start Supervisor"
-    docker run --rm --privileged \
-        --name hassio_supervisor \
-        --security-opt seccomp=unconfined \
-        --security-opt apparmor:unconfined \
-        -v /run/docker.sock:/run/docker.sock \
-        -v /run/dbus:/run/dbus \
-        -v "/workspaces/test_supervisor":/data \
-        -v /etc/machine-id:/etc/machine-id:ro \
-        -e SUPERVISOR_SHARE="/workspaces/test_supervisor" \
-        -e SUPERVISOR_NAME=hassio_supervisor \
-        -e SUPERVISOR_DEV=1 \
-        -e SUPERVISOR_MACHINE="qemux86-64" \
-        homeassistant/amd64-hassio-supervisor:latest
-
-}
-
-
-function init_dbus() {
-    if pgrep dbus-daemon; then
-        echo "Dbus is running"
-        return 0
-    fi
-
-    echo "Startup dbus"
-    mkdir -p /var/lib/dbus
-    cp -f /etc/machine-id /var/lib/dbus/machine-id
-
-    # cleanups
-    mkdir -p /run/dbus
-    rm -f /run/dbus/pid
-
-    # run
-    dbus-daemon --system --print-address
-}
-
-echo "Start Test-Env"
-
-start_docker
-trap "stop_docker" ERR
-
-build_supervisor
-cleanup_lastboot
-cleanup_docker
-init_dbus
-setup_test_env
-stop_docker

scripts/run-supervisor.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+source "${BASH_SOURCE[0]%/*}/common.sh"
+source "${BASH_SOURCE[0]%/*}/build-supervisor.sh"
+
+set -eE
+
+DOCKER_TIMEOUT=30
+DOCKER_PID=0
+
+
+function cleanup_docker() {
+    echo "Cleaning up stopped containers..."
+    docker rm $(docker ps -a -q) || true
+}
+
+
+function run_supervisor() {
+    mkdir -p /workspaces/test_supervisor
+
+    echo "Start Supervisor"
+    docker run --rm --privileged \
+        --name hassio_supervisor \
+        --privileged \
+        --security-opt seccomp=unconfined \
+        --security-opt apparmor:unconfined \
+        -v /run/docker.sock:/run/docker.sock:rw \
+        -v /run/dbus:/run/dbus:ro \
+        -v /run/udev:/run/udev:ro \
+        -v "/workspaces/test_supervisor":/data:rw \
+        -v /etc/machine-id:/etc/machine-id:ro \
+        -v /workspaces/supervisor:/usr/src/supervisor \
+        -e SUPERVISOR_SHARE="/workspaces/test_supervisor" \
+        -e SUPERVISOR_NAME=hassio_supervisor \
+        -e SUPERVISOR_DEV=1 \
+        -e SUPERVISOR_MACHINE="qemux86-64" \
+        homeassistant/amd64-hassio-supervisor:latest
+
+}
+
+
+function init_dbus() {
+    if pgrep dbus-daemon; then
+        echo "Dbus is running"
+        return 0
+    fi
+
+    echo "Startup dbus"
+    mkdir -p /var/lib/dbus
+    cp -f /etc/machine-id /var/lib/dbus/machine-id
+
+    # cleanups
+    mkdir -p /run/dbus
+    rm -f /run/dbus/pid
+
+    # run
+    dbus-daemon --system --print-address
+}
+
+
+function init_udev() {
+    if pgrep systemd-udevd; then
+        echo "udev is running"
+        return 0
+    fi
+
+    echo "Startup udev"
+
+    # cleanups
+    mkdir -p /run/udev
+
+    # run
+    /lib/systemd/systemd-udevd --daemon
+    sleep 3
+    udevadm trigger && udevadm settle
+}
+
+echo "Run Supervisor"
+
+start_docker
+trap "stop_docker" ERR
+
+
+if [ "$( docker container inspect -f '{{.State.Status}}' hassio_supervisor )" == "running" ]; then
+    echo "Restarting Supervisor"
+    docker rm -f hassio_supervisor
+    init_dbus
+    init_udev
+    cleanup_lastboot
+    run_supervisor
+    stop_docker
+
+else
+    echo "Starting Supervisor"
+    docker system prune -f
+    build_supervisor
+    cleanup_lastboot
+    cleanup_docker
+    init_dbus
+    init_udev
+    run_supervisor
+    stop_docker
+fi

scripts/update-frontend.sh

@@ -14,5 +14,5 @@ cd hassio
 ./script/build_hassio
 
 # Copy frontend
-rm -f ../../supervisor/hassio/api/panel/chunk.*
-cp -rf build/* ../../supervisor/api/panel/
+rm -rf ../../supervisor/api/panel/*
+cp -rf build/* ../../supervisor/api/panel/

setup.cfg

@@ -11,7 +11,20 @@ default_section = THIRDPARTY
 forced_separate = tests
 combine_as_imports = true
 use_parentheses = true
+known_first_party = supervisor,tests
 
 [flake8]
+exclude = .venv,.git,.tox,docs,venv,bin,lib,deps,build
+doctests = True
 max-line-length = 88
-ignore = E501, W503
+# E501: line too long
+# W503: Line break occurred before a binary operator
+# E203: Whitespace before ':'
+# D202 No blank lines allowed after function docstring
+# W504 line break after binary operator
+ignore =
+    E501,
+    W503,
+    E203,
+    D202,
+    W504

setup.py

@@ -25,20 +25,35 @@ setup(
         "Topic :: Scientific/Engineering :: Atmospheric Science",
         "Development Status :: 5 - Production/Stable",
         "Intended Audience :: Developers",
-        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: 3.8",
     ],
     keywords=["docker", "home-assistant", "api"],
     zip_safe=False,
     platforms="any",
     packages=[
-        "supervisor",
-        "supervisor.docker",
         "supervisor.addons",
         "supervisor.api",
+        "supervisor.dbus.network",
+        "supervisor.dbus.payloads",
+        "supervisor.dbus",
+        "supervisor.discovery.services",
+        "supervisor.discovery",
+        "supervisor.docker",
+        "supervisor.homeassistant",
+        "supervisor.host",
+        "supervisor.jobs",
         "supervisor.misc",
-        "supervisor.utils",
         "supervisor.plugins",
+        "supervisor.resolution.checks",
+        "supervisor.resolution.evaluations",
+        "supervisor.resolution.fixups",
+        "supervisor.resolution",
+        "supervisor.services.modules",
+        "supervisor.services",
         "supervisor.snapshots",
+        "supervisor.store",
+        "supervisor.utils",
+        "supervisor",
     ],
     include_package_data=True,
 )

supervisor/__main__.py

@@ -2,24 +2,25 @@
 import asyncio
 from concurrent.futures import ThreadPoolExecutor
 import logging
+from pathlib import Path
 import sys
 
 from supervisor import bootstrap
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
+CONTAINER_OS_STARTUP_CHECK = Path("/run/os/startup-marker")
+
+
+def run_os_startup_check_cleanup() -> None:
+    """Cleanup OS startup check."""
+    if not CONTAINER_OS_STARTUP_CHECK.exists():
+        return
 
-def initialize_event_loop():
-    """Attempt to use uvloop."""
     try:
-        # pylint: disable=import-outside-toplevel
-        import uvloop
-
-        uvloop.install()
-    except ImportError:
-        pass
-
-    return asyncio.get_event_loop()
+        CONTAINER_OS_STARTUP_CHECK.unlink()
+    except OSError as err:
+        _LOGGER.warning("Not able to remove the startup health file: %s", err)
 
 
 # pylint: disable=invalid-name
@@ -27,7 +28,7 @@ if __name__ == "__main__":
     bootstrap.initialize_logging()
 
     # Init async event loop
-    loop = initialize_event_loop()
+    loop = asyncio.get_event_loop()
 
     # Check if all information are available to setup Supervisor
     bootstrap.check_environment()
@@ -36,27 +37,27 @@ if __name__ == "__main__":
     executor = ThreadPoolExecutor(thread_name_prefix="SyncWorker")
     loop.set_default_executor(executor)
 
-    _LOGGER.info("Initialize Supervisor setup")
+    _LOGGER.info("Initializing Supervisor setup")
     coresys = loop.run_until_complete(bootstrap.initialize_coresys())
     loop.run_until_complete(coresys.core.connect())
 
     bootstrap.supervisor_debugger(coresys)
     bootstrap.migrate_system_env(coresys)
 
-    _LOGGER.info("Setup Supervisor")
+    # Signal health startup for container
+    run_os_startup_check_cleanup()
+
+    _LOGGER.info("Setting up Supervisor")
     loop.run_until_complete(coresys.core.setup())
 
     loop.call_soon_threadsafe(loop.create_task, coresys.core.start())
-    loop.call_soon_threadsafe(bootstrap.reg_signal, loop)
+    loop.call_soon_threadsafe(bootstrap.reg_signal, loop, coresys)
 
     try:
-        _LOGGER.info("Run Supervisor")
+        _LOGGER.info("Running Supervisor")
         loop.run_forever()
     finally:
-        _LOGGER.info("Stopping Supervisor")
-        loop.run_until_complete(coresys.core.stop())
-        executor.shutdown(wait=False)
         loop.close()
 
-    _LOGGER.info("Close Supervisor")
-    sys.exit(0)
+    _LOGGER.info("Closing Supervisor")
+    sys.exit(coresys.core.exit_code)

supervisor/addons/__init__.py

@@ -5,17 +5,24 @@ import logging
 import tarfile
 from typing import Dict, List, Optional, Union
 
-from ..const import BOOT_AUTO, STATE_STARTED
+from ..const import AddonBoot, AddonStartup, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import (
+    AddonConfigurationError,
     AddonsError,
+    AddonsJobError,
     AddonsNotSupportedError,
     CoreDNSError,
     DockerAPIError,
+    DockerError,
+    DockerNotFound,
     HomeAssistantAPIError,
     HostAppArmorError,
 )
+from ..jobs.decorator import Job, JobCondition
+from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
+from ..utils import check_exception_chain
 from .addon import Addon
 from .data import AddonsData
 
@@ -37,7 +44,7 @@ class AddonManager(CoreSysAttributes):
     @property
     def all(self) -> List[AnyAddon]:
         """Return a list of all add-ons."""
-        addons = {**self.store, **self.local}
+        addons: Dict[str, AnyAddon] = {**self.store, **self.local}
         return list(addons.values())
 
     @property
@@ -45,7 +52,7 @@ class AddonManager(CoreSysAttributes):
         """Return a list of all installed add-ons."""
         return list(self.local.values())
 
-    def get(self, addon_slug: str) -> Optional[AnyAddon]:
+    def get(self, addon_slug: str, local_only: bool = False) -> Optional[AnyAddon]:
         """Return an add-on from slug.
 
         Prio:
@@ -54,7 +61,9 @@ class AddonManager(CoreSysAttributes):
         """
         if addon_slug in self.local:
             return self.local[addon_slug]
-        return self.store.get(addon_slug)
+        if not local_only:
+            return self.store.get(addon_slug)
+        return None
 
     def from_token(self, token: str) -> Optional[Addon]:
         """Return an add-on from Supervisor token."""
@@ -78,51 +87,91 @@ class AddonManager(CoreSysAttributes):
         # Sync DNS
         await self.sync_dns()
 
-    async def boot(self, stage: str) -> None:
+    async def boot(self, stage: AddonStartup) -> None:
         """Boot add-ons with mode auto."""
-        tasks = []
+        tasks: List[Addon] = []
         for addon in self.installed:
-            if addon.boot != BOOT_AUTO or addon.startup != stage:
+            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
                 continue
-            tasks.append(addon.start())
+            tasks.append(addon)
 
-        _LOGGER.info("Phase '%s' start %d add-ons", stage, len(tasks))
-        if tasks:
-            await asyncio.wait(tasks)
-            await asyncio.sleep(self.sys_config.wait_boot)
+        # Evaluate add-ons which need to be started
+        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
+        if not tasks:
+            return
 
-    async def shutdown(self, stage: str) -> None:
+        # Start Add-ons sequential
+        # avoid issue on slow IO
+        for addon in tasks:
+            try:
+                await addon.start()
+            except AddonsError as err:
+                # Check if there is an system/user issue
+                if check_exception_chain(
+                    err, (DockerAPIError, DockerNotFound, AddonConfigurationError)
+                ):
+                    addon.boot = AddonBoot.MANUAL
+                    addon.save_persist()
+            except Exception as err:  # pylint: disable=broad-except
+                self.sys_capture_exception(err)
+            else:
+                continue
+
+            _LOGGER.warning("Can't start Add-on %s", addon.slug)
+
+        await asyncio.sleep(self.sys_config.wait_boot)
+
+    async def shutdown(self, stage: AddonStartup) -> None:
         """Shutdown addons."""
-        tasks = []
+        tasks: List[Addon] = []
         for addon in self.installed:
-            if await addon.state() != STATE_STARTED or addon.startup != stage:
+            if addon.state != AddonState.STARTED or addon.startup != stage:
                 continue
-            tasks.append(addon.stop())
+            tasks.append(addon)
 
-        _LOGGER.info("Phase '%s' stop %d add-ons", stage, len(tasks))
-        if tasks:
-            await asyncio.wait(tasks)
+        # Evaluate add-ons which need to be stopped
+        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
+        if not tasks:
+            return
 
+        # Stop Add-ons sequential
+        # avoid issue on slow IO
+        for addon in tasks:
+            try:
+                await addon.stop()
+            except Exception as err:  # pylint: disable=broad-except
+                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
+                self.sys_capture_exception(err)
+
+    @Job(
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
     async def install(self, slug: str) -> None:
         """Install an add-on."""
         if slug in self.local:
-            _LOGGER.warning("Add-on %s is already installed", slug)
-            return
+            raise AddonsError(f"Add-on {slug} is already installed", _LOGGER.warning)
         store = self.store.get(slug)
 
         if not store:
-            _LOGGER.error("Add-on %s not exists", slug)
-            raise AddonsError()
+            raise AddonsError(f"Add-on {slug} not exists", _LOGGER.error)
 
         if not store.available:
-            _LOGGER.error("Add-on %s not supported on that platform", slug)
-            raise AddonsNotSupportedError()
+            raise AddonsNotSupportedError(
+                f"Add-on {slug} not supported on that platform", _LOGGER.error
+            )
 
         self.data.install(store)
         addon = Addon(self.coresys, slug)
 
         if not addon.path_data.is_dir():
-            _LOGGER.info("Create Home Assistant add-on data folder %s", addon.path_data)
+            _LOGGER.info(
+                "Creating Home Assistant add-on data folder %s", addon.path_data
+            )
             addon.path_data.mkdir()
 
         # Setup/Fix AppArmor profile
@@ -130,24 +179,31 @@ class AddonManager(CoreSysAttributes):
 
         try:
             await addon.instance.install(store.version, store.image)
-        except DockerAPIError:
+        except DockerError as err:
             self.data.uninstall(addon)
-            raise AddonsError() from None
+            raise AddonsError() from err
         else:
             self.local[slug] = addon
-            _LOGGER.info("Add-on '%s' successfully installed", slug)
+
+        # Reload ingress tokens
+        if addon.with_ingress:
+            await self.sys_ingress.reload()
+
+        _LOGGER.info("Add-on '%s' successfully installed", slug)
 
     async def uninstall(self, slug: str) -> None:
         """Remove an add-on."""
         if slug not in self.local:
             _LOGGER.warning("Add-on %s is not installed", slug)
             return
-        addon = self.local.get(slug)
+        addon = self.local[slug]
 
         try:
             await addon.instance.remove()
-        except DockerAPIError:
-            raise AddonsError() from None
+        except DockerError as err:
+            raise AddonsError() from err
+        else:
+            addon.state = AddonState.UNKNOWN
 
         await addon.remove_data()
 
@@ -166,6 +222,11 @@ class AddonManager(CoreSysAttributes):
             with suppress(HomeAssistantAPIError):
                 await self.sys_ingress.update_hass_panel(addon)
 
+        # Cleanup Ingress dynamic port assignment
+        if addon.with_ingress:
+            self.sys_create_task(self.sys_ingress.reload())
+            self.sys_ingress.del_dynamic_port(slug)
+
         # Cleanup discovery data
         for message in self.sys_discovery.list_messages:
             if message.addon != addon.slug:
@@ -183,59 +244,76 @@ class AddonManager(CoreSysAttributes):
 
         _LOGGER.info("Add-on '%s' successfully removed", slug)
 
+    @Job(
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
     async def update(self, slug: str) -> None:
         """Update add-on."""
         if slug not in self.local:
-            _LOGGER.error("Add-on %s is not installed", slug)
-            raise AddonsError()
-        addon = self.local.get(slug)
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
+        addon = self.local[slug]
 
         if addon.is_detached:
-            _LOGGER.error("Add-on %s is not available inside store", slug)
-            raise AddonsError()
-        store = self.store.get(slug)
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
+        store = self.store[slug]
 
         if addon.version == store.version:
-            _LOGGER.warning("No update available for add-on %s", slug)
-            return
+            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
 
         # Check if available, Maybe something have changed
         if not store.available:
-            _LOGGER.error("Add-on %s not supported on that platform", slug)
-            raise AddonsNotSupportedError()
+            raise AddonsNotSupportedError(
+                f"Add-on {slug} not supported on that platform", _LOGGER.error
+            )
 
         # Update instance
-        last_state = await addon.state()
+        last_state: AddonState = addon.state
+        old_image = addon.image
         try:
             await addon.instance.update(store.version, store.image)
+        except DockerError as err:
+            raise AddonsError() from err
 
-            # Cleanup
-            with suppress(DockerAPIError):
-                await addon.instance.cleanup()
-        except DockerAPIError:
-            raise AddonsError() from None
-        else:
-            self.data.update(store)
-            _LOGGER.info("Add-on '%s' successfully updated", slug)
+        _LOGGER.info("Add-on '%s' successfully updated", slug)
+        self.data.update(store)
+
+        # Cleanup
+        with suppress(DockerError):
+            await addon.instance.cleanup(old_image=old_image)
 
         # Setup/Fix AppArmor profile
         await addon.install_apparmor()
 
         # restore state
-        if last_state == STATE_STARTED:
+        if last_state == AddonState.STARTED:
             await addon.start()
 
+    @Job(
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
     async def rebuild(self, slug: str) -> None:
         """Perform a rebuild of local build add-on."""
         if slug not in self.local:
             _LOGGER.error("Add-on %s is not installed", slug)
             raise AddonsError()
-        addon = self.local.get(slug)
+        addon = self.local[slug]
 
         if addon.is_detached:
             _LOGGER.error("Add-on %s is not available inside store", slug)
             raise AddonsError()
-        store = self.store.get(slug)
+        store = self.store[slug]
 
         # Check if a rebuild is possible now
         if addon.version != store.version:
@@ -246,20 +324,28 @@ class AddonManager(CoreSysAttributes):
             raise AddonsNotSupportedError()
 
         # remove docker container but not addon config
-        last_state = await addon.state()
+        last_state: AddonState = addon.state
         try:
             await addon.instance.remove()
             await addon.instance.install(addon.version)
-        except DockerAPIError:
-            raise AddonsError() from None
+        except DockerError as err:
+            raise AddonsError() from err
         else:
             self.data.update(store)
             _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
 
         # restore state
-        if last_state == STATE_STARTED:
+        if last_state == AddonState.STARTED:
             await addon.start()
 
+    @Job(
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
     async def restore(self, slug: str, tar_file: tarfile.TarFile) -> None:
         """Restore state of an add-on."""
         if slug not in self.local:
@@ -278,9 +364,11 @@ class AddonManager(CoreSysAttributes):
 
         # Update ingress
         if addon.with_ingress:
+            await self.sys_ingress.reload()
             with suppress(HomeAssistantAPIError):
                 await self.sys_ingress.update_hass_panel(addon)
 
+    @Job(conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST])
     async def repair(self) -> None:
         """Repair local add-ons."""
         needs_repair: List[Addon] = []
@@ -296,12 +384,8 @@ class AddonManager(CoreSysAttributes):
             return
 
         for addon in needs_repair:
-            _LOGGER.info("Start repair for add-on: %s", addon.slug)
-            await self.sys_run_in_executor(
-                self.sys_docker.network.stale_cleanup, addon.instance.name
-            )
-
-            with suppress(DockerAPIError, KeyError):
+            _LOGGER.info("Repairing for add-on: %s", addon.slug)
+            with suppress(DockerError, KeyError):
                 # Need pull a image again
                 if not addon.need_build:
                     await addon.instance.install(addon.version, addon.image)
@@ -323,11 +407,22 @@ class AddonManager(CoreSysAttributes):
         """Sync add-ons DNS names."""
         # Update hosts
         for addon in self.installed:
-            if not await addon.instance.is_running():
-                continue
-            self.sys_plugins.dns.add_host(
-                ipv4=addon.ip_address, names=[addon.hostname], write=False
-            )
+            try:
+                if not await addon.instance.is_running():
+                    continue
+            except DockerError as err:
+                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
+                self.sys_resolution.create_issue(
+                    IssueType.CORRUPT_DOCKER,
+                    ContextType.ADDON,
+                    reference=addon.slug,
+                    suggestions=[SuggestionType.EXECUTE_REPAIR],
+                )
+                self.sys_capture_exception(err)
+            else:
+                self.sys_plugins.dns.add_host(
+                    ipv4=addon.ip_address, names=[addon.hostname], write=False
+                )
 
         # Write hosts files
         with suppress(CoreDNSError):

supervisor/addons/addon.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor add-ons."""
+import asyncio
 from contextlib import suppress
 from copy import deepcopy
 from ipaddress import IPv4Address
@@ -9,8 +10,9 @@ import secrets
 import shutil
 import tarfile
 from tempfile import TemporaryDirectory
-from typing import Any, Awaitable, Dict, List, Optional
+from typing import Any, Awaitable, Dict, List, Optional, Set
 
+import aiohttp
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
@@ -20,6 +22,8 @@ from ..const import (
     ATTR_AUDIO_OUTPUT,
     ATTR_AUTO_UPDATE,
     ATTR_BOOT,
+    ATTR_DATA,
+    ATTR_EVENT,
     ATTR_IMAGE,
     ATTR_INGRESS_ENTRY,
     ATTR_INGRESS_PANEL,
@@ -30,31 +34,41 @@ from ..const import (
     ATTR_PORTS,
     ATTR_PROTECTED,
     ATTR_SCHEMA,
+    ATTR_SLUG,
     ATTR_STATE,
     ATTR_SYSTEM,
+    ATTR_TYPE,
     ATTR_USER,
     ATTR_UUID,
     ATTR_VERSION,
+    ATTR_WATCHDOG,
     DNS_SUFFIX,
-    STATE_STARTED,
-    STATE_STOPPED,
+    AddonBoot,
+    AddonStartup,
+    AddonState,
 )
 from ..coresys import CoreSys
 from ..docker.addon import DockerAddon
 from ..docker.stats import DockerStats
 from ..exceptions import (
+    AddonConfigurationError,
     AddonsError,
     AddonsNotSupportedError,
-    DockerAPIError,
+    ConfigurationFileError,
+    DockerError,
+    DockerRequestError,
     HostAppArmorError,
-    JsonFileError,
 )
+from ..hardware.data import Device
+from ..homeassistant.const import WSEvent, WSType
+from ..utils import check_port
 from ..utils.apparmor import adjust_profile
 from ..utils.json import read_json_file, write_json_file
-from ..utils.tar import exclude_filter, secure_path
+from ..utils.tar import atomic_contents_add, secure_path
 from .model import AddonModel, Data
+from .options import AddonOptions
 from .utils import remove_data
-from .validate import SCHEMA_ADDON_SNAPSHOT, validate_options
+from .validate import SCHEMA_ADDON_SNAPSHOT
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -63,26 +77,70 @@ RE_WEBUI = re.compile(
     r":\/\/\[HOST\]:\[PORT:(?P<t_port>\d+)\](?P<s_suffix>.*)$"
 )
 
+RE_WATCHDOG = re.compile(
+    r"^(?:(?P<s_prefix>https?|tcp)|\[PROTO:(?P<t_proto>\w+)\])"
+    r":\/\/\[HOST\]:(?:\[PORT:)?(?P<t_port>\d+)\]?(?P<s_suffix>.*)$"
+)
+
 RE_OLD_AUDIO = re.compile(r"\d+,\d+")
 
+WATCHDOG_TIMEOUT = aiohttp.ClientTimeout(total=10)
+
 
 class Addon(AddonModel):
     """Hold data for add-on inside Supervisor."""
 
     def __init__(self, coresys: CoreSys, slug: str):
         """Initialize data holder."""
-        self.coresys: CoreSys = coresys
+        super().__init__(coresys, slug)
         self.instance: DockerAddon = DockerAddon(coresys, self)
-        self.slug: str = slug
+        self._state: AddonState = AddonState.UNKNOWN
+
+    def __repr__(self) -> str:
+        """Return internal representation."""
+        return f"<Addon: {self.slug}>"
+
+    @property
+    def state(self) -> AddonState:
+        """Return state of the add-on."""
+        return self._state
+
+    @state.setter
+    def state(self, new_state: AddonState) -> None:
+        """Set the add-on into new state."""
+        if self._state == new_state:
+            return
+        self._state = new_state
+        self.sys_homeassistant.websocket.send_command(
+            {
+                ATTR_TYPE: WSType.SUPERVISOR_EVENT,
+                ATTR_DATA: {
+                    ATTR_EVENT: WSEvent.ADDON,
+                    ATTR_SLUG: self.slug,
+                    ATTR_STATE: new_state,
+                },
+            }
+        )
+
+    @property
+    def in_progress(self) -> bool:
+        """Return True if a task is in progress."""
+        return self.instance.in_progress
 
     async def load(self) -> None:
         """Async initialize of object."""
-        with suppress(DockerAPIError):
-            await self.instance.attach(tag=self.version)
+        with suppress(DockerError):
+            await self.instance.attach(version=self.version)
+
+            # Evaluate state
+            if await self.instance.is_running():
+                self.state = AddonState.STARTED
+            else:
+                self.state = AddonState.STOPPED
 
     @property
     def ip_address(self) -> IPv4Address:
-        """Return IP of Add-on instance."""
+        """Return IP of add-on instance."""
         return self.instance.ip_address
 
     @property
@@ -120,6 +178,13 @@ class Addon(AddonModel):
         """Return installed version."""
         return self.persist[ATTR_VERSION]
 
+    @property
+    def need_update(self) -> bool:
+        """Return True if an update is available."""
+        if self.is_detached:
+            return False
+        return self.version != self.latest_version
+
     @property
     def dns(self) -> List[str]:
         """Return list of DNS name for that add-on."""
@@ -131,20 +196,17 @@ class Addon(AddonModel):
         return {**self.data[ATTR_OPTIONS], **self.persist[ATTR_OPTIONS]}
 
     @options.setter
-    def options(self, value: Optional[Dict[str, Any]]):
+    def options(self, value: Optional[Dict[str, Any]]) -> None:
         """Store user add-on options."""
-        if value is None:
-            self.persist[ATTR_OPTIONS] = {}
-        else:
-            self.persist[ATTR_OPTIONS] = deepcopy(value)
+        self.persist[ATTR_OPTIONS] = {} if value is None else deepcopy(value)
 
     @property
-    def boot(self) -> bool:
+    def boot(self) -> AddonBoot:
         """Return boot config with prio local settings."""
         return self.persist.get(ATTR_BOOT, super().boot)
 
     @boot.setter
-    def boot(self, value: bool):
+    def boot(self, value: AddonBoot) -> None:
         """Store user boot options."""
         self.persist[ATTR_BOOT] = value
 
@@ -154,10 +216,25 @@ class Addon(AddonModel):
         return self.persist.get(ATTR_AUTO_UPDATE, super().auto_update)
 
     @auto_update.setter
-    def auto_update(self, value: bool):
+    def auto_update(self, value: bool) -> None:
         """Set auto update."""
         self.persist[ATTR_AUTO_UPDATE] = value
 
+    @property
+    def watchdog(self) -> bool:
+        """Return True if watchdog is enable."""
+        return self.persist[ATTR_WATCHDOG]
+
+    @watchdog.setter
+    def watchdog(self, value: bool) -> None:
+        """Set watchdog enable/disable."""
+        if value and self.startup == AddonStartup.ONCE:
+            _LOGGER.warning(
+                "Ignoring watchdog for %s because startup type is 'once'", self.slug
+            )
+        else:
+            self.persist[ATTR_WATCHDOG] = value
+
     @property
     def uuid(self) -> str:
         """Return an API token for this add-on."""
@@ -191,7 +268,7 @@ class Addon(AddonModel):
         return self.persist[ATTR_PROTECTED]
 
     @protected.setter
-    def protected(self, value: bool):
+    def protected(self, value: bool) -> None:
         """Set add-on in protected mode."""
         self.persist[ATTR_PROTECTED] = value
 
@@ -201,7 +278,7 @@ class Addon(AddonModel):
         return self.persist.get(ATTR_NETWORK, super().ports)
 
     @ports.setter
-    def ports(self, value: Optional[Dict[str, Optional[int]]]):
+    def ports(self, value: Optional[Dict[str, Optional[int]]]) -> None:
         """Set custom ports of add-on."""
         if value is None:
             self.persist.pop(ATTR_NETWORK, None)
@@ -246,10 +323,6 @@ class Addon(AddonModel):
         else:
             port = self.ports.get(f"{t_port}/tcp", t_port)
 
-        # for interface config or port lists
-        if isinstance(port, (tuple, list)):
-            port = port[-1]
-
         # lookup the correct protocol from config
         if t_proto:
             proto = "https" if self.options.get(t_proto) else "http"
@@ -275,7 +348,7 @@ class Addon(AddonModel):
         return self.persist[ATTR_INGRESS_PANEL]
 
     @ingress_panel.setter
-    def ingress_panel(self, value: bool):
+    def ingress_panel(self, value: bool) -> None:
         """Return True if the add-on access support ingress."""
         self.persist[ATTR_INGRESS_PANEL] = value
 
@@ -311,83 +384,150 @@ class Addon(AddonModel):
         return input_data
 
     @audio_input.setter
-    def audio_input(self, value: Optional[str]):
+    def audio_input(self, value: Optional[str]) -> None:
         """Set audio input settings."""
         self.persist[ATTR_AUDIO_INPUT] = value
 
     @property
-    def image(self):
+    def image(self) -> Optional[str]:
         """Return image name of add-on."""
         return self.persist.get(ATTR_IMAGE)
 
     @property
-    def need_build(self):
+    def need_build(self) -> bool:
         """Return True if this  add-on need a local build."""
         return ATTR_IMAGE not in self.data
 
     @property
-    def path_data(self):
+    def path_data(self) -> Path:
         """Return add-on data path inside Supervisor."""
         return Path(self.sys_config.path_addons_data, self.slug)
 
     @property
-    def path_extern_data(self):
+    def path_extern_data(self) -> PurePath:
         """Return add-on data path external for Docker."""
         return PurePath(self.sys_config.path_extern_addons_data, self.slug)
 
     @property
-    def path_options(self):
+    def path_options(self) -> Path:
         """Return path to add-on options."""
         return Path(self.path_data, "options.json")
 
     @property
-    def path_pulse(self):
+    def path_pulse(self) -> Path:
         """Return path to asound config."""
         return Path(self.sys_config.path_tmp, f"{self.slug}_pulse")
 
     @property
-    def path_extern_pulse(self):
+    def path_extern_pulse(self) -> Path:
         """Return path to asound config for Docker."""
         return Path(self.sys_config.path_extern_tmp, f"{self.slug}_pulse")
 
-    def save_persist(self):
+    @property
+    def devices(self) -> Set[Device]:
+        """Extract devices from add-on options."""
+        raw_schema = self.data[ATTR_SCHEMA]
+        if isinstance(raw_schema, bool) or not raw_schema:
+            return set()
+
+        # Validate devices
+        options_validator = AddonOptions(self.coresys, raw_schema, self.name, self.slug)
+        with suppress(vol.Invalid):
+            options_validator(self.options)
+
+        return options_validator.devices
+
+    @property
+    def pwned(self) -> Set[str]:
+        """Extract pwned data for add-on options."""
+        raw_schema = self.data[ATTR_SCHEMA]
+        if isinstance(raw_schema, bool) or not raw_schema:
+            return set()
+
+        # Validate devices
+        options_validator = AddonOptions(self.coresys, raw_schema, self.name, self.slug)
+        with suppress(vol.Invalid):
+            options_validator(self.options)
+
+        return options_validator.pwned
+
+    def save_persist(self) -> None:
         """Save data of add-on."""
         self.sys_addons.data.save_data()
 
-    async def write_options(self):
-        """Return True if add-on options is written to data."""
-        schema = self.schema
-        options = self.options
+    async def watchdog_application(self) -> bool:
+        """Return True if application is running."""
+        url = super().watchdog
+        if not url:
+            return True
+        application = RE_WATCHDOG.match(url)
 
+        # extract arguments
+        t_port = application.group("t_port")
+        t_proto = application.group("t_proto")
+        s_prefix = application.group("s_prefix") or ""
+        s_suffix = application.group("s_suffix") or ""
+
+        # search host port for this docker port
+        if self.host_network:
+            port = self.ports.get(f"{t_port}/tcp", t_port)
+        else:
+            port = t_port
+
+        # TCP monitoring
+        if s_prefix == "tcp":
+            return await self.sys_run_in_executor(check_port, self.ip_address, port)
+
+        # lookup the correct protocol from config
+        if t_proto:
+            proto = "https" if self.options.get(t_proto) else "http"
+        else:
+            proto = s_prefix
+
+        # Make HTTP request
+        try:
+            url = f"{proto}://{self.ip_address}:{port}{s_suffix}"
+            async with self.sys_websession_ssl.get(
+                url, timeout=WATCHDOG_TIMEOUT
+            ) as req:
+                if req.status < 300:
+                    return True
+        except (asyncio.TimeoutError, aiohttp.ClientError):
+            pass
+
+        return False
+
+    async def write_options(self) -> None:
+        """Return True if add-on options is written to data."""
         # Update secrets for validation
-        await self.sys_secrets.reload()
+        await self.sys_homeassistant.secrets.reload()
 
         try:
-            options = schema(options)
+            options = self.schema(self.options)
             write_json_file(self.path_options, options)
         except vol.Invalid as ex:
             _LOGGER.error(
-                "Add-on %s have wrong options: %s",
+                "Add-on %s has invalid options: %s",
                 self.slug,
-                humanize_error(options, ex),
+                humanize_error(self.options, ex),
             )
-        except JsonFileError:
+        except ConfigurationFileError:
             _LOGGER.error("Add-on %s can't write options", self.slug)
         else:
             _LOGGER.debug("Add-on %s write options: %s", self.slug, options)
             return
 
-        raise AddonsError()
+        raise AddonConfigurationError()
 
-    async def remove_data(self):
+    async def remove_data(self) -> None:
         """Remove add-on data."""
         if not self.path_data.is_dir():
             return
 
-        _LOGGER.info("Remove add-on data folder %s", self.path_data)
+        _LOGGER.info("Removing add-on data folder %s", self.path_data)
         await remove_data(self.path_data)
 
-    def write_pulse(self):
+    def write_pulse(self) -> None:
         """Write asound config to file and return True on success."""
         pulse_config = self.sys_plugins.audio.pulse_client(
             input_profile=self.audio_input, output_profile=self.audio_output
@@ -452,7 +592,9 @@ class Addon(AddonModel):
 
         # create voluptuous
         new_schema = vol.Schema(
-            vol.All(dict, validate_options(self.coresys, new_raw_schema))
+            vol.All(
+                dict, AddonOptions(self.coresys, new_raw_schema, self.name, self.slug)
+            )
         )
 
         # validate
@@ -463,16 +605,10 @@ class Addon(AddonModel):
             return False
         return True
 
-    async def state(self) -> str:
-        """Return running state of add-on."""
-        if await self.instance.is_running():
-            return STATE_STARTED
-        return STATE_STOPPED
-
     async def start(self) -> None:
         """Set options and start add-on."""
         if await self.instance.is_running():
-            _LOGGER.warning("%s already running!", self.slug)
+            _LOGGER.warning("%s is already running!", self.slug)
             return
 
         # Access Token
@@ -489,15 +625,27 @@ class Addon(AddonModel):
         # Start Add-on
         try:
             await self.instance.run()
-        except DockerAPIError:
-            raise AddonsError() from None
+        except DockerRequestError as err:
+            self.state = AddonState.ERROR
+            raise AddonsError() from err
+        except DockerError as err:
+            self.state = AddonState.ERROR
+            raise AddonsError() from err
+        else:
+            self.state = AddonState.STARTED
 
     async def stop(self) -> None:
         """Stop add-on."""
         try:
-            return await self.instance.stop()
-        except DockerAPIError:
-            raise AddonsError() from None
+            await self.instance.stop()
+        except DockerRequestError as err:
+            self.state = AddonState.ERROR
+            raise AddonsError() from err
+        except DockerError as err:
+            self.state = AddonState.ERROR
+            raise AddonsError() from err
+        else:
+            self.state = AddonState.STOPPED
 
     async def restart(self) -> None:
         """Restart add-on."""
@@ -512,80 +660,91 @@ class Addon(AddonModel):
         """
         return self.instance.logs()
 
+    def is_running(self) -> Awaitable[bool]:
+        """Return True if Docker container is running.
+
+        Return a coroutine.
+        """
+        return self.instance.is_running()
+
     async def stats(self) -> DockerStats:
         """Return stats of container."""
         try:
             return await self.instance.stats()
-        except DockerAPIError:
-            raise AddonsError() from None
+        except DockerError as err:
+            raise AddonsError() from err
 
-    async def write_stdin(self, data):
+    async def write_stdin(self, data) -> None:
         """Write data to add-on stdin.
 
         Return a coroutine.
         """
         if not self.with_stdin:
-            _LOGGER.error("Add-on don't support write to stdin!")
+            _LOGGER.error("Add-on %s does not support writing to stdin!", self.slug)
             raise AddonsNotSupportedError()
 
         try:
             return await self.instance.write_stdin(data)
-        except DockerAPIError:
-            raise AddonsError() from None
+        except DockerError as err:
+            raise AddonsError() from err
 
     async def snapshot(self, tar_file: tarfile.TarFile) -> None:
         """Snapshot state of an add-on."""
         with TemporaryDirectory(dir=self.sys_config.path_tmp) as temp:
+            temp_path = Path(temp)
+
             # store local image
             if self.need_build:
                 try:
-                    await self.instance.export_image(Path(temp, "image.tar"))
-                except DockerAPIError:
-                    raise AddonsError() from None
+                    await self.instance.export_image(temp_path.joinpath("image.tar"))
+                except DockerError as err:
+                    raise AddonsError() from err
 
             data = {
                 ATTR_USER: self.persist,
                 ATTR_SYSTEM: self.data,
                 ATTR_VERSION: self.version,
-                ATTR_STATE: await self.state(),
+                ATTR_STATE: self.state,
             }
 
             # Store local configs/state
             try:
-                write_json_file(Path(temp, "addon.json"), data)
-            except JsonFileError:
+                write_json_file(temp_path.joinpath("addon.json"), data)
+            except ConfigurationFileError as err:
                 _LOGGER.error("Can't save meta for %s", self.slug)
-                raise AddonsError() from None
+                raise AddonsError() from err
 
             # Store AppArmor Profile
             if self.sys_host.apparmor.exists(self.slug):
-                profile = Path(temp, "apparmor.txt")
+                profile = temp_path.joinpath("apparmor.txt")
                 try:
                     self.sys_host.apparmor.backup_profile(self.slug, profile)
-                except HostAppArmorError:
+                except HostAppArmorError as err:
                     _LOGGER.error("Can't backup AppArmor profile")
-                    raise AddonsError() from None
+                    raise AddonsError() from err
 
             # write into tarfile
             def _write_tarfile():
                 """Write tar inside loop."""
                 with tar_file as snapshot:
                     # Snapshot system
+
                     snapshot.add(temp, arcname=".")
 
                     # Snapshot data
-                    snapshot.add(
+                    atomic_contents_add(
+                        snapshot,
                         self.path_data,
+                        excludes=self.snapshot_exclude,
                         arcname="data",
-                        filter=exclude_filter(self.snapshot_exclude),
                     )
 
             try:
-                _LOGGER.info("Build snapshot for add-on %s", self.slug)
+                _LOGGER.info("Building snapshot for add-on %s", self.slug)
                 await self.sys_run_in_executor(_write_tarfile)
             except (tarfile.TarError, OSError) as err:
                 _LOGGER.error("Can't write tarfile %s: %s", tar_file, err)
-                raise AddonsError() from None
+                raise AddonsError() from err
 
         _LOGGER.info("Finish snapshot for addon %s", self.slug)
 
@@ -602,13 +761,13 @@ class Addon(AddonModel):
                 await self.sys_run_in_executor(_extract_tarfile)
             except tarfile.TarError as err:
                 _LOGGER.error("Can't read tarfile %s: %s", tar_file, err)
-                raise AddonsError() from None
+                raise AddonsError() from err
 
             # Read snapshot data
             try:
                 data = read_json_file(Path(temp, "addon.json"))
-            except JsonFileError:
-                raise AddonsError() from None
+            except ConfigurationFileError as err:
+                raise AddonsError() from err
 
             # Validate
             try:
@@ -619,14 +778,14 @@ class Addon(AddonModel):
                     self.slug,
                     humanize_error(data, err),
                 )
-                raise AddonsError() from None
+                raise AddonsError() from err
 
             # If available
             if not self._available(data[ATTR_SYSTEM]):
-                _LOGGER.error("Add-on %s is not available for this Platform", self.slug)
+                _LOGGER.error("Add-on %s is not available for this platform", self.slug)
                 raise AddonsNotSupportedError()
 
-            # Restore local add-on informations
+            # Restore local add-on information
             _LOGGER.info("Restore config for addon %s", self.slug)
             restore_image = self._image(data[ATTR_SYSTEM])
             self.sys_addons.data.restore(
@@ -636,49 +795,51 @@ class Addon(AddonModel):
             # Check version / restore image
             version = data[ATTR_VERSION]
             if not await self.instance.exists():
-                _LOGGER.info("Restore/Install image for addon %s", self.slug)
+                _LOGGER.info("Restore/Install of image for addon %s", self.slug)
 
                 image_file = Path(temp, "image.tar")
                 if image_file.is_file():
-                    with suppress(DockerAPIError):
+                    with suppress(DockerError):
                         await self.instance.import_image(image_file)
                 else:
-                    with suppress(DockerAPIError):
+                    with suppress(DockerError):
                         await self.instance.install(version, restore_image)
                         await self.instance.cleanup()
             elif self.instance.version != version or self.legacy:
-                _LOGGER.info("Restore/Update image for addon %s", self.slug)
-                with suppress(DockerAPIError):
+                _LOGGER.info("Restore/Update of image for addon %s", self.slug)
+                with suppress(DockerError):
                     await self.instance.update(version, restore_image)
             else:
-                with suppress(DockerAPIError):
+                with suppress(DockerError):
                     await self.instance.stop()
 
             # Restore data
             def _restore_data():
                 """Restore data."""
-                shutil.copytree(Path(temp, "data"), self.path_data)
+                shutil.copytree(Path(temp, "data"), self.path_data, symlinks=True)
 
-            _LOGGER.info("Restore data for addon %s", self.slug)
+            _LOGGER.info("Restoring data for addon %s", self.slug)
             if self.path_data.is_dir():
                 await remove_data(self.path_data)
             try:
                 await self.sys_run_in_executor(_restore_data)
             except shutil.Error as err:
                 _LOGGER.error("Can't restore origin data: %s", err)
-                raise AddonsError() from None
+                raise AddonsError() from err
 
             # Restore AppArmor
             profile_file = Path(temp, "apparmor.txt")
             if profile_file.exists():
                 try:
                     await self.sys_host.apparmor.load_profile(self.slug, profile_file)
-                except HostAppArmorError:
-                    _LOGGER.error("Can't restore AppArmor profile")
-                    raise AddonsError() from None
+                except HostAppArmorError as err:
+                    _LOGGER.error(
+                        "Can't restore AppArmor profile for add-on %s", self.slug
+                    )
+                    raise AddonsError() from err
 
             # Run add-on
-            if data[ATTR_STATE] == STATE_STARTED:
+            if data[ATTR_STATE] == AddonState.STARTED:
                 return await self.start()
 
-        _LOGGER.info("Finish restore for add-on %s", self.slug)
+        _LOGGER.info("Finished restore for add-on %s", self.slug)

supervisor/addons/build.py

@@ -1,18 +1,28 @@
 """Supervisor add-on build environment."""
 from __future__ import annotations
+
 from pathlib import Path
 from typing import TYPE_CHECKING, Dict
 
-from ..const import ATTR_ARGS, ATTR_BUILD_FROM, ATTR_SQUASH, META_ADDON
+from awesomeversion import AwesomeVersion
+
+from ..const import (
+    ATTR_ARGS,
+    ATTR_BUILD_FROM,
+    ATTR_SQUASH,
+    FILE_SUFFIX_CONFIGURATION,
+    META_ADDON,
+)
 from ..coresys import CoreSys, CoreSysAttributes
-from ..utils.json import JsonConfig
+from ..exceptions import ConfigurationFileError
+from ..utils.common import FileConfiguration, find_one_filetype
 from .validate import SCHEMA_BUILD_CONFIG
 
 if TYPE_CHECKING:
     from . import AnyAddon
 
 
-class AddonBuild(JsonConfig, CoreSysAttributes):
+class AddonBuild(FileConfiguration, CoreSysAttributes):
     """Handle build options for add-ons."""
 
     def __init__(self, coresys: CoreSys, addon: AnyAddon) -> None:
@@ -20,9 +30,14 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
         self.coresys: CoreSys = coresys
         self.addon = addon
 
-        super().__init__(
-            Path(self.addon.path_location, "build.json"), SCHEMA_BUILD_CONFIG
-        )
+        try:
+            build_file = find_one_filetype(
+                self.addon.path_location, "build", FILE_SUFFIX_CONFIGURATION
+            )
+        except ConfigurationFileError:
+            build_file = self.addon.path_location / "build.json"
+
+        super().__init__(build_file, SCHEMA_BUILD_CONFIG)
 
     def save_data(self):
         """Ignore save function."""
@@ -30,7 +45,7 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
 
     @property
     def base_image(self) -> str:
-        """Base images for this add-on."""
+        """Return base image for this add-on."""
         return self._data[ATTR_BUILD_FROM].get(
             self.sys_arch.default, f"homeassistant/{self.sys_arch.default}-base:latest"
         )
@@ -45,11 +60,21 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
         """Return additional Docker build arguments."""
         return self._data[ATTR_ARGS]
 
-    def get_docker_args(self, version):
+    @property
+    def is_valid(self) -> bool:
+        """Return true if the build env is valid."""
+        return all(
+            [
+                self.addon.path_location.is_dir(),
+                Path(self.addon.path_location, "Dockerfile").is_file(),
+            ]
+        )
+
+    def get_docker_args(self, version: AwesomeVersion):
         """Create a dict with Docker build arguments."""
         args = {
             "path": str(self.addon.path_location),
-            "tag": f"{self.addon.image}:{version}",
+            "tag": f"{self.addon.image}:{version!s}",
             "pull": True,
             "forcerm": True,
             "squash": self.squash,

supervisor/addons/data.py

@@ -1,6 +1,5 @@
 """Init file for Supervisor add-on data."""
 from copy import deepcopy
-import logging
 from typing import Any, Dict
 
 from ..const import (
@@ -12,17 +11,15 @@ from ..const import (
     FILE_HASSIO_ADDONS,
 )
 from ..coresys import CoreSys, CoreSysAttributes
-from ..utils.json import JsonConfig
 from ..store.addon import AddonStore
+from ..utils.common import FileConfiguration
 from .addon import Addon
 from .validate import SCHEMA_ADDONS_FILE
 
-_LOGGER: logging.Logger = logging.getLogger(__name__)
-
 Config = Dict[str, Any]
 
 
-class AddonsData(JsonConfig, CoreSysAttributes):
+class AddonsData(FileConfiguration, CoreSysAttributes):
     """Hold data for installed Add-ons inside Supervisor."""
 
     def __init__(self, coresys: CoreSys):

supervisor/addons/model.py

@@ -1,8 +1,9 @@
 """Init file for Supervisor add-ons."""
+from abc import ABC, abstractmethod
 from pathlib import Path
 from typing import Any, Awaitable, Dict, List, Optional
 
-from packaging import version as pkg_version
+from awesomeversion import AwesomeVersion, AwesomeVersionException
 import voluptuous as vol
 
 from ..const import (
@@ -11,7 +12,6 @@ from ..const import (
     ATTR_ARCH,
     ATTR_AUDIO,
     ATTR_AUTH_API,
-    ATTR_AUTO_UART,
     ATTR_BOOT,
     ATTR_DESCRIPTON,
     ATTR_DEVICES,
@@ -32,6 +32,7 @@ from ..const import (
     ATTR_IMAGE,
     ATTR_INGRESS,
     ATTR_INIT,
+    ATTR_JOURNALD,
     ATTR_KERNEL_MODULES,
     ATTR_LEGACY,
     ATTR_LOCATON,
@@ -45,6 +46,7 @@ from ..const import (
     ATTR_PORTS,
     ATTR_PORTS_DESCRIPTION,
     ATTR_PRIVILEGED,
+    ATTR_REALTIME,
     ATTR_REPOSITORY,
     ATTR_SCHEMA,
     ATTR_SERVICES,
@@ -55,41 +57,52 @@ from ..const import (
     ATTR_STDIN,
     ATTR_TIMEOUT,
     ATTR_TMPFS,
+    ATTR_TRANSLATIONS,
+    ATTR_UART,
     ATTR_UDEV,
     ATTR_URL,
+    ATTR_USB,
     ATTR_VERSION,
     ATTR_VIDEO,
+    ATTR_WATCHDOG,
     ATTR_WEBUI,
     SECURITY_DEFAULT,
     SECURITY_DISABLE,
     SECURITY_PROFILE,
-    AddonStages,
+    AddonBoot,
+    AddonStage,
+    AddonStartup,
 )
-from ..coresys import CoreSysAttributes
-from .validate import RE_SERVICE, RE_VOLUME, schema_ui_options, validate_options
+from ..coresys import CoreSys, CoreSysAttributes
+from ..docker.const import Capabilities
+from .options import AddonOptions, UiOptions
+from .validate import RE_SERVICE, RE_VOLUME
 
 Data = Dict[str, Any]
 
 
-class AddonModel(CoreSysAttributes):
+class AddonModel(CoreSysAttributes, ABC):
     """Add-on Data layout."""
 
-    slug: str = None
+    def __init__(self, coresys: CoreSys, slug: str):
+        """Initialize data holder."""
+        self.coresys: CoreSys = coresys
+        self.slug: str = slug
 
     @property
+    @abstractmethod
     def data(self) -> Data:
-        """Return Add-on config/data."""
-        raise NotImplementedError()
+        """Return add-on config/data."""
 
     @property
+    @abstractmethod
     def is_installed(self) -> bool:
         """Return True if an add-on is installed."""
-        raise NotImplementedError()
 
     @property
+    @abstractmethod
     def is_detached(self) -> bool:
         """Return True if add-on is detached."""
-        raise NotImplementedError()
 
     @property
     def available(self) -> bool:
@@ -102,7 +115,7 @@ class AddonModel(CoreSysAttributes):
         return self.data[ATTR_OPTIONS]
 
     @property
-    def boot(self) -> bool:
+    def boot(self) -> AddonBoot:
         """Return boot config with prio local settings."""
         return self.data[ATTR_BOOT]
 
@@ -175,12 +188,17 @@ class AddonModel(CoreSysAttributes):
         return self.data[ATTR_REPOSITORY]
 
     @property
-    def latest_version(self) -> str:
+    def translations(self) -> dict:
+        """Return add-on translations."""
+        return self.data[ATTR_TRANSLATIONS]
+
+    @property
+    def latest_version(self) -> AwesomeVersion:
         """Return latest version of add-on."""
         return self.data[ATTR_VERSION]
 
     @property
-    def version(self) -> str:
+    def version(self) -> AwesomeVersion:
         """Return version of add-on."""
         return self.data[ATTR_VERSION]
 
@@ -190,9 +208,9 @@ class AddonModel(CoreSysAttributes):
         return True
 
     @property
-    def startup(self) -> Optional[str]:
+    def startup(self) -> AddonStartup:
         """Return startup type of add-on."""
-        return self.data.get(ATTR_STARTUP)
+        return self.data[ATTR_STARTUP]
 
     @property
     def advanced(self) -> bool:
@@ -200,7 +218,7 @@ class AddonModel(CoreSysAttributes):
         return self.data[ATTR_ADVANCED]
 
     @property
-    def stage(self) -> AddonStages:
+    def stage(self) -> AddonStage:
         """Return stage mode of add-on."""
         return self.data[ATTR_STAGE]
 
@@ -212,7 +230,8 @@ class AddonModel(CoreSysAttributes):
         services = {}
         for data in services_list:
             service = RE_SERVICE.match(data)
-            services[service.group("service")] = service.group("rights")
+            if service:
+                services[service.group("service")] = service.group("rights")
 
         return services
 
@@ -241,6 +260,11 @@ class AddonModel(CoreSysAttributes):
         """Return URL to webui or None."""
         return self.data.get(ATTR_WEBUI)
 
+    @property
+    def watchdog(self) -> Optional[str]:
+        """Return URL to for watchdog or None."""
+        return self.data.get(ATTR_WATCHDOG)
+
     @property
     def ingress_port(self) -> Optional[int]:
         """Return Ingress port."""
@@ -282,19 +306,9 @@ class AddonModel(CoreSysAttributes):
         return self.data[ATTR_HOST_DBUS]
 
     @property
-    def devices(self) -> Optional[List[str]]:
-        """Return devices of add-on."""
-        return self.data.get(ATTR_DEVICES, [])
-
-    @property
-    def auto_uart(self) -> bool:
-        """Return True if we should map all UART device."""
-        return self.data[ATTR_AUTO_UART]
-
-    @property
-    def tmpfs(self) -> Optional[str]:
-        """Return tmpfs of add-on."""
-        return self.data.get(ATTR_TMPFS)
+    def static_devices(self) -> List[Path]:
+        """Return static devices of add-on."""
+        return [Path(node) for node in self.data.get(ATTR_DEVICES, [])]
 
     @property
     def environment(self) -> Optional[Dict[str, str]]:
@@ -302,7 +316,7 @@ class AddonModel(CoreSysAttributes):
         return self.data.get(ATTR_ENVIRONMENT)
 
     @property
-    def privileged(self) -> List[str]:
+    def privileged(self) -> List[Capabilities]:
         """Return list of privilege."""
         return self.data.get(ATTR_PRIVILEGED, [])
 
@@ -370,6 +384,16 @@ class AddonModel(CoreSysAttributes):
         """Return True if the add-on access to GPIO interface."""
         return self.data[ATTR_GPIO]
 
+    @property
+    def with_usb(self) -> bool:
+        """Return True if the add-on need USB access."""
+        return self.data[ATTR_USB]
+
+    @property
+    def with_uart(self) -> bool:
+        """Return True if we should map all UART device."""
+        return self.data[ATTR_UART]
+
     @property
     def with_udev(self) -> bool:
         """Return True if the add-on have his own udev."""
@@ -380,6 +404,11 @@ class AddonModel(CoreSysAttributes):
         """Return True if the add-on access to kernel modules."""
         return self.data[ATTR_KERNEL_MODULES]
 
+    @property
+    def with_realtime(self) -> bool:
+        """Return True if the add-on need realtime schedule functions."""
+        return self.data[ATTR_REALTIME]
+
     @property
     def with_full_access(self) -> bool:
         """Return True if the add-on want full access to hardware."""
@@ -390,6 +419,11 @@ class AddonModel(CoreSysAttributes):
         """Return True if the add-on read access to devicetree."""
         return self.data[ATTR_DEVICETREE]
 
+    @property
+    def with_tmpfs(self) -> Optional[str]:
+        """Return if tmp is in memory of add-on."""
+        return self.data[ATTR_TMPFS]
+
     @property
     def access_auth_api(self) -> bool:
         """Return True if the add-on access to login/auth backend."""
@@ -446,7 +480,7 @@ class AddonModel(CoreSysAttributes):
         return self.data.get(ATTR_MACHINE, [])
 
     @property
-    def image(self) -> str:
+    def image(self) -> Optional[str]:
         """Generate image name from data."""
         return self._image(self.data)
 
@@ -461,6 +495,8 @@ class AddonModel(CoreSysAttributes):
         volumes = {}
         for volume in self.data[ATTR_MAP]:
             result = RE_VOLUME.match(volume)
+            if not result:
+                continue
             volumes[result.group(1)] = result.group(2) or "ro"
 
         return volumes
@@ -501,8 +537,10 @@ class AddonModel(CoreSysAttributes):
         raw_schema = self.data[ATTR_SCHEMA]
 
         if isinstance(raw_schema, bool):
-            return vol.Schema(dict)
-        return vol.Schema(vol.All(dict, validate_options(self.coresys, raw_schema)))
+            raw_schema = {}
+        return vol.Schema(
+            vol.All(dict, AddonOptions(self.coresys, raw_schema, self.name, self.slug))
+        )
 
     @property
     def schema_ui(self) -> Optional[List[Dict[str, Any]]]:
@@ -511,7 +549,12 @@ class AddonModel(CoreSysAttributes):
 
         if isinstance(raw_schema, bool):
             return None
-        return schema_ui_options(raw_schema)
+        return UiOptions(self.coresys)(raw_schema)
+
+    @property
+    def with_journald(self) -> bool:
+        """Return True if the add-on accesses the system journal."""
+        return self.data[ATTR_JOURNALD]
 
     def __eq__(self, other):
         """Compaired add-on objects."""
@@ -527,17 +570,17 @@ class AddonModel(CoreSysAttributes):
 
         # Machine / Hardware
         machine = config.get(ATTR_MACHINE)
-        if machine and self.sys_machine not in machine:
+        if machine and f"!{self.sys_machine}" in machine:
+            return False
+        elif machine and self.sys_machine not in machine:
             return False
 
         # Home Assistant
-        version = config.get(ATTR_HOMEASSISTANT) or self.sys_homeassistant.version
-        if pkg_version.parse(self.sys_homeassistant.version) < pkg_version.parse(
-            version
-        ):
-            return False
-
-        return True
+        version: Optional[AwesomeVersion] = config.get(ATTR_HOMEASSISTANT)
+        try:
+            return self.sys_homeassistant.version >= version
+        except (AwesomeVersionException, TypeError):
+            return True
 
     def _image(self, config) -> str:
         """Generate image name from data."""

supervisor/addons/options.py

@@ -0,0 +1,417 @@
+"""Add-on Options / UI rendering."""
+import hashlib
+import logging
+from pathlib import Path
+import re
+from typing import Any, Dict, List, Set, Union
+
+import voluptuous as vol
+
+from ..coresys import CoreSys, CoreSysAttributes
+from ..exceptions import HardwareNotFound
+from ..hardware.const import UdevSubsystem
+from ..hardware.data import Device
+from ..validate import network_port
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+_STR = "str"
+_INT = "int"
+_FLOAT = "float"
+_BOOL = "bool"
+_PASSWORD = "password"
+_EMAIL = "email"
+_URL = "url"
+_PORT = "port"
+_MATCH = "match"
+_LIST = "list"
+_DEVICE = "device"
+
+RE_SCHEMA_ELEMENT = re.compile(
+    r"^(?:"
+    r"|bool"
+    r"|email"
+    r"|url"
+    r"|port"
+    r"|device(?:\((?P<filter>subsystem=[a-z]+)\))?"
+    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
+    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
+    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
+    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
+    r"|match\((?P<match>.*)\)"
+    r"|list\((?P<list>.+)\)"
+    r")\??$"
+)
+
+_SCHEMA_LENGTH_PARTS = (
+    "i_min",
+    "i_max",
+    "f_min",
+    "f_max",
+    "s_min",
+    "s_max",
+    "p_min",
+    "p_max",
+)
+
+
+class AddonOptions(CoreSysAttributes):
+    """Validate Add-ons Options."""
+
+    def __init__(
+        self, coresys: CoreSys, raw_schema: Dict[str, Any], name: str, slug: str
+    ):
+        """Validate schema."""
+        self.coresys: CoreSys = coresys
+        self.raw_schema: Dict[str, Any] = raw_schema
+        self.devices: Set[Device] = set()
+        self.pwned: Set[str] = set()
+        self._name = name
+        self._slug = slug
+
+    def __call__(self, struct):
+        """Create schema validator for add-ons options."""
+        options = {}
+
+        # read options
+        for key, value in struct.items():
+            # Ignore unknown options / remove from list
+            if key not in self.raw_schema:
+                _LOGGER.warning(
+                    "Option '%s' does not exist in the schema for %s (%s)",
+                    key,
+                    self._name,
+                    self._slug,
+                )
+                continue
+
+            typ = self.raw_schema[key]
+            try:
+                if isinstance(typ, list):
+                    # nested value list
+                    options[key] = self._nested_validate_list(typ[0], value, key)
+                elif isinstance(typ, dict):
+                    # nested value dict
+                    options[key] = self._nested_validate_dict(typ, value, key)
+                else:
+                    # normal value
+                    options[key] = self._single_validate(typ, value, key)
+            except (IndexError, KeyError):
+                raise vol.Invalid(
+                    f"Type error for option '{key}' in {self._name} ({self._slug})"
+                ) from None
+
+        self._check_missing_options(self.raw_schema, options, "root")
+        return options
+
+    # pylint: disable=no-value-for-parameter
+    def _single_validate(self, typ: str, value: Any, key: str):
+        """Validate a single element."""
+        # if required argument
+        if value is None:
+            raise vol.Invalid(
+                f"Missing required option '{key}' in {self._name} ({self._slug})"
+            ) from None
+
+        # Lookup secret
+        if str(value).startswith("!secret "):
+            secret: str = value.partition(" ")[2]
+            value = self.sys_homeassistant.secrets.get(secret)
+            if value is None:
+                raise vol.Invalid(
+                    f"Unknown secret '{secret}' in {self._name} ({self._slug})"
+                ) from None
+
+        # parse extend data from type
+        match = RE_SCHEMA_ELEMENT.match(typ)
+
+        if not match:
+            raise vol.Invalid(
+                f"Unknown type '{typ}' in {self._name} ({self._slug})"
+            ) from None
+
+        # prepare range
+        range_args = {}
+        for group_name in _SCHEMA_LENGTH_PARTS:
+            group_value = match.group(group_name)
+            if group_value:
+                range_args[group_name[2:]] = float(group_value)
+
+        if typ.startswith(_STR) or typ.startswith(_PASSWORD):
+            if typ.startswith(_PASSWORD) and value:
+                self.pwned.add(hashlib.sha1(str(value).encode()).hexdigest())
+            return vol.All(str(value), vol.Range(**range_args))(value)
+        elif typ.startswith(_INT):
+            return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
+        elif typ.startswith(_FLOAT):
+            return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
+        elif typ.startswith(_BOOL):
+            return vol.Boolean()(value)
+        elif typ.startswith(_EMAIL):
+            return vol.Email()(value)
+        elif typ.startswith(_URL):
+            return vol.Url()(value)
+        elif typ.startswith(_PORT):
+            return network_port(value)
+        elif typ.startswith(_MATCH):
+            return vol.Match(match.group("match"))(str(value))
+        elif typ.startswith(_LIST):
+            return vol.In(match.group("list").split("|"))(str(value))
+        elif typ.startswith(_DEVICE):
+            try:
+                device = self.sys_hardware.get_by_path(Path(value))
+            except HardwareNotFound:
+                raise vol.Invalid(
+                    f"Device '{value}' does not exists! in {self._name} ({self._slug})"
+                ) from None
+
+            # Have filter
+            if match.group("filter"):
+                str_filter = match.group("filter")
+                device_filter = _create_device_filter(str_filter)
+                if device not in self.sys_hardware.filter_devices(**device_filter):
+                    raise vol.Invalid(
+                        f"Device '{value}' don't match the filter {str_filter}! in {self._name} ({self._slug})"
+                    )
+
+            # Device valid
+            self.devices.add(device)
+            return str(device.path)
+
+        raise vol.Invalid(
+            f"Fatal error for option '{key}' with type '{typ}' in {self._name} ({self._slug})"
+        ) from None
+
+    def _nested_validate_list(self, typ: Any, data_list: List[Any], key: str):
+        """Validate nested items."""
+        options = []
+
+        # Make sure it is a list
+        if not isinstance(data_list, list):
+            raise vol.Invalid(
+                f"Invalid list for option '{key}' in {self._name} ({self._slug})"
+            ) from None
+
+        # Process list
+        for element in data_list:
+            # Nested?
+            if isinstance(typ, dict):
+                c_options = self._nested_validate_dict(typ, element, key)
+                options.append(c_options)
+            else:
+                options.append(self._single_validate(typ, element, key))
+
+        return options
+
+    def _nested_validate_dict(
+        self, typ: Dict[Any, Any], data_dict: Dict[Any, Any], key: str
+    ):
+        """Validate nested items."""
+        options = {}
+
+        # Make sure it is a dict
+        if not isinstance(data_dict, dict):
+            raise vol.Invalid(
+                f"Invalid dict for option '{key}' in {self._name} ({self._slug})"
+            ) from None
+
+        # Process dict
+        for c_key, c_value in data_dict.items():
+            # Ignore unknown options / remove from list
+            if c_key not in typ:
+                _LOGGER.warning(
+                    "Unknown option '%s' for %s (%s)", c_key, self._name, self._slug
+                )
+                continue
+
+            # Nested?
+            if isinstance(typ[c_key], list):
+                options[c_key] = self._nested_validate_list(
+                    typ[c_key][0], c_value, c_key
+                )
+            else:
+                options[c_key] = self._single_validate(typ[c_key], c_value, c_key)
+
+        self._check_missing_options(typ, options, key)
+        return options
+
+    def _check_missing_options(
+        self, origin: Dict[Any, Any], exists: Dict[Any, Any], root: str
+    ) -> None:
+        """Check if all options are exists."""
+        missing = set(origin) - set(exists)
+        for miss_opt in missing:
+            miss_schema = origin[miss_opt]
+
+            # If its a list then value in list decides if its optional like ["str?"]
+            if isinstance(miss_schema, list) and len(miss_schema) > 0:
+                miss_schema = miss_schema[0]
+
+            if isinstance(miss_schema, str) and miss_schema.endswith("?"):
+                continue
+
+            raise vol.Invalid(
+                f"Missing option '{miss_opt}' in {root} in {self._name} ({self._slug})"
+            ) from None
+
+
+class UiOptions(CoreSysAttributes):
+    """Render UI Add-ons Options."""
+
+    def __init__(self, coresys: CoreSys) -> None:
+        """Initialize UI option render."""
+        self.coresys = coresys
+
+    def __call__(self, raw_schema: Dict[str, Any]) -> List[Dict[str, Any]]:
+        """Generate UI schema."""
+        ui_schema: List[Dict[str, Any]] = []
+
+        # read options
+        for key, value in raw_schema.items():
+            if isinstance(value, list):
+                # nested value list
+                self._nested_ui_list(ui_schema, value, key)
+            elif isinstance(value, dict):
+                # nested value dict
+                self._nested_ui_dict(ui_schema, value, key)
+            else:
+                # normal value
+                self._single_ui_option(ui_schema, value, key)
+
+        return ui_schema
+
+    def _single_ui_option(
+        self,
+        ui_schema: List[Dict[str, Any]],
+        value: str,
+        key: str,
+        multiple: bool = False,
+    ) -> None:
+        """Validate a single element."""
+        ui_node: Dict[str, Union[str, bool, float, List[str]]] = {"name": key}
+
+        # If multiple
+        if multiple:
+            ui_node["multiple"] = True
+
+        # Parse extend data from type
+        match = RE_SCHEMA_ELEMENT.match(value)
+        if not match:
+            return
+
+        # Prepare range
+        for group_name in _SCHEMA_LENGTH_PARTS:
+            group_value = match.group(group_name)
+            if not group_value:
+                continue
+            if group_name[2:] == "min":
+                ui_node["lengthMin"] = float(group_value)
+            elif group_name[2:] == "max":
+                ui_node["lengthMax"] = float(group_value)
+
+        # If required
+        if value.endswith("?"):
+            ui_node["optional"] = True
+        else:
+            ui_node["required"] = True
+
+        # Data types
+        if value.startswith(_STR):
+            ui_node["type"] = "string"
+        elif value.startswith(_PASSWORD):
+            ui_node["type"] = "string"
+            ui_node["format"] = "password"
+        elif value.startswith(_INT):
+            ui_node["type"] = "integer"
+        elif value.startswith(_FLOAT):
+            ui_node["type"] = "float"
+        elif value.startswith(_BOOL):
+            ui_node["type"] = "boolean"
+        elif value.startswith(_EMAIL):
+            ui_node["type"] = "string"
+            ui_node["format"] = "email"
+        elif value.startswith(_URL):
+            ui_node["type"] = "string"
+            ui_node["format"] = "url"
+        elif value.startswith(_PORT):
+            ui_node["type"] = "integer"
+        elif value.startswith(_MATCH):
+            ui_node["type"] = "string"
+        elif value.startswith(_LIST):
+            ui_node["type"] = "select"
+            ui_node["options"] = match.group("list").split("|")
+        elif value.startswith(_DEVICE):
+            ui_node["type"] = "select"
+
+            # Have filter
+            if match.group("filter"):
+                device_filter = _create_device_filter(match.group("filter"))
+                ui_node["options"] = [
+                    (device.by_id or device.path).as_posix()
+                    for device in self.sys_hardware.filter_devices(**device_filter)
+                ]
+            else:
+                ui_node["options"] = [
+                    (device.by_id or device.path).as_posix()
+                    for device in self.sys_hardware.devices
+                ]
+
+        ui_schema.append(ui_node)
+
+    def _nested_ui_list(
+        self,
+        ui_schema: List[Dict[str, Any]],
+        option_list: List[Any],
+        key: str,
+    ) -> None:
+        """UI nested list items."""
+        try:
+            element = option_list[0]
+        except IndexError:
+            _LOGGER.error("Invalid schema %s", key)
+            return
+
+        if isinstance(element, dict):
+            self._nested_ui_dict(ui_schema, element, key, multiple=True)
+        else:
+            self._single_ui_option(ui_schema, element, key, multiple=True)
+
+    def _nested_ui_dict(
+        self,
+        ui_schema: List[Dict[str, Any]],
+        option_dict: Dict[str, Any],
+        key: str,
+        multiple: bool = False,
+    ) -> None:
+        """UI nested dict items."""
+        ui_node = {
+            "name": key,
+            "type": "schema",
+            "optional": True,
+            "multiple": multiple,
+        }
+
+        nested_schema = []
+        for c_key, c_value in option_dict.items():
+            # Nested?
+            if isinstance(c_value, list):
+                self._nested_ui_list(nested_schema, c_value, c_key)
+            else:
+                self._single_ui_option(nested_schema, c_value, c_key)
+
+        ui_node["schema"] = nested_schema
+        ui_schema.append(ui_node)
+
+
+def _create_device_filter(str_filter: str) -> Dict[str, Any]:
+    """Generate device Filter."""
+    raw_filter = dict(value.split("=") for value in str_filter.split(";"))
+
+    clean_filter = {}
+    for key, value in raw_filter.items():
+        if key == "subsystem":
+            clean_filter[key] = UdevSubsystem(value)
+        else:
+            clean_filter[key] = value
+
+    return clean_filter

supervisor/addons/utils.py

@@ -6,18 +6,8 @@ import logging
 from pathlib import Path
 from typing import TYPE_CHECKING
 
-from ..const import (
-    PRIVILEGED_DAC_READ_SEARCH,
-    PRIVILEGED_NET_ADMIN,
-    PRIVILEGED_SYS_ADMIN,
-    PRIVILEGED_SYS_MODULE,
-    PRIVILEGED_SYS_PTRACE,
-    PRIVILEGED_SYS_RAWIO,
-    ROLE_ADMIN,
-    ROLE_MANAGER,
-    SECURITY_DISABLE,
-    SECURITY_PROFILE,
-)
+from ..const import ROLE_ADMIN, ROLE_MANAGER, SECURITY_DISABLE, SECURITY_PROFILE
+from ..docker.const import Capabilities
 
 if TYPE_CHECKING:
     from .model import AddonModel
@@ -46,16 +36,19 @@ def rating_security(addon: AddonModel) -> int:
         rating += 1
 
     # Privileged options
-    if any(
-        privilege in addon.privileged
-        for privilege in (
-            PRIVILEGED_NET_ADMIN,
-            PRIVILEGED_SYS_ADMIN,
-            PRIVILEGED_SYS_RAWIO,
-            PRIVILEGED_SYS_PTRACE,
-            PRIVILEGED_SYS_MODULE,
-            PRIVILEGED_DAC_READ_SEARCH,
+    if (
+        any(
+            privilege in addon.privileged
+            for privilege in (
+                Capabilities.NET_ADMIN,
+                Capabilities.SYS_ADMIN,
+                Capabilities.SYS_RAWIO,
+                Capabilities.SYS_PTRACE,
+                Capabilities.SYS_MODULE,
+                Capabilities.DAC_READ_SEARCH,
+            )
         )
+        or addon.with_kernel_modules
     ):
         rating += -1
 
@@ -73,12 +66,8 @@ def rating_security(addon: AddonModel) -> int:
     if addon.host_pid:
         rating += -2
 
-    # Full Access
-    if addon.with_full_access:
-        rating += -2
-
-    # Docker Access
-    if addon.access_docker_api:
+    # Docker Access & full Access
+    if addon.access_docker_api or addon.with_full_access:
         rating = 1
 
     return max(min(6, rating), 1)

supervisor/addons/validate.py

@@ -2,7 +2,7 @@
 import logging
 import re
 import secrets
-from typing import Any, Dict, List
+from typing import Any, Dict
 import uuid
 
 import voluptuous as vol
@@ -18,10 +18,10 @@ from ..const import (
     ATTR_AUDIO_INPUT,
     ATTR_AUDIO_OUTPUT,
     ATTR_AUTH_API,
-    ATTR_AUTO_UART,
     ATTR_AUTO_UPDATE,
     ATTR_BOOT,
     ATTR_BUILD_FROM,
+    ATTR_CONFIGURATION,
     ATTR_DESCRIPTON,
     ATTR_DEVICES,
     ATTR_DEVICETREE,
@@ -45,6 +45,7 @@ from ..const import (
     ATTR_INGRESS_PORT,
     ATTR_INGRESS_TOKEN,
     ATTR_INIT,
+    ATTR_JOURNALD,
     ATTR_KERNEL_MODULES,
     ATTR_LEGACY,
     ATTR_LOCATON,
@@ -60,6 +61,7 @@ from ..const import (
     ATTR_PORTS_DESCRIPTION,
     ATTR_PRIVILEGED,
     ATTR_PROTECTED,
+    ATTR_REALTIME,
     ATTR_REPOSITORY,
     ATTR_SCHEMA,
     ATTR_SERVICES,
@@ -73,128 +75,167 @@ from ..const import (
     ATTR_SYSTEM,
     ATTR_TIMEOUT,
     ATTR_TMPFS,
+    ATTR_TRANSLATIONS,
+    ATTR_UART,
     ATTR_UDEV,
     ATTR_URL,
+    ATTR_USB,
     ATTR_USER,
     ATTR_UUID,
     ATTR_VERSION,
     ATTR_VIDEO,
+    ATTR_WATCHDOG,
     ATTR_WEBUI,
-    BOOT_AUTO,
-    BOOT_MANUAL,
-    PRIVILEGED_ALL,
     ROLE_ALL,
     ROLE_DEFAULT,
-    STARTUP_ALL,
-    STARTUP_APPLICATION,
-    STARTUP_SERVICES,
-    STATE_STARTED,
-    STATE_STOPPED,
-    AddonStages,
+    AddonBoot,
+    AddonStage,
+    AddonStartup,
+    AddonState,
 )
-from ..coresys import CoreSys
 from ..discovery.validate import valid_discovery_service
+from ..docker.const import Capabilities
 from ..validate import (
-    DOCKER_PORTS,
-    DOCKER_PORTS_DESCRIPTION,
+    docker_image,
+    docker_ports,
+    docker_ports_description,
     network_port,
     token,
     uuid_match,
+    version_tag,
 )
+from .options import RE_SCHEMA_ELEMENT
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-
-RE_VOLUME = re.compile(r"^(config|ssl|addons|backup|share)(?::(rw|ro))?$")
+RE_VOLUME = re.compile(r"^(config|ssl|addons|backup|share|media)(?::(rw|ro))?$")
 RE_SERVICE = re.compile(r"^(?P<service>mqtt|mysql):(?P<rights>provide|want|need)$")
 
-V_STR = "str"
-V_INT = "int"
-V_FLOAT = "float"
-V_BOOL = "bool"
-V_PASSWORD = "password"
-V_EMAIL = "email"
-V_URL = "url"
-V_PORT = "port"
-V_MATCH = "match"
-V_LIST = "list"
 
-RE_SCHEMA_ELEMENT = re.compile(
-    r"^(?:"
-    r"|bool|email|url|port"
-    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
-    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
-    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
-    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
-    r"|match\((?P<match>.*)\)"
-    r"|list\((?P<list>.+)\)"
-    r")\??$"
-)
-
-_SCHEMA_LENGTH_PARTS = (
-    "i_min",
-    "i_max",
-    "f_min",
-    "f_max",
-    "s_min",
-    "s_max",
-    "p_min",
-    "p_max",
-)
-
-RE_DOCKER_IMAGE = re.compile(r"^([a-zA-Z\-\.:\d{}]+/)*?([\-\w{}]+)/([\-\w{}]+)$")
 RE_DOCKER_IMAGE_BUILD = re.compile(
     r"^([a-zA-Z\-\.:\d{}]+/)*?([\-\w{}]+)/([\-\w{}]+)(:[\.\-\w{}]+)?$"
 )
 
 SCHEMA_ELEMENT = vol.Match(RE_SCHEMA_ELEMENT)
 
-
-MACHINE_ALL = [
-    "intel-nuc",
-    "odroid-c2",
-    "odroid-n2",
-    "odroid-xu",
-    "qemuarm-64",
-    "qemuarm",
-    "qemux86-64",
-    "qemux86",
-    "raspberrypi",
-    "raspberrypi2",
-    "raspberrypi3-64",
-    "raspberrypi3",
-    "raspberrypi4-64",
-    "raspberrypi4",
-    "tinker",
-]
+RE_MACHINE = re.compile(
+    r"^!?(?:"
+    r"|intel-nuc"
+    r"|odroid-c2"
+    r"|odroid-c4"
+    r"|odroid-n2"
+    r"|odroid-xu"
+    r"|qemuarm-64"
+    r"|qemuarm"
+    r"|qemux86-64"
+    r"|qemux86"
+    r"|raspberrypi"
+    r"|raspberrypi2"
+    r"|raspberrypi3-64"
+    r"|raspberrypi3"
+    r"|raspberrypi4-64"
+    r"|raspberrypi4"
+    r"|tinker"
+    r")$"
+)
 
 
-def _simple_startup(value):
-    """Simple startup schema."""
-    if value == "before":
-        return STARTUP_SERVICES
-    if value == "after":
-        return STARTUP_APPLICATION
-    return value
+def _warn_addon_config(config: Dict[str, Any]):
+    """Warn about miss configs."""
+    name = config.get(ATTR_NAME)
+    if not name:
+        raise vol.Invalid("Invalid Add-on config!")
+
+    if config.get(ATTR_FULL_ACCESS, False) and (
+        config.get(ATTR_DEVICES)
+        or config.get(ATTR_UART)
+        or config.get(ATTR_USB)
+        or config.get(ATTR_GPIO)
+    ):
+        _LOGGER.warning(
+            "Add-on have full device access, and selective device access in the configuration. Please report this to the maintainer of %s",
+            name,
+        )
+
+    return config
+
+
+def _migrate_addon_config(protocol=False):
+    """Migrate addon config."""
+
+    def _migrate(config: Dict[str, Any]):
+        name = config.get(ATTR_NAME)
+        if not name:
+            raise vol.Invalid("Invalid Add-on config!")
+
+        # Startup 2018-03-30
+        if config.get(ATTR_STARTUP) in ("before", "after"):
+            value = config[ATTR_STARTUP]
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'startup' with '%s' is deprecated. Please report this to the maintainer of %s",
+                    value,
+                    name,
+                )
+            if value == "before":
+                config[ATTR_STARTUP] = AddonStartup.SERVICES.value
+            elif value == "after":
+                config[ATTR_STARTUP] = AddonStartup.APPLICATION.value
+
+        # UART 2021-01-20
+        if "auto_uart" in config:
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'auto_uart' is deprecated, use 'uart'. Please report this to the maintainer of %s",
+                    name,
+                )
+            config[ATTR_UART] = config.pop("auto_uart")
+
+        # Device 2021-01-20
+        if ATTR_DEVICES in config and any(":" in line for line in config[ATTR_DEVICES]):
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'devices' use a deprecated format, the new format uses a list of paths only. Please report this to the maintainer of %s",
+                    name,
+                )
+            config[ATTR_DEVICES] = [line.split(":")[0] for line in config[ATTR_DEVICES]]
+
+        # TMPFS 2021-02-01
+        if ATTR_TMPFS in config and not isinstance(config[ATTR_TMPFS], bool):
+            if protocol:
+                _LOGGER.warning(
+                    "Add-on config 'tmpfs' use a deprecated format, new it's only a boolean. Please report this to the maintainer of %s",
+                    name,
+                )
+            config[ATTR_TMPFS] = True
+
+        return config
+
+    return _migrate
 
 
 # pylint: disable=no-value-for-parameter
-SCHEMA_ADDON_CONFIG = vol.Schema(
+_SCHEMA_ADDON_CONFIG = vol.Schema(
     {
-        vol.Required(ATTR_NAME): vol.Coerce(str),
-        vol.Required(ATTR_VERSION): vol.Coerce(str),
-        vol.Required(ATTR_SLUG): vol.Coerce(str),
-        vol.Required(ATTR_DESCRIPTON): vol.Coerce(str),
+        vol.Required(ATTR_NAME): str,
+        vol.Required(ATTR_VERSION): version_tag,
+        vol.Required(ATTR_SLUG): str,
+        vol.Required(ATTR_DESCRIPTON): str,
         vol.Required(ATTR_ARCH): [vol.In(ARCH_ALL)],
-        vol.Optional(ATTR_MACHINE): [vol.In(MACHINE_ALL)],
+        vol.Optional(ATTR_MACHINE): vol.All([vol.Match(RE_MACHINE)], vol.Unique()),
         vol.Optional(ATTR_URL): vol.Url(),
-        vol.Required(ATTR_STARTUP): vol.All(_simple_startup, vol.In(STARTUP_ALL)),
-        vol.Required(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL]),
+        vol.Optional(ATTR_STARTUP, default=AddonStartup.APPLICATION): vol.Coerce(
+            AddonStartup
+        ),
+        vol.Optional(ATTR_BOOT, default=AddonBoot.AUTO): vol.Coerce(AddonBoot),
         vol.Optional(ATTR_INIT, default=True): vol.Boolean(),
         vol.Optional(ATTR_ADVANCED, default=False): vol.Boolean(),
-        vol.Optional(ATTR_STAGE, default=AddonStages.STABLE): vol.Coerce(AddonStages),
-        vol.Optional(ATTR_PORTS): DOCKER_PORTS,
-        vol.Optional(ATTR_PORTS_DESCRIPTION): DOCKER_PORTS_DESCRIPTION,
+        vol.Optional(ATTR_STAGE, default=AddonStage.STABLE): vol.Coerce(AddonStage),
+        vol.Optional(ATTR_PORTS): docker_ports,
+        vol.Optional(ATTR_PORTS_DESCRIPTION): docker_ports_description,
+        vol.Optional(ATTR_WATCHDOG): vol.Match(
+            r"^(?:https?|\[PROTO:\w+\]|tcp):\/\/\[HOST\]:(\[PORT:\d+\]|\d+).*$"
+        ),
         vol.Optional(ATTR_WEBUI): vol.Match(
             r"^(?:https?|\[PROTO:\w+\]):\/\/\[HOST\]:\[PORT:\d+\].*$"
         ),
@@ -202,29 +243,31 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_INGRESS_PORT, default=8099): vol.Any(
             network_port, vol.Equal(0)
         ),
-        vol.Optional(ATTR_INGRESS_ENTRY): vol.Coerce(str),
-        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): vol.Coerce(str),
-        vol.Optional(ATTR_PANEL_TITLE): vol.Coerce(str),
+        vol.Optional(ATTR_INGRESS_ENTRY): str,
+        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): str,
+        vol.Optional(ATTR_PANEL_TITLE): str,
         vol.Optional(ATTR_PANEL_ADMIN, default=True): vol.Boolean(),
-        vol.Optional(ATTR_HOMEASSISTANT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_HOMEASSISTANT): vol.Maybe(version_tag),
         vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_DBUS, default=False): vol.Boolean(),
-        vol.Optional(ATTR_DEVICES): [vol.Match(r"^(.*):(.*):([rwm]{1,3})$")],
-        vol.Optional(ATTR_AUTO_UART, default=False): vol.Boolean(),
+        vol.Optional(ATTR_DEVICES): [str],
         vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),
-        vol.Optional(ATTR_TMPFS): vol.Match(r"^size=(\d)*[kmg](,uid=\d{1,4})?(,rw)?$"),
+        vol.Optional(ATTR_TMPFS, default=False): vol.Boolean(),
         vol.Optional(ATTR_MAP, default=list): [vol.Match(RE_VOLUME)],
-        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): vol.Coerce(str)},
-        vol.Optional(ATTR_PRIVILEGED): [vol.In(PRIVILEGED_ALL)],
+        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): str},
+        vol.Optional(ATTR_PRIVILEGED): [vol.Coerce(Capabilities)],
         vol.Optional(ATTR_APPARMOR, default=True): vol.Boolean(),
         vol.Optional(ATTR_FULL_ACCESS, default=False): vol.Boolean(),
         vol.Optional(ATTR_AUDIO, default=False): vol.Boolean(),
         vol.Optional(ATTR_VIDEO, default=False): vol.Boolean(),
         vol.Optional(ATTR_GPIO, default=False): vol.Boolean(),
+        vol.Optional(ATTR_USB, default=False): vol.Boolean(),
+        vol.Optional(ATTR_UART, default=False): vol.Boolean(),
         vol.Optional(ATTR_DEVICETREE, default=False): vol.Boolean(),
         vol.Optional(ATTR_KERNEL_MODULES, default=False): vol.Boolean(),
+        vol.Optional(ATTR_REALTIME, default=False): vol.Boolean(),
         vol.Optional(ATTR_HASSIO_API, default=False): vol.Boolean(),
         vol.Optional(ATTR_HASSIO_ROLE, default=ROLE_DEFAULT): vol.In(ROLE_ALL),
         vol.Optional(ATTR_HOMEASSISTANT_API, default=False): vol.Boolean(),
@@ -234,39 +277,38 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_AUTH_API, default=False): vol.Boolean(),
         vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
         vol.Optional(ATTR_DISCOVERY): [valid_discovery_service],
-        vol.Optional(ATTR_SNAPSHOT_EXCLUDE): [vol.Coerce(str)],
-        vol.Required(ATTR_OPTIONS): dict,
-        vol.Required(ATTR_SCHEMA): vol.Any(
+        vol.Optional(ATTR_SNAPSHOT_EXCLUDE): [str],
+        vol.Optional(ATTR_OPTIONS, default={}): dict,
+        vol.Optional(ATTR_SCHEMA, default={}): vol.Any(
             vol.Schema(
                 {
-                    vol.Coerce(str): vol.Any(
+                    str: vol.Any(
                         SCHEMA_ELEMENT,
                         [
                             vol.Any(
                                 SCHEMA_ELEMENT,
-                                {
-                                    vol.Coerce(str): vol.Any(
-                                        SCHEMA_ELEMENT, [SCHEMA_ELEMENT]
-                                    )
-                                },
+                                {str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])},
                             )
                         ],
-                        vol.Schema(
-                            {vol.Coerce(str): vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}
-                        ),
+                        vol.Schema({str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}),
                     )
                 }
             ),
             False,
         ),
-        vol.Optional(ATTR_IMAGE): vol.Match(RE_DOCKER_IMAGE),
+        vol.Optional(ATTR_IMAGE): docker_image,
         vol.Optional(ATTR_TIMEOUT, default=10): vol.All(
             vol.Coerce(int), vol.Range(min=10, max=300)
         ),
+        vol.Optional(ATTR_JOURNALD, default=False): vol.Boolean(),
     },
     extra=vol.REMOVE_EXTRA,
 )
 
+SCHEMA_ADDON_CONFIG = vol.All(
+    _migrate_addon_config(True), _warn_addon_config, _SCHEMA_ADDON_CONFIG
+)
+
 
 # pylint: disable=no-value-for-parameter
 SCHEMA_BUILD_CONFIG = vol.Schema(
@@ -282,43 +324,65 @@ SCHEMA_BUILD_CONFIG = vol.Schema(
     extra=vol.REMOVE_EXTRA,
 )
 
-
-# pylint: disable=no-value-for-parameter
-SCHEMA_ADDON_USER = vol.Schema(
+SCHEMA_TRANSLATION_CONFIGURATION = vol.Schema(
     {
-        vol.Required(ATTR_VERSION): vol.Coerce(str),
-        vol.Optional(ATTR_IMAGE): vol.Coerce(str),
-        vol.Optional(ATTR_UUID, default=lambda: uuid.uuid4().hex): uuid_match,
-        vol.Optional(ATTR_ACCESS_TOKEN): token,
-        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): vol.Coerce(
-            str
-        ),
-        vol.Optional(ATTR_OPTIONS, default=dict): dict,
-        vol.Optional(ATTR_AUTO_UPDATE, default=False): vol.Boolean(),
-        vol.Optional(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL]),
-        vol.Optional(ATTR_NETWORK): DOCKER_PORTS,
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
-        vol.Optional(ATTR_INGRESS_PANEL, default=False): vol.Boolean(),
+        vol.Required(ATTR_NAME): str,
+        vol.Optional(ATTR_DESCRIPTON): vol.Maybe(str),
     },
     extra=vol.REMOVE_EXTRA,
 )
 
 
-SCHEMA_ADDON_SYSTEM = SCHEMA_ADDON_CONFIG.extend(
+SCHEMA_ADDON_TRANSLATIONS = vol.Schema(
     {
-        vol.Required(ATTR_LOCATON): vol.Coerce(str),
-        vol.Required(ATTR_REPOSITORY): vol.Coerce(str),
-    }
+        vol.Optional(ATTR_CONFIGURATION): {str: SCHEMA_TRANSLATION_CONFIGURATION},
+        vol.Optional(ATTR_NETWORK): {str: str},
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_ADDON_USER = vol.Schema(
+    {
+        vol.Required(ATTR_VERSION): version_tag,
+        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_UUID, default=lambda: uuid.uuid4().hex): uuid_match,
+        vol.Optional(ATTR_ACCESS_TOKEN): token,
+        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): str,
+        vol.Optional(ATTR_OPTIONS, default=dict): dict,
+        vol.Optional(ATTR_AUTO_UPDATE, default=False): vol.Boolean(),
+        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
+        vol.Optional(ATTR_NETWORK): docker_ports,
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
+        vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
+        vol.Optional(ATTR_INGRESS_PANEL, default=False): vol.Boolean(),
+        vol.Optional(ATTR_WATCHDOG, default=False): vol.Boolean(),
+    },
+    extra=vol.REMOVE_EXTRA,
+)
+
+SCHEMA_ADDON_SYSTEM = vol.All(
+    _migrate_addon_config(),
+    _SCHEMA_ADDON_CONFIG.extend(
+        {
+            vol.Required(ATTR_LOCATON): str,
+            vol.Required(ATTR_REPOSITORY): str,
+            vol.Required(ATTR_TRANSLATIONS, default=dict): {
+                str: SCHEMA_ADDON_TRANSLATIONS
+            },
+        }
+    ),
 )
 
 
 SCHEMA_ADDONS_FILE = vol.Schema(
     {
-        vol.Optional(ATTR_USER, default=dict): {vol.Coerce(str): SCHEMA_ADDON_USER},
-        vol.Optional(ATTR_SYSTEM, default=dict): {vol.Coerce(str): SCHEMA_ADDON_SYSTEM},
-    }
+        vol.Optional(ATTR_USER, default=dict): {str: SCHEMA_ADDON_USER},
+        vol.Optional(ATTR_SYSTEM, default=dict): {str: SCHEMA_ADDON_SYSTEM},
+    },
+    extra=vol.REMOVE_EXTRA,
 )
 
 
@@ -326,249 +390,8 @@ SCHEMA_ADDON_SNAPSHOT = vol.Schema(
     {
         vol.Required(ATTR_USER): SCHEMA_ADDON_USER,
         vol.Required(ATTR_SYSTEM): SCHEMA_ADDON_SYSTEM,
-        vol.Required(ATTR_STATE): vol.In([STATE_STARTED, STATE_STOPPED]),
-        vol.Required(ATTR_VERSION): vol.Coerce(str),
+        vol.Required(ATTR_STATE): vol.Coerce(AddonState),
+        vol.Required(ATTR_VERSION): version_tag,
     },
     extra=vol.REMOVE_EXTRA,
 )
-
-
-def validate_options(coresys: CoreSys, raw_schema: Dict[str, Any]):
-    """Validate schema."""
-
-    def validate(struct):
-        """Create schema validator for add-ons options."""
-        options = {}
-
-        # read options
-        for key, value in struct.items():
-            # Ignore unknown options / remove from list
-            if key not in raw_schema:
-                _LOGGER.warning("Unknown options %s", key)
-                continue
-
-            typ = raw_schema[key]
-            try:
-                if isinstance(typ, list):
-                    # nested value list
-                    options[key] = _nested_validate_list(coresys, typ[0], value, key)
-                elif isinstance(typ, dict):
-                    # nested value dict
-                    options[key] = _nested_validate_dict(coresys, typ, value, key)
-                else:
-                    # normal value
-                    options[key] = _single_validate(coresys, typ, value, key)
-            except (IndexError, KeyError):
-                raise vol.Invalid(f"Type error for {key}") from None
-
-        _check_missing_options(raw_schema, options, "root")
-        return options
-
-    return validate
-
-
-# pylint: disable=no-value-for-parameter
-# pylint: disable=inconsistent-return-statements
-def _single_validate(coresys: CoreSys, typ: str, value: Any, key: str):
-    """Validate a single element."""
-    # if required argument
-    if value is None:
-        raise vol.Invalid(f"Missing required option '{key}'")
-
-    # Lookup secret
-    if str(value).startswith("!secret "):
-        secret: str = value.partition(" ")[2]
-        value = coresys.secrets.get(secret)
-        if value is None:
-            raise vol.Invalid(f"Unknown secret {secret}")
-
-    # parse extend data from type
-    match = RE_SCHEMA_ELEMENT.match(typ)
-
-    # prepare range
-    range_args = {}
-    for group_name in _SCHEMA_LENGTH_PARTS:
-        group_value = match.group(group_name)
-        if group_value:
-            range_args[group_name[2:]] = float(group_value)
-
-    if typ.startswith(V_STR) or typ.startswith(V_PASSWORD):
-        return vol.All(str(value), vol.Range(**range_args))(value)
-    elif typ.startswith(V_INT):
-        return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
-    elif typ.startswith(V_FLOAT):
-        return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
-    elif typ.startswith(V_BOOL):
-        return vol.Boolean()(value)
-    elif typ.startswith(V_EMAIL):
-        return vol.Email()(value)
-    elif typ.startswith(V_URL):
-        return vol.Url()(value)
-    elif typ.startswith(V_PORT):
-        return network_port(value)
-    elif typ.startswith(V_MATCH):
-        return vol.Match(match.group("match"))(str(value))
-    elif typ.startswith(V_LIST):
-        return vol.In(match.group("list").split("|"))(str(value))
-
-    raise vol.Invalid(f"Fatal error for {key} type {typ}")
-
-
-def _nested_validate_list(coresys, typ, data_list, key):
-    """Validate nested items."""
-    options = []
-
-    for element in data_list:
-        # Nested?
-        if isinstance(typ, dict):
-            c_options = _nested_validate_dict(coresys, typ, element, key)
-            options.append(c_options)
-        else:
-            options.append(_single_validate(coresys, typ, element, key))
-
-    return options
-
-
-def _nested_validate_dict(coresys, typ, data_dict, key):
-    """Validate nested items."""
-    options = {}
-
-    for c_key, c_value in data_dict.items():
-        # Ignore unknown options / remove from list
-        if c_key not in typ:
-            _LOGGER.warning("Unknown options %s", c_key)
-            continue
-
-        # Nested?
-        if isinstance(typ[c_key], list):
-            options[c_key] = _nested_validate_list(
-                coresys, typ[c_key][0], c_value, c_key
-            )
-        else:
-            options[c_key] = _single_validate(coresys, typ[c_key], c_value, c_key)
-
-    _check_missing_options(typ, options, key)
-    return options
-
-
-def _check_missing_options(origin, exists, root):
-    """Check if all options are exists."""
-    missing = set(origin) - set(exists)
-    for miss_opt in missing:
-        if isinstance(origin[miss_opt], str) and origin[miss_opt].endswith("?"):
-            continue
-        raise vol.Invalid(f"Missing option {miss_opt} in {root}")
-
-
-def schema_ui_options(raw_schema: Dict[str, Any]) -> List[Dict[str, Any]]:
-    """Generate UI schema."""
-    ui_schema = []
-
-    # read options
-    for key, value in raw_schema.items():
-        if isinstance(value, list):
-            # nested value list
-            _nested_ui_list(ui_schema, value, key)
-        elif isinstance(value, dict):
-            # nested value dict
-            _nested_ui_dict(ui_schema, value, key)
-        else:
-            # normal value
-            _single_ui_option(ui_schema, value, key)
-
-    return ui_schema
-
-
-def _single_ui_option(
-    ui_schema: List[Dict[str, Any]], value: str, key: str, multiple: bool = False
-) -> None:
-    """Validate a single element."""
-    ui_node = {"name": key}
-
-    # If multiple
-    if multiple:
-        ui_node["multiple"] = True
-
-    # Parse extend data from type
-    match = RE_SCHEMA_ELEMENT.match(value)
-
-    # Prepare range
-    for group_name in _SCHEMA_LENGTH_PARTS:
-        group_value = match.group(group_name)
-        if not group_value:
-            continue
-        if group_name[2:] == "min":
-            ui_node["lengthMin"] = float(group_value)
-        elif group_name[2:] == "max":
-            ui_node["lengthMax"] = float(group_value)
-
-    # If required
-    if value.endswith("?"):
-        ui_node["optional"] = True
-    else:
-        ui_node["required"] = True
-
-    # Data types
-    if value.startswith(V_STR):
-        ui_node["type"] = "string"
-    elif value.startswith(V_PASSWORD):
-        ui_node["type"] = "string"
-        ui_node["format"] = "password"
-    elif value.startswith(V_INT):
-        ui_node["type"] = "integer"
-    elif value.startswith(V_FLOAT):
-        ui_node["type"] = "float"
-    elif value.startswith(V_BOOL):
-        ui_node["type"] = "boolean"
-    elif value.startswith(V_EMAIL):
-        ui_node["type"] = "string"
-        ui_node["format"] = "email"
-    elif value.startswith(V_URL):
-        ui_node["type"] = "string"
-        ui_node["format"] = "url"
-    elif value.startswith(V_PORT):
-        ui_node["type"] = "integer"
-    elif value.startswith(V_MATCH):
-        ui_node["type"] = "string"
-    elif value.startswith(V_LIST):
-        ui_node["type"] = "select"
-        ui_node["options"] = match.group("list").split("|")
-
-    ui_schema.append(ui_node)
-
-
-def _nested_ui_list(
-    ui_schema: List[Dict[str, Any]], option_list: List[Any], key: str
-) -> None:
-    """UI nested list items."""
-    try:
-        element = option_list[0]
-    except IndexError:
-        _LOGGER.error("Invalid schema %s", key)
-        return
-
-    if isinstance(element, dict):
-        _nested_ui_dict(ui_schema, element, key, multiple=True)
-    else:
-        _single_ui_option(ui_schema, element, key, multiple=True)
-
-
-def _nested_ui_dict(
-    ui_schema: List[Dict[str, Any]],
-    option_dict: Dict[str, Any],
-    key: str,
-    multiple: bool = False,
-) -> None:
-    """UI nested dict items."""
-    ui_node = {"name": key, "type": "schema", "optional": True, "multiple": multiple}
-
-    nested_schema = []
-    for c_key, c_value in option_dict.items():
-        # Nested?
-        if isinstance(c_value, list):
-            _nested_ui_list(nested_schema, c_value, c_key)
-        else:
-            _single_ui_option(nested_schema, c_value, c_key)
-
-    ui_node["schema"] = nested_schema
-    ui_schema.append(ui_node)

supervisor/api/__init__.py

@@ -12,18 +12,24 @@ from .auth import APIAuth
 from .cli import APICli
 from .discovery import APIDiscovery
 from .dns import APICoreDNS
+from .docker import APIDocker
 from .hardware import APIHardware
-from .os import APIOS
 from .homeassistant import APIHomeAssistant
 from .host import APIHost
 from .info import APIInfo
 from .ingress import APIIngress
+from .jobs import APIJobs
+from .multicast import APIMulticast
+from .network import APINetwork
+from .observer import APIObserver
+from .os import APIOS
 from .proxy import APIProxy
+from .resolution import APIResoulution
 from .security import SecurityMiddleware
 from .services import APIServices
 from .snapshots import APISnapshots
+from .store import APIStore
 from .supervisor import APISupervisor
-from .multicast import APIMulticast
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -40,7 +46,10 @@ class RestAPI(CoreSysAttributes):
         self.security: SecurityMiddleware = SecurityMiddleware(coresys)
         self.webapp: web.Application = web.Application(
             client_max_size=MAX_CLIENT_SIZE,
-            middlewares=[self.security.token_validation],
+            middlewares=[
+                self.security.system_validation,
+                self.security.token_validation,
+            ],
         )
 
         # service stuff
@@ -49,24 +58,32 @@ class RestAPI(CoreSysAttributes):
 
     async def load(self) -> None:
         """Register REST API Calls."""
-        self._register_supervisor()
-        self._register_host()
-        self._register_os()
+        self._register_addons()
+        self._register_audio()
+        self._register_auth()
         self._register_cli()
-        self._register_multicast()
+        self._register_discovery()
+        self._register_dns()
+        self._register_docker()
         self._register_hardware()
         self._register_homeassistant()
-        self._register_proxy()
-        self._register_panel()
-        self._register_addons()
-        self._register_ingress()
-        self._register_snapshots()
-        self._register_discovery()
-        self._register_services()
+        self._register_host()
         self._register_info()
-        self._register_auth()
-        self._register_dns()
-        self._register_audio()
+        self._register_ingress()
+        self._register_multicast()
+        self._register_network()
+        self._register_observer()
+        self._register_os()
+        self._register_jobs()
+        self._register_panel()
+        self._register_proxy()
+        self._register_resolution()
+        self._register_services()
+        self._register_snapshots()
+        self._register_supervisor()
+        self._register_store()
+
+        await self.start()
 
     def _register_host(self) -> None:
         """Register hostcontrol functions."""
@@ -89,6 +106,33 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+    def _register_network(self) -> None:
+        """Register network functions."""
+        api_network = APINetwork()
+        api_network.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/network/info", api_network.info),
+                web.post("/network/reload", api_network.reload),
+                web.get(
+                    "/network/interface/{interface}/info", api_network.interface_info
+                ),
+                web.post(
+                    "/network/interface/{interface}/update",
+                    api_network.interface_update,
+                ),
+                web.get(
+                    "/network/interface/{interface}/accesspoints",
+                    api_network.scan_accesspoints,
+                ),
+                web.post(
+                    "/network/interface/{interface}/vlan/{vlan}",
+                    api_network.create_vlan,
+                ),
+            ]
+        )
+
     def _register_os(self) -> None:
         """Register OS functions."""
         api_os = APIOS()
@@ -102,6 +146,19 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+    def _register_jobs(self) -> None:
+        """Register Jobs functions."""
+        api_jobs = APIJobs()
+        api_jobs.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/jobs/info", api_jobs.info),
+                web.post("/jobs/options", api_jobs.options),
+                web.post("/jobs/reset", api_jobs.reset),
+            ]
+        )
+
     def _register_cli(self) -> None:
         """Register HA cli functions."""
         api_cli = APICli()
@@ -115,6 +172,19 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+    def _register_observer(self) -> None:
+        """Register Observer functions."""
+        api_observer = APIObserver()
+        api_observer.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/observer/info", api_observer.info),
+                web.get("/observer/stats", api_observer.stats),
+                web.post("/observer/update", api_observer.update),
+            ]
+        )
+
     def _register_multicast(self) -> None:
         """Register Multicast functions."""
         api_multicast = APIMulticast()
@@ -150,13 +220,46 @@ class RestAPI(CoreSysAttributes):
 
         self.webapp.add_routes([web.get("/info", api_info.info)])
 
+    def _register_resolution(self) -> None:
+        """Register info functions."""
+        api_resolution = APIResoulution()
+        api_resolution.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/resolution/info", api_resolution.info),
+                web.post(
+                    "/resolution/check/{check}/options", api_resolution.options_check
+                ),
+                web.post("/resolution/check/{check}/run", api_resolution.run_check),
+                web.post(
+                    "/resolution/suggestion/{suggestion}",
+                    api_resolution.apply_suggestion,
+                ),
+                web.delete(
+                    "/resolution/suggestion/{suggestion}",
+                    api_resolution.dismiss_suggestion,
+                ),
+                web.delete(
+                    "/resolution/issue/{issue}",
+                    api_resolution.dismiss_issue,
+                ),
+                web.post("/resolution/healthcheck", api_resolution.healthcheck),
+            ]
+        )
+
     def _register_auth(self) -> None:
         """Register auth functions."""
         api_auth = APIAuth()
         api_auth.coresys = self.coresys
 
         self.webapp.add_routes(
-            [web.post("/auth", api_auth.auth), web.post("/auth/reset", api_auth.reset)]
+            [
+                web.get("/auth", api_auth.auth),
+                web.post("/auth", api_auth.auth),
+                web.post("/auth/reset", api_auth.reset),
+                web.delete("/auth/cache", api_auth.cache),
+            ]
         )
 
     def _register_supervisor(self) -> None:
@@ -172,6 +275,7 @@ class RestAPI(CoreSysAttributes):
                 web.get("/supervisor/logs", api_supervisor.logs),
                 web.post("/supervisor/update", api_supervisor.update),
                 web.post("/supervisor/reload", api_supervisor.reload),
+                web.post("/supervisor/restart", api_supervisor.restart),
                 web.post("/supervisor/options", api_supervisor.options),
                 web.post("/supervisor/repair", api_supervisor.repair),
             ]
@@ -241,13 +345,15 @@ class RestAPI(CoreSysAttributes):
                 web.get("/addons", api_addons.list),
                 web.post("/addons/reload", api_addons.reload),
                 web.get("/addons/{addon}/info", api_addons.info),
-                web.post("/addons/{addon}/install", api_addons.install),
                 web.post("/addons/{addon}/uninstall", api_addons.uninstall),
                 web.post("/addons/{addon}/start", api_addons.start),
                 web.post("/addons/{addon}/stop", api_addons.stop),
                 web.post("/addons/{addon}/restart", api_addons.restart),
-                web.post("/addons/{addon}/update", api_addons.update),
                 web.post("/addons/{addon}/options", api_addons.options),
+                web.post(
+                    "/addons/{addon}/options/validate", api_addons.options_validate
+                ),
+                web.get("/addons/{addon}/options/config", api_addons.options_config),
                 web.post("/addons/{addon}/rebuild", api_addons.rebuild),
                 web.get("/addons/{addon}/logs", api_addons.logs),
                 web.get("/addons/{addon}/icon", api_addons.icon),
@@ -268,6 +374,7 @@ class RestAPI(CoreSysAttributes):
         self.webapp.add_routes(
             [
                 web.post("/ingress/session", api_ingress.create_session),
+                web.post("/ingress/validate_session", api_ingress.validate_session),
                 web.get("/ingress/panels", api_ingress.panels),
                 web.view("/ingress/{token}/{path:.*}", api_ingress.handler),
             ]
@@ -286,7 +393,7 @@ class RestAPI(CoreSysAttributes):
                 web.post("/snapshots/new/partial", api_snapshots.snapshot_partial),
                 web.post("/snapshots/new/upload", api_snapshots.upload),
                 web.get("/snapshots/{snapshot}/info", api_snapshots.info),
-                web.post("/snapshots/{snapshot}/remove", api_snapshots.remove),
+                web.delete("/snapshots/{snapshot}", api_snapshots.remove),
                 web.post(
                     "/snapshots/{snapshot}/restore/full", api_snapshots.restore_full
                 ),
@@ -295,6 +402,8 @@ class RestAPI(CoreSysAttributes):
                     api_snapshots.restore_partial,
                 ),
                 web.get("/snapshots/{snapshot}/download", api_snapshots.download),
+                # Old, remove at end of 2020
+                web.post("/snapshots/{snapshot}/remove", api_snapshots.remove),
             ]
         )
 
@@ -365,11 +474,65 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+    def _register_store(self) -> None:
+        """Register store endpoints."""
+        api_store = APIStore()
+        api_store.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/store", api_store.store_info),
+                web.get("/store/addons", api_store.addons_list),
+                web.get("/store/addons/{addon}", api_store.addons_addon_info),
+                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
+                web.post(
+                    "/store/addons/{addon}/install", api_store.addons_addon_install
+                ),
+                web.post(
+                    "/store/addons/{addon}/install/{version}",
+                    api_store.addons_addon_install,
+                ),
+                web.post("/store/addons/{addon}/update", api_store.addons_addon_update),
+                web.post(
+                    "/store/addons/{addon}/update/{version}",
+                    api_store.addons_addon_update,
+                ),
+                web.post("/store/reload", api_store.reload),
+                web.get("/store/repositories", api_store.repositories_list),
+                web.get(
+                    "/store/repositories/{repository}",
+                    api_store.repositories_repository_info,
+                ),
+            ]
+        )
+
+        # Reroute from legacy
+        self.webapp.add_routes(
+            [
+                web.post("/addons/{addon}/install", api_store.addons_addon_install),
+                web.post("/addons/{addon}/update", api_store.addons_addon_update),
+            ]
+        )
+
     def _register_panel(self) -> None:
         """Register panel for Home Assistant."""
         panel_dir = Path(__file__).parent.joinpath("panel")
         self.webapp.add_routes([web.static("/app", panel_dir)])
 
+    def _register_docker(self) -> None:
+        """Register docker configuration functions."""
+        api_docker = APIDocker()
+        api_docker.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/docker/info", api_docker.info),
+                web.get("/docker/registries", api_docker.registries),
+                web.post("/docker/registries", api_docker.create_registry),
+                web.delete("/docker/registries/{hostname}", api_docker.remove_registry),
+            ]
+        )
+
     async def start(self) -> None:
         """Run RESTful API webserver."""
         await self._runner.setup()
@@ -380,9 +543,9 @@ class RestAPI(CoreSysAttributes):
         try:
             await self._site.start()
         except OSError as err:
-            _LOGGER.fatal("Failed to create HTTP server at 0.0.0.0:80 -> %s", err)
+            _LOGGER.critical("Failed to create HTTP server at 0.0.0.0:80 -> %s", err)
         else:
-            _LOGGER.info("Start API on %s", self.sys_docker.network.supervisor)
+            _LOGGER.info("Starting API on %s", self.sys_docker.network.supervisor)
 
     async def stop(self) -> None:
         """Stop RESTful API webserver."""
@@ -393,4 +556,4 @@ class RestAPI(CoreSysAttributes):
         await self._site.stop()
         await self._runner.cleanup()
 
-        _LOGGER.info("Stop API on %s", self.sys_docker.network.supervisor)
+        _LOGGER.info("Stopping API on %s", self.sys_docker.network.supervisor)

supervisor/api/addons.py

@@ -5,6 +5,7 @@ from typing import Any, Awaitable, Dict, List
 
 from aiohttp import web
 import voluptuous as vol
+from voluptuous.humanize import humanize_error
 
 from ..addons import AnyAddon
 from ..addons.addon import Addon
@@ -54,7 +55,6 @@ from ..const import (
     ATTR_INSTALLED,
     ATTR_IP_ADDRESS,
     ATTR_KERNEL_MODULES,
-    ATTR_VERSION_LATEST,
     ATTR_LOGO,
     ATTR_LONG_DESCRIPTION,
     ATTR_MACHINE,
@@ -62,6 +62,7 @@ from ..const import (
     ATTR_MEMORY_LIMIT,
     ATTR_MEMORY_PERCENT,
     ATTR_MEMORY_USAGE,
+    ATTR_MESSAGE,
     ATTR_NAME,
     ATTR_NETWORK,
     ATTR_NETWORK_DESCRIPTION,
@@ -78,25 +79,33 @@ from ..const import (
     ATTR_SLUG,
     ATTR_SOURCE,
     ATTR_STAGE,
+    ATTR_STARTUP,
     ATTR_STATE,
     ATTR_STDIN,
+    ATTR_TRANSLATIONS,
+    ATTR_UART,
     ATTR_UDEV,
+    ATTR_UPDATE_AVAILABLE,
     ATTR_URL,
+    ATTR_USB,
+    ATTR_VALID,
     ATTR_VERSION,
+    ATTR_VERSION_LATEST,
     ATTR_VIDEO,
+    ATTR_WATCHDOG,
     ATTR_WEBUI,
-    BOOT_AUTO,
-    BOOT_MANUAL,
     CONTENT_TYPE_BINARY,
     CONTENT_TYPE_PNG,
     CONTENT_TYPE_TEXT,
     REQUEST_FROM,
-    STATE_NONE,
+    AddonBoot,
+    AddonState,
 )
 from ..coresys import CoreSysAttributes
 from ..docker.stats import DockerStats
-from ..exceptions import APIError
-from ..validate import DOCKER_PORTS
+from ..exceptions import APIError, APIForbidden, PwnedError, PwnedSecret
+from ..utils.pwned import check_pwned_password
+from ..validate import docker_ports
 from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -106,12 +115,13 @@ SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema(
     {
-        vol.Optional(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL]),
-        vol.Optional(ATTR_NETWORK): vol.Maybe(DOCKER_PORTS),
+        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
+        vol.Optional(ATTR_NETWORK): vol.Maybe(docker_ports),
         vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
         vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
         vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
         vol.Optional(ATTR_INGRESS_PANEL): vol.Boolean(),
+        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
     }
 )
 
@@ -122,9 +132,7 @@ SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
 class APIAddons(CoreSysAttributes):
     """Handle RESTful API for add-on functions."""
 
-    def _extract_addon(
-        self, request: web.Request, check_installed: bool = True
-    ) -> AnyAddon:
+    def _extract_addon(self, request: web.Request) -> AnyAddon:
         """Return addon, throw an exception it it doesn't exist."""
         addon_slug: str = request.match_info.get("addon")
 
@@ -137,49 +145,54 @@ class APIAddons(CoreSysAttributes):
 
         addon = self.sys_addons.get(addon_slug)
         if not addon:
-            raise APIError("Addon does not exist")
+            raise APIError(f"Addon {addon_slug} does not exist")
 
-        if check_installed and not addon.is_installed:
+        return addon
+
+    def _extract_addon_installed(self, request: web.Request) -> Addon:
+        addon = self._extract_addon(request)
+        if not isinstance(addon, Addon) or not addon.is_installed:
             raise APIError("Addon is not installed")
-
         return addon
 
     @api_process
     async def list(self, request: web.Request) -> Dict[str, Any]:
         """Return all add-ons or repositories."""
-        data_addons = []
-        for addon in self.sys_addons.all:
-            data_addons.append(
-                {
-                    ATTR_NAME: addon.name,
-                    ATTR_SLUG: addon.slug,
-                    ATTR_DESCRIPTON: addon.description,
-                    ATTR_ADVANCED: addon.advanced,
-                    ATTR_STAGE: addon.stage,
-                    ATTR_VERSION: addon.latest_version,
-                    ATTR_INSTALLED: addon.version if addon.is_installed else None,
-                    ATTR_AVAILABLE: addon.available,
-                    ATTR_DETACHED: addon.is_detached,
-                    ATTR_REPOSITORY: addon.repository,
-                    ATTR_BUILD: addon.need_build,
-                    ATTR_URL: addon.url,
-                    ATTR_ICON: addon.with_icon,
-                    ATTR_LOGO: addon.with_logo,
-                }
-            )
-
-        data_repositories = []
-        for repository in self.sys_store.all:
-            data_repositories.append(
-                {
-                    ATTR_SLUG: repository.slug,
-                    ATTR_NAME: repository.name,
-                    ATTR_SOURCE: repository.source,
-                    ATTR_URL: repository.url,
-                    ATTR_MAINTAINER: repository.maintainer,
-                }
-            )
+        data_addons = [
+            {
+                ATTR_NAME: addon.name,
+                ATTR_SLUG: addon.slug,
+                ATTR_DESCRIPTON: addon.description,
+                ATTR_ADVANCED: addon.advanced,
+                ATTR_STAGE: addon.stage,
+                ATTR_VERSION: addon.version if addon.is_installed else None,
+                ATTR_VERSION_LATEST: addon.latest_version,
+                ATTR_UPDATE_AVAILABLE: addon.need_update
+                if addon.is_installed
+                else False,
+                ATTR_INSTALLED: addon.is_installed,
+                ATTR_AVAILABLE: addon.available,
+                ATTR_DETACHED: addon.is_detached,
+                ATTR_HOMEASSISTANT: addon.homeassistant_version,
+                ATTR_REPOSITORY: addon.repository,
+                ATTR_BUILD: addon.need_build,
+                ATTR_URL: addon.url,
+                ATTR_ICON: addon.with_icon,
+                ATTR_LOGO: addon.with_logo,
+            }
+            for addon in self.sys_addons.all
+        ]
 
+        data_repositories = [
+            {
+                ATTR_SLUG: repository.slug,
+                ATTR_NAME: repository.name,
+                ATTR_SOURCE: repository.source,
+                ATTR_URL: repository.url,
+                ATTR_MAINTAINER: repository.maintainer,
+            }
+            for repository in self.sys_store.all
+        ]
         return {ATTR_ADDONS: data_addons, ATTR_REPOSITORIES: data_repositories}
 
     @api_process
@@ -190,7 +203,7 @@ class APIAddons(CoreSysAttributes):
     @api_process
     async def info(self, request: web.Request) -> Dict[str, Any]:
         """Return add-on information."""
-        addon: AnyAddon = self._extract_addon(request, check_installed=False)
+        addon: AnyAddon = self._extract_addon(request)
 
         data = {
             ATTR_NAME: addon.name,
@@ -205,6 +218,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_REPOSITORY: addon.repository,
             ATTR_VERSION: None,
             ATTR_VERSION_LATEST: addon.latest_version,
+            ATTR_UPDATE_AVAILABLE: False,
             ATTR_PROTECTED: addon.protected,
             ATTR_RATING: rating_security(addon),
             ATTR_BOOT: addon.boot,
@@ -214,7 +228,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_MACHINE: addon.supported_machine,
             ATTR_HOMEASSISTANT: addon.homeassistant_version,
             ATTR_URL: addon.url,
-            ATTR_STATE: STATE_NONE,
+            ATTR_STATE: AddonState.UNKNOWN,
             ATTR_DETACHED: addon.is_detached,
             ATTR_AVAILABLE: addon.available,
             ATTR_BUILD: addon.need_build,
@@ -227,7 +241,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_PRIVILEGED: addon.privileged,
             ATTR_FULL_ACCESS: addon.with_full_access,
             ATTR_APPARMOR: addon.apparmor,
-            ATTR_DEVICES: _pretty_devices(addon),
+            ATTR_DEVICES: addon.static_devices,
             ATTR_ICON: addon.with_icon,
             ATTR_LOGO: addon.with_logo,
             ATTR_CHANGELOG: addon.with_changelog,
@@ -239,6 +253,8 @@ class APIAddons(CoreSysAttributes):
             ATTR_AUTH_API: addon.access_auth_api,
             ATTR_HOMEASSISTANT_API: addon.access_homeassistant_api,
             ATTR_GPIO: addon.with_gpio,
+            ATTR_USB: addon.with_usb,
+            ATTR_UART: addon.with_uart,
             ATTR_KERNEL_MODULES: addon.with_kernel_modules,
             ATTR_DEVICETREE: addon.with_devicetree,
             ATTR_UDEV: addon.with_udev,
@@ -247,20 +263,23 @@ class APIAddons(CoreSysAttributes):
             ATTR_AUDIO: addon.with_audio,
             ATTR_AUDIO_INPUT: None,
             ATTR_AUDIO_OUTPUT: None,
+            ATTR_STARTUP: addon.startup,
             ATTR_SERVICES: _pretty_services(addon),
             ATTR_DISCOVERY: addon.discovery,
             ATTR_IP_ADDRESS: None,
+            ATTR_TRANSLATIONS: addon.translations,
             ATTR_INGRESS: addon.with_ingress,
             ATTR_INGRESS_ENTRY: None,
             ATTR_INGRESS_URL: None,
             ATTR_INGRESS_PORT: None,
             ATTR_INGRESS_PANEL: None,
+            ATTR_WATCHDOG: None,
         }
 
-        if addon.is_installed:
+        if isinstance(addon, Addon) and addon.is_installed:
             data.update(
                 {
-                    ATTR_STATE: await addon.state(),
+                    ATTR_STATE: addon.state,
                     ATTR_WEBUI: addon.webui,
                     ATTR_INGRESS_ENTRY: addon.ingress_entry,
                     ATTR_INGRESS_URL: addon.ingress_url,
@@ -271,6 +290,10 @@ class APIAddons(CoreSysAttributes):
                     ATTR_AUTO_UPDATE: addon.auto_update,
                     ATTR_IP_ADDRESS: str(addon.ip_address),
                     ATTR_VERSION: addon.version,
+                    ATTR_UPDATE_AVAILABLE: addon.need_update,
+                    ATTR_WATCHDOG: addon.watchdog,
+                    ATTR_DEVICES: addon.static_devices
+                    + [device.path for device in addon.devices],
                 }
             )
 
@@ -279,10 +302,10 @@ class APIAddons(CoreSysAttributes):
     @api_process
     async def options(self, request: web.Request) -> None:
         """Store user options for add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
 
         # Update secrets for validation
-        await self.sys_secrets.reload()
+        await self.sys_homeassistant.secrets.reload()
 
         # Extend schema with add-on specific validation
         addon_schema = SCHEMA_OPTIONS.extend(
@@ -306,17 +329,63 @@ class APIAddons(CoreSysAttributes):
         if ATTR_INGRESS_PANEL in body:
             addon.ingress_panel = body[ATTR_INGRESS_PANEL]
             await self.sys_ingress.update_hass_panel(addon)
+        if ATTR_WATCHDOG in body:
+            addon.watchdog = body[ATTR_WATCHDOG]
 
         addon.save_persist()
 
+    @api_process
+    async def options_validate(self, request: web.Request) -> None:
+        """Validate user options for add-on."""
+        addon = self._extract_addon_installed(request)
+        data = {ATTR_MESSAGE: "", ATTR_VALID: True}
+
+        # Validate config
+        try:
+            addon.schema(addon.options)
+        except vol.Invalid as ex:
+            data[ATTR_MESSAGE] = humanize_error(addon.options, ex)
+            data[ATTR_VALID] = False
+
+        # Validate security
+        if self.sys_config.force_security:
+            for secret in addon.pwned:
+                try:
+                    await check_pwned_password(self.sys_websession, secret)
+                    continue
+                except PwnedSecret:
+                    data[ATTR_MESSAGE] = "Add-on use pwned secrets!"
+                except PwnedError as err:
+                    data[
+                        ATTR_MESSAGE
+                    ] = f"Error happening on pwned secrets check: {err!s}!"
+
+                data[ATTR_VALID] = False
+                break
+
+        return data
+
+    @api_process
+    async def options_config(self, request: web.Request) -> None:
+        """Validate user options for add-on."""
+        slug: str = request.match_info.get("addon")
+        if slug != "self":
+            raise APIForbidden("This can be only read by the Add-on itself!")
+
+        addon = self._extract_addon_installed(request)
+        try:
+            return addon.schema(addon.options)
+        except vol.Invalid:
+            raise APIError("Invalid configuration data for the add-on") from None
+
     @api_process
     async def security(self, request: web.Request) -> None:
         """Store security options for add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
         body: Dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
 
         if ATTR_PROTECTED in body:
-            _LOGGER.warning("Protected flag changing for %s!", addon.slug)
+            _LOGGER.warning("Changing protected flag for %s!", addon.slug)
             addon.protected = body[ATTR_PROTECTED]
 
         addon.save_persist()
@@ -324,7 +393,8 @@ class APIAddons(CoreSysAttributes):
     @api_process
     async def stats(self, request: web.Request) -> Dict[str, Any]:
         """Return resource information."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
+
         stats: DockerStats = await addon.stats()
 
         return {
@@ -338,67 +408,48 @@ class APIAddons(CoreSysAttributes):
             ATTR_BLK_WRITE: stats.blk_write,
         }
 
-    @api_process
-    def install(self, request: web.Request) -> Awaitable[None]:
-        """Install add-on."""
-        addon: AnyAddon = self._extract_addon(request, check_installed=False)
-        return asyncio.shield(addon.install())
-
     @api_process
     def uninstall(self, request: web.Request) -> Awaitable[None]:
         """Uninstall add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
         return asyncio.shield(addon.uninstall())
 
     @api_process
     def start(self, request: web.Request) -> Awaitable[None]:
         """Start add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
         return asyncio.shield(addon.start())
 
     @api_process
     def stop(self, request: web.Request) -> Awaitable[None]:
         """Stop add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
         return asyncio.shield(addon.stop())
 
-    @api_process
-    def update(self, request: web.Request) -> Awaitable[None]:
-        """Update add-on."""
-        addon: AnyAddon = self._extract_addon(request)
-
-        if addon.latest_version == addon.version:
-            raise APIError("No update available!")
-
-        return asyncio.shield(addon.update())
-
     @api_process
     def restart(self, request: web.Request) -> Awaitable[None]:
         """Restart add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon: Addon = self._extract_addon_installed(request)
         return asyncio.shield(addon.restart())
 
     @api_process
     def rebuild(self, request: web.Request) -> Awaitable[None]:
         """Rebuild local build add-on."""
-        addon: AnyAddon = self._extract_addon(request)
-        if not addon.need_build:
-            raise APIError("Only local build addons are supported")
-
+        addon = self._extract_addon_installed(request)
         return asyncio.shield(addon.rebuild())
 
     @api_process_raw(CONTENT_TYPE_BINARY)
     def logs(self, request: web.Request) -> Awaitable[bytes]:
         """Return logs from add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
         return addon.logs()
 
     @api_process_raw(CONTENT_TYPE_PNG)
     async def icon(self, request: web.Request) -> bytes:
         """Return icon from add-on."""
-        addon: AnyAddon = self._extract_addon(request, check_installed=False)
+        addon = self._extract_addon(request)
         if not addon.with_icon:
-            raise APIError("No icon found!")
+            raise APIError(f"No icon found for add-on {addon.slug}!")
 
         with addon.path_icon.open("rb") as png:
             return png.read()
@@ -406,9 +457,9 @@ class APIAddons(CoreSysAttributes):
     @api_process_raw(CONTENT_TYPE_PNG)
     async def logo(self, request: web.Request) -> bytes:
         """Return logo from add-on."""
-        addon: AnyAddon = self._extract_addon(request, check_installed=False)
+        addon = self._extract_addon(request)
         if not addon.with_logo:
-            raise APIError("No logo found!")
+            raise APIError(f"No logo found for add-on {addon.slug}!")
 
         with addon.path_logo.open("rb") as png:
             return png.read()
@@ -416,9 +467,9 @@ class APIAddons(CoreSysAttributes):
     @api_process_raw(CONTENT_TYPE_TEXT)
     async def changelog(self, request: web.Request) -> str:
         """Return changelog from add-on."""
-        addon: AnyAddon = self._extract_addon(request, check_installed=False)
+        addon = self._extract_addon(request)
         if not addon.with_changelog:
-            raise APIError("No changelog found!")
+            raise APIError(f"No changelog found for add-on {addon.slug}!")
 
         with addon.path_changelog.open("r") as changelog:
             return changelog.read()
@@ -426,9 +477,9 @@ class APIAddons(CoreSysAttributes):
     @api_process_raw(CONTENT_TYPE_TEXT)
     async def documentation(self, request: web.Request) -> str:
         """Return documentation from add-on."""
-        addon: AnyAddon = self._extract_addon(request, check_installed=False)
+        addon = self._extract_addon(request)
         if not addon.with_documentation:
-            raise APIError("No documentation found!")
+            raise APIError(f"No documentation found for add-on {addon.slug}!")
 
         with addon.path_documentation.open("r") as documentation:
             return documentation.read()
@@ -436,25 +487,14 @@ class APIAddons(CoreSysAttributes):
     @api_process
     async def stdin(self, request: web.Request) -> None:
         """Write to stdin of add-on."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon = self._extract_addon_installed(request)
         if not addon.with_stdin:
-            raise APIError("STDIN not supported by add-on")
+            raise APIError(f"STDIN not supported the {addon.slug} add-on")
 
         data = await request.read()
         await asyncio.shield(addon.write_stdin(data))
 
 
-def _pretty_devices(addon: AnyAddon) -> List[str]:
-    """Return a simplified device list."""
-    dev_list = addon.devices
-    if not dev_list:
-        return None
-    return [row.split(":")[0] for row in dev_list]
-
-
 def _pretty_services(addon: AnyAddon) -> List[str]:
     """Return a simplified services role list."""
-    services = []
-    for name, access in addon.services_role.items():
-        services.append(f"{name}:{access}")
-    return services
+    return [f"{name}:{access}" for name, access in addon.services_role.items()]

supervisor/api/audio.py

@@ -18,7 +18,6 @@ from ..const import (
     ATTR_HOST,
     ATTR_INDEX,
     ATTR_INPUT,
-    ATTR_VERSION_LATEST,
     ATTR_MEMORY_LIMIT,
     ATTR_MEMORY_PERCENT,
     ATTR_MEMORY_USAGE,
@@ -26,18 +25,21 @@ from ..const import (
     ATTR_NETWORK_RX,
     ATTR_NETWORK_TX,
     ATTR_OUTPUT,
+    ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
+    ATTR_VERSION_LATEST,
     ATTR_VOLUME,
     CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..host.sound import StreamType
+from ..validate import version_tag
 from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
 SCHEMA_VOLUME = vol.Schema(
     {
@@ -70,6 +72,7 @@ class APIAudio(CoreSysAttributes):
         return {
             ATTR_VERSION: self.sys_plugins.audio.version,
             ATTR_VERSION_LATEST: self.sys_plugins.audio.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.audio.need_update,
             ATTR_HOST: str(self.sys_docker.network.audio),
             ATTR_AUDIO: {
                 ATTR_CARD: [attr.asdict(card) for card in self.sys_host.sound.cards],
@@ -108,7 +111,7 @@ class APIAudio(CoreSysAttributes):
         version = body.get(ATTR_VERSION, self.sys_plugins.audio.latest_version)
 
         if version == self.sys_plugins.audio.version:
-            raise APIError("Version {} is already in use".format(version))
+            raise APIError(f"Version {version} is already in use")
         await asyncio.shield(self.sys_plugins.audio.update(version))
 
     @api_process_raw(CONTENT_TYPE_BINARY)

supervisor/api/auth.py

@@ -29,6 +29,10 @@ SCHEMA_PASSWORD_RESET = vol.Schema(
     }
 )
 
+REALM_HEADER: Dict[str, str] = {
+    WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'
+}
+
 
 class APIAuth(CoreSysAttributes):
     """Handle RESTful API for auth functions."""
@@ -63,7 +67,9 @@ class APIAuth(CoreSysAttributes):
 
         # BasicAuth
         if AUTHORIZATION in request.headers:
-            return await self._process_basic(request, addon)
+            if not await self._process_basic(request, addon):
+                raise HTTPUnauthorized(headers=REALM_HEADER)
+            return True
 
         # Json
         if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
@@ -75,9 +81,7 @@ class APIAuth(CoreSysAttributes):
             data = await request.post()
             return await self._process_dict(request, addon, data)
 
-        raise HTTPUnauthorized(
-            headers={WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'}
-        )
+        raise HTTPUnauthorized(headers=REALM_HEADER)
 
     @api_process
     async def reset(self, request: web.Request) -> None:
@@ -86,3 +90,8 @@ class APIAuth(CoreSysAttributes):
         await asyncio.shield(
             self.sys_auth.change_password(body[ATTR_USERNAME], body[ATTR_PASSWORD])
         )
+
+    @api_process
+    async def cache(self, request: web.Request) -> None:
+        """Process cache reset request."""
+        self.sys_auth.reset_data()

supervisor/api/cli.py

@@ -7,8 +7,6 @@ from aiohttp import web
 import voluptuous as vol
 
 from ..const import (
-    ATTR_VERSION,
-    ATTR_VERSION_LATEST,
     ATTR_BLK_READ,
     ATTR_BLK_WRITE,
     ATTR_CPU_PERCENT,
@@ -17,13 +15,17 @@ from ..const import (
     ATTR_MEMORY_USAGE,
     ATTR_NETWORK_RX,
     ATTR_NETWORK_TX,
+    ATTR_UPDATE_AVAILABLE,
+    ATTR_VERSION,
+    ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
+from ..validate import version_tag
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
 
 class APICli(CoreSysAttributes):
@@ -35,6 +37,7 @@ class APICli(CoreSysAttributes):
         return {
             ATTR_VERSION: self.sys_plugins.cli.version,
             ATTR_VERSION_LATEST: self.sys_plugins.cli.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.cli.need_update,
         }
 
     @api_process

supervisor/api/discovery.py

@@ -1,19 +1,19 @@
 """Init file for Supervisor network RESTful API."""
 import voluptuous as vol
 
-from .utils import api_process, api_validate
 from ..const import (
     ATTR_ADDON,
-    ATTR_UUID,
     ATTR_CONFIG,
     ATTR_DISCOVERY,
     ATTR_SERVICE,
+    ATTR_SERVICES,
+    ATTR_UUID,
     REQUEST_FROM,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError, APIForbidden
 from ..discovery.validate import valid_discovery_service
-
+from ..exceptions import APIError, APIForbidden
+from .utils import api_process, api_validate, require_home_assistant
 
 SCHEMA_DISCOVERY = vol.Schema(
     {
@@ -33,16 +33,12 @@ class APIDiscovery(CoreSysAttributes):
             raise APIError("Discovery message not found")
         return message
 
-    def _check_permission_ha(self, request):
-        """Check permission for API call / Home Assistant."""
-        if request[REQUEST_FROM] != self.sys_homeassistant:
-            raise APIForbidden("Only HomeAssistant can use this API!")
-
     @api_process
+    @require_home_assistant
     async def list(self, request):
         """Show register services."""
-        self._check_permission_ha(request)
 
+        # Get available discovery
         discovery = []
         for message in self.sys_discovery.list_messages:
             discovery.append(
@@ -54,7 +50,13 @@ class APIDiscovery(CoreSysAttributes):
                 }
             )
 
-        return {ATTR_DISCOVERY: discovery}
+        # Get available services/add-ons
+        services = {}
+        for addon in self.sys_addons.all:
+            for name in addon.discovery:
+                services.setdefault(name, []).append(addon.slug)
+
+        return {ATTR_DISCOVERY: discovery, ATTR_SERVICES: services}
 
     @api_process
     async def set_discovery(self, request):
@@ -64,7 +66,7 @@ class APIDiscovery(CoreSysAttributes):
 
         # Access?
         if body[ATTR_SERVICE] not in addon.discovery:
-            raise APIForbidden(f"Can't use discovery!")
+            raise APIForbidden("Can't use discovery!")
 
         # Process discovery message
         message = self.sys_discovery.send(addon, **body)
@@ -72,13 +74,11 @@ class APIDiscovery(CoreSysAttributes):
         return {ATTR_UUID: message.uuid}
 
     @api_process
+    @require_home_assistant
     async def get_discovery(self, request):
         """Read data into a discovery message."""
         message = self._extract_message(request)
 
-        # HomeAssistant?
-        self._check_permission_ha(request)
-
         return {
             ATTR_ADDON: message.addon,
             ATTR_SERVICE: message.service,
@@ -94,7 +94,7 @@ class APIDiscovery(CoreSysAttributes):
 
         # Permission
         if message.addon != addon.slug:
-            raise APIForbidden(f"Can't remove discovery message")
+            raise APIForbidden("Can't remove discovery message")
 
         self.sys_discovery.remove(message)
         return True

supervisor/api/dns.py

@@ -11,7 +11,6 @@ from ..const import (
     ATTR_BLK_WRITE,
     ATTR_CPU_PERCENT,
     ATTR_HOST,
-    ATTR_VERSION_LATEST,
     ATTR_LOCALS,
     ATTR_MEMORY_LIMIT,
     ATTR_MEMORY_PERCENT,
@@ -19,12 +18,14 @@ from ..const import (
     ATTR_NETWORK_RX,
     ATTR_NETWORK_TX,
     ATTR_SERVERS,
+    ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
+    ATTR_VERSION_LATEST,
     CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
-from ..validate import dns_server_list
+from ..validate import dns_server_list, version_tag
 from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -32,7 +33,7 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_SERVERS): dns_server_list})
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
 
 class APICoreDNS(CoreSysAttributes):
@@ -44,9 +45,10 @@ class APICoreDNS(CoreSysAttributes):
         return {
             ATTR_VERSION: self.sys_plugins.dns.version,
             ATTR_VERSION_LATEST: self.sys_plugins.dns.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.dns.need_update,
             ATTR_HOST: str(self.sys_docker.network.dns),
             ATTR_SERVERS: self.sys_plugins.dns.servers,
-            ATTR_LOCALS: self.sys_host.network.dns_servers,
+            ATTR_LOCALS: self.sys_plugins.dns.locals,
         }
 
     @api_process
@@ -83,7 +85,7 @@ class APICoreDNS(CoreSysAttributes):
         version = body.get(ATTR_VERSION, self.sys_plugins.dns.latest_version)
 
         if version == self.sys_plugins.dns.version:
-            raise APIError("Version {} is already in use".format(version))
+            raise APIError(f"Version {version} is already in use")
         await asyncio.shield(self.sys_plugins.dns.update(version))
 
     @api_process_raw(CONTENT_TYPE_BINARY)

supervisor/api/docker.py

@@ -0,0 +1,76 @@
+"""Init file for Supervisor Home Assistant RESTful API."""
+import logging
+from typing import Any, Dict
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..const import (
+    ATTR_HOSTNAME,
+    ATTR_LOGGING,
+    ATTR_PASSWORD,
+    ATTR_REGISTRIES,
+    ATTR_STORAGE,
+    ATTR_USERNAME,
+    ATTR_VERSION,
+)
+from ..coresys import CoreSysAttributes
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_DOCKER_REGISTRY = vol.Schema(
+    {
+        vol.Coerce(str): {
+            vol.Required(ATTR_USERNAME): str,
+            vol.Required(ATTR_PASSWORD): str,
+        }
+    }
+)
+
+
+class APIDocker(CoreSysAttributes):
+    """Handle RESTful API for Docker configuration."""
+
+    @api_process
+    async def registries(self, request) -> Dict[str, Any]:
+        """Return the list of registries."""
+        data_registries = {}
+        for hostname, registry in self.sys_docker.config.registries.items():
+            data_registries[hostname] = {
+                ATTR_USERNAME: registry[ATTR_USERNAME],
+            }
+
+        return {ATTR_REGISTRIES: data_registries}
+
+    @api_process
+    async def create_registry(self, request: web.Request):
+        """Create a new docker registry."""
+        body = await api_validate(SCHEMA_DOCKER_REGISTRY, request)
+
+        for hostname, registry in body.items():
+            self.sys_docker.config.registries[hostname] = registry
+
+        self.sys_docker.config.save_data()
+
+    @api_process
+    async def remove_registry(self, request: web.Request):
+        """Delete a docker registry."""
+        hostname = request.match_info.get(ATTR_HOSTNAME)
+        del self.sys_docker.config.registries[hostname]
+        self.sys_docker.config.save_data()
+
+    @api_process
+    async def info(self, request: web.Request):
+        """Get docker info."""
+        data_registries = {}
+        for hostname, registry in self.sys_docker.config.registries.items():
+            data_registries[hostname] = {
+                ATTR_USERNAME: registry[ATTR_USERNAME],
+            }
+        return {
+            ATTR_VERSION: self.sys_docker.info.version,
+            ATTR_STORAGE: self.sys_docker.info.storage,
+            ATTR_LOGGING: self.sys_docker.info.logging,
+            ATTR_REGISTRIES: data_registries,
+        }

supervisor/api/hardware.py

@@ -1,24 +1,36 @@
 """Init file for Supervisor hardware RESTful API."""
-import asyncio
 import logging
-from typing import Any, Dict
+from typing import Any, Awaitable, Dict
 
 from aiohttp import web
 
-from .utils import api_process
-from ..const import (
-    ATTR_SERIAL,
-    ATTR_DISK,
-    ATTR_GPIO,
-    ATTR_AUDIO,
-    ATTR_INPUT,
-    ATTR_OUTPUT,
-)
+from ..const import ATTR_AUDIO, ATTR_DEVICES, ATTR_INPUT, ATTR_NAME, ATTR_OUTPUT
 from ..coresys import CoreSysAttributes
+from ..hardware.const import (
+    ATTR_ATTRIBUTES,
+    ATTR_BY_ID,
+    ATTR_DEV_PATH,
+    ATTR_SUBSYSTEM,
+    ATTR_SYSFS,
+)
+from ..hardware.data import Device
+from .utils import api_process
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 
+def device_struct(device: Device) -> Dict[str, Any]:
+    """Return a dict with information of a interface to be used in th API."""
+    return {
+        ATTR_NAME: device.name,
+        ATTR_SYSFS: device.sysfs,
+        ATTR_DEV_PATH: device.path,
+        ATTR_SUBSYSTEM: device.subsystem,
+        ATTR_BY_ID: device.by_id,
+        ATTR_ATTRIBUTES: device.attributes,
+    }
+
+
 class APIHardware(CoreSysAttributes):
     """Handle RESTful API for hardware functions."""
 
@@ -26,13 +38,9 @@ class APIHardware(CoreSysAttributes):
     async def info(self, request: web.Request) -> Dict[str, Any]:
         """Show hardware info."""
         return {
-            ATTR_SERIAL: list(
-                self.sys_hardware.serial_devices | self.sys_hardware.serial_by_id
-            ),
-            ATTR_INPUT: list(self.sys_hardware.input_devices),
-            ATTR_DISK: list(self.sys_hardware.disk_devices),
-            ATTR_GPIO: list(self.sys_hardware.gpio_devices),
-            ATTR_AUDIO: self.sys_hardware.audio_devices,
+            ATTR_DEVICES: [
+                device_struct(device) for device in self.sys_hardware.devices
+            ]
         }
 
     @api_process
@@ -52,6 +60,6 @@ class APIHardware(CoreSysAttributes):
         }
 
     @api_process
-    def trigger(self, request: web.Request) -> None:
+    async def trigger(self, request: web.Request) -> Awaitable[None]:
         """Trigger a udev device reload."""
-        return asyncio.shield(self.sys_hardware.udev_trigger())
+        _LOGGER.debug("Ignoring DEPRECATED hardware trigger function call.")

supervisor/api/homeassistant.py

@@ -1,7 +1,7 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
 import logging
-from typing import Any, Coroutine, Dict
+from typing import Any, Awaitable, Dict
 
 from aiohttp import web
 import voluptuous as vol
@@ -25,6 +25,7 @@ from ..const import (
     ATTR_PORT,
     ATTR_REFRESH_TOKEN,
     ATTR_SSL,
+    ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
     ATTR_VERSION_LATEST,
     ATTR_WAIT_BOOT,
@@ -33,7 +34,7 @@ from ..const import (
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
-from ..validate import docker_image, network_port
+from ..validate import docker_image, network_port, version_tag
 from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -53,7 +54,7 @@ SCHEMA_OPTIONS = vol.Schema(
     }
 )
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
 
 class APIHomeAssistant(CoreSysAttributes):
@@ -65,6 +66,7 @@ class APIHomeAssistant(CoreSysAttributes):
         return {
             ATTR_VERSION: self.sys_homeassistant.version,
             ATTR_VERSION_LATEST: self.sys_homeassistant.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_homeassistant.need_update,
             ATTR_MACHINE: self.sys_homeassistant.machine,
             ATTR_IP_ADDRESS: str(self.sys_homeassistant.ip_address),
             ATTR_ARCH: self.sys_homeassistant.arch,
@@ -117,7 +119,7 @@ class APIHomeAssistant(CoreSysAttributes):
     @api_process
     async def stats(self, request: web.Request) -> Dict[Any, str]:
         """Return resource information."""
-        stats = await self.sys_homeassistant.stats()
+        stats = await self.sys_homeassistant.core.stats()
         if not stats:
             raise APIError("No stats available")
 
@@ -138,36 +140,36 @@ class APIHomeAssistant(CoreSysAttributes):
         body = await api_validate(SCHEMA_VERSION, request)
         version = body.get(ATTR_VERSION, self.sys_homeassistant.latest_version)
 
-        await asyncio.shield(self.sys_homeassistant.update(version))
+        await asyncio.shield(self.sys_homeassistant.core.update(version))
 
     @api_process
-    def stop(self, request: web.Request) -> Coroutine:
+    def stop(self, request: web.Request) -> Awaitable[None]:
         """Stop Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.stop())
+        return asyncio.shield(self.sys_homeassistant.core.stop())
 
     @api_process
-    def start(self, request: web.Request) -> Coroutine:
+    def start(self, request: web.Request) -> Awaitable[None]:
         """Start Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.start())
+        return asyncio.shield(self.sys_homeassistant.core.start())
 
     @api_process
-    def restart(self, request: web.Request) -> Coroutine:
+    def restart(self, request: web.Request) -> Awaitable[None]:
         """Restart Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.restart())
+        return asyncio.shield(self.sys_homeassistant.core.restart())
 
     @api_process
-    def rebuild(self, request: web.Request) -> Coroutine:
+    def rebuild(self, request: web.Request) -> Awaitable[None]:
         """Rebuild Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.rebuild())
+        return asyncio.shield(self.sys_homeassistant.core.rebuild())
 
     @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Coroutine:
+    def logs(self, request: web.Request) -> Awaitable[bytes]:
         """Return Home Assistant Docker logs."""
-        return self.sys_homeassistant.logs()
+        return self.sys_homeassistant.core.logs()
 
     @api_process
     async def check(self, request: web.Request) -> None:
         """Check configuration of Home Assistant."""
-        result = await self.sys_homeassistant.check_config()
+        result = await self.sys_homeassistant.core.check_config()
         if not result.valid:
             raise APIError(result.log)

supervisor/api/host.py

@@ -1,6 +1,5 @@
 """Init file for Supervisor host RESTful API."""
 import asyncio
-import logging
 from typing import Awaitable
 
 from aiohttp import web
@@ -11,6 +10,10 @@ from ..const import (
     ATTR_CPE,
     ATTR_DEPLOYMENT,
     ATTR_DESCRIPTON,
+    ATTR_DISK_FREE,
+    ATTR_DISK_LIFE_TIME,
+    ATTR_DISK_TOTAL,
+    ATTR_DISK_USED,
     ATTR_FEATURES,
     ATTR_HOSTNAME,
     ATTR_KERNEL,
@@ -23,8 +26,6 @@ from ..const import (
 from ..coresys import CoreSysAttributes
 from .utils import api_process, api_process_raw, api_validate
 
-_LOGGER: logging.Logger = logging.getLogger(__name__)
-
 SERVICE = "service"
 
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): vol.Coerce(str)})
@@ -39,11 +40,15 @@ class APIHost(CoreSysAttributes):
         return {
             ATTR_CHASSIS: self.sys_host.info.chassis,
             ATTR_CPE: self.sys_host.info.cpe,
-            ATTR_FEATURES: self.sys_host.supperted_features,
-            ATTR_HOSTNAME: self.sys_host.info.hostname,
-            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
             ATTR_DEPLOYMENT: self.sys_host.info.deployment,
+            ATTR_DISK_FREE: self.sys_host.info.free_space,
+            ATTR_DISK_TOTAL: self.sys_host.info.total_space,
+            ATTR_DISK_USED: self.sys_host.info.used_space,
+            ATTR_DISK_LIFE_TIME: self.sys_host.info.disk_life_time,
+            ATTR_FEATURES: self.sys_host.features,
+            ATTR_HOSTNAME: self.sys_host.info.hostname,
             ATTR_KERNEL: self.sys_host.info.kernel,
+            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
         }
 
     @api_process
@@ -70,7 +75,11 @@ class APIHost(CoreSysAttributes):
     @api_process
     def reload(self, request):
         """Reload host data."""
-        return asyncio.shield(self.sys_host.reload())
+        return asyncio.shield(
+            asyncio.wait(
+                [self.sys_host.reload(), self.sys_resolution.evaluate.evaluate_system()]
+            )
+        )
 
     @api_process
     async def services(self, request):

supervisor/api/info.py

@@ -7,12 +7,17 @@ from aiohttp import web
 from ..const import (
     ATTR_ARCH,
     ATTR_CHANNEL,
+    ATTR_DOCKER,
+    ATTR_FEATURES,
     ATTR_HASSOS,
     ATTR_HOMEASSISTANT,
     ATTR_HOSTNAME,
     ATTR_LOGGING,
     ATTR_MACHINE,
+    ATTR_OPERATING_SYSTEM,
+    ATTR_STATE,
     ATTR_SUPERVISOR,
+    ATTR_SUPPORTED,
     ATTR_SUPPORTED_ARCH,
     ATTR_TIMEZONE,
 )
@@ -32,11 +37,16 @@ class APIInfo(CoreSysAttributes):
             ATTR_SUPERVISOR: self.sys_supervisor.version,
             ATTR_HOMEASSISTANT: self.sys_homeassistant.version,
             ATTR_HASSOS: self.sys_hassos.version,
+            ATTR_DOCKER: self.sys_docker.info.version,
             ATTR_HOSTNAME: self.sys_host.info.hostname,
+            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
+            ATTR_FEATURES: self.sys_host.features,
             ATTR_MACHINE: self.sys_machine,
             ATTR_ARCH: self.sys_arch.default,
+            ATTR_STATE: self.sys_core.state,
             ATTR_SUPPORTED_ARCH: self.sys_arch.supported,
+            ATTR_SUPPORTED: self.sys_core.supported,
             ATTR_CHANNEL: self.sys_updater.channel,
             ATTR_LOGGING: self.sys_config.logging,
-            ATTR_TIMEZONE: self.sys_timezone,
+            ATTR_TIMEZONE: self.sys_config.timezone,
         }

supervisor/api/ingress.py

@@ -12,25 +12,27 @@ from aiohttp.web_exceptions import (
     HTTPUnauthorized,
 )
 from multidict import CIMultiDict, istr
+import voluptuous as vol
 
 from ..addons.addon import Addon
 from ..const import (
     ATTR_ADMIN,
+    ATTR_ENABLE,
     ATTR_ICON,
+    ATTR_PANELS,
     ATTR_SESSION,
     ATTR_TITLE,
-    ATTR_PANELS,
-    ATTR_ENABLE,
     COOKIE_INGRESS,
     HEADER_TOKEN,
     HEADER_TOKEN_OLD,
-    REQUEST_FROM,
 )
 from ..coresys import CoreSysAttributes
-from .utils import api_process
+from .utils import api_process, api_validate, require_home_assistant
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
+VALIDATE_SESSION_DATA = vol.Schema({ATTR_SESSION: str})
+
 
 class APIIngress(CoreSysAttributes):
     """Ingress view to handle add-on webui routing."""
@@ -47,11 +49,6 @@ class APIIngress(CoreSysAttributes):
 
         return addon
 
-    def _check_ha_access(self, request: web.Request) -> None:
-        if request[REQUEST_FROM] != self.sys_homeassistant:
-            _LOGGER.warning("Ingress is only available behind Home Assistant")
-            raise HTTPUnauthorized()
-
     def _create_url(self, addon: Addon, path: str) -> str:
         """Create URL to container."""
         return f"http://{addon.ip_address}:{addon.ingress_port}/{path}"
@@ -71,18 +68,28 @@ class APIIngress(CoreSysAttributes):
         return {ATTR_PANELS: addons}
 
     @api_process
+    @require_home_assistant
     async def create_session(self, request: web.Request) -> Dict[str, Any]:
         """Create a new session."""
-        self._check_ha_access(request)
-
         session = self.sys_ingress.create_session()
         return {ATTR_SESSION: session}
 
+    @api_process
+    @require_home_assistant
+    async def validate_session(self, request: web.Request) -> Dict[str, Any]:
+        """Validate session and extending how long it's valid for."""
+        data = await api_validate(VALIDATE_SESSION_DATA, request)
+
+        # Check Ingress Session
+        if not self.sys_ingress.validate_session(data[ATTR_SESSION]):
+            _LOGGER.warning("No valid ingress session %s", data[ATTR_SESSION])
+            raise HTTPUnauthorized()
+
+    @require_home_assistant
     async def handler(
         self, request: web.Request
     ) -> Union[web.Response, web.StreamResponse, web.WebSocketResponse]:
         """Route data to Supervisor ingress service."""
-        self._check_ha_access(request)
 
         # Check Ingress Session
         session = request.cookies.get(COOKIE_INGRESS)
@@ -104,7 +111,7 @@ class APIIngress(CoreSysAttributes):
         except aiohttp.ClientError as err:
             _LOGGER.error("Ingress error: %s", err)
 
-        raise HTTPBadGateway() from None
+        raise HTTPBadGateway()
 
     async def _handle_websocket(
         self, request: web.Request, addon: Addon, path: str
@@ -129,7 +136,7 @@ class APIIngress(CoreSysAttributes):
 
         # Support GET query
         if request.query_string:
-            url = "{}?{}".format(url, request.query_string)
+            url = f"{url}?{request.query_string}"
 
         # Start proxy
         async with self.sys_websession.ws_connect(
@@ -191,7 +198,11 @@ class APIIngress(CoreSysAttributes):
                 async for data in result.content.iter_chunked(4096):
                     await response.write(data)
 
-            except (aiohttp.ClientError, aiohttp.ClientPayloadError) as err:
+            except (
+                aiohttp.ClientError,
+                aiohttp.ClientPayloadError,
+                ConnectionResetError,
+            ) as err:
                 _LOGGER.error("Stream error with %s: %s", url, err)
 
             return response

supervisor/api/jobs.py

@@ -0,0 +1,44 @@
+"""Init file for Supervisor Jobs RESTful API."""
+import logging
+from typing import Any, Dict
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..coresys import CoreSysAttributes
+from ..jobs.const import ATTR_IGNORE_CONDITIONS, JobCondition
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_OPTIONS = vol.Schema(
+    {vol.Optional(ATTR_IGNORE_CONDITIONS): [vol.Coerce(JobCondition)]}
+)
+
+
+class APIJobs(CoreSysAttributes):
+    """Handle RESTful API for OS functions."""
+
+    @api_process
+    async def info(self, request: web.Request) -> Dict[str, Any]:
+        """Return JobManager information."""
+        return {
+            ATTR_IGNORE_CONDITIONS: self.sys_jobs.ignore_conditions,
+        }
+
+    @api_process
+    async def options(self, request: web.Request) -> None:
+        """Set options for JobManager."""
+        body = await api_validate(SCHEMA_OPTIONS, request)
+
+        if ATTR_IGNORE_CONDITIONS in body:
+            self.sys_jobs.ignore_conditions = body[ATTR_IGNORE_CONDITIONS]
+
+        self.sys_jobs.save_data()
+
+        await self.sys_resolution.evaluate.evaluate_system()
+
+    @api_process
+    async def reset(self, request: web.Request) -> None:
+        """Reset options for JobManager."""
+        self.sys_jobs.reset_data()

supervisor/api/multicast.py

@@ -10,22 +10,24 @@ from ..const import (
     ATTR_BLK_READ,
     ATTR_BLK_WRITE,
     ATTR_CPU_PERCENT,
-    ATTR_VERSION_LATEST,
     ATTR_MEMORY_LIMIT,
     ATTR_MEMORY_PERCENT,
     ATTR_MEMORY_USAGE,
     ATTR_NETWORK_RX,
     ATTR_NETWORK_TX,
+    ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
+    ATTR_VERSION_LATEST,
     CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
+from ..validate import version_tag
 from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
 
 class APIMulticast(CoreSysAttributes):
@@ -37,6 +39,7 @@ class APIMulticast(CoreSysAttributes):
         return {
             ATTR_VERSION: self.sys_plugins.multicast.version,
             ATTR_VERSION_LATEST: self.sys_plugins.multicast.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.multicast.need_update,
         }
 
     @api_process
@@ -62,7 +65,7 @@ class APIMulticast(CoreSysAttributes):
         version = body.get(ATTR_VERSION, self.sys_plugins.multicast.latest_version)
 
         if version == self.sys_plugins.multicast.version:
-            raise APIError("Version {} is already in use".format(version))
+            raise APIError(f"Version {version} is already in use")
         await asyncio.shield(self.sys_plugins.multicast.update(version))
 
     @api_process_raw(CONTENT_TYPE_BINARY)

supervisor/api/network.py

@@ -0,0 +1,282 @@
+"""REST API for network."""
+import asyncio
+from ipaddress import ip_address, ip_interface
+from typing import Any, Awaitable, Dict
+
+from aiohttp import web
+import attr
+import voluptuous as vol
+
+from ..const import (
+    ATTR_ACCESSPOINTS,
+    ATTR_ADDRESS,
+    ATTR_AUTH,
+    ATTR_CONNECTED,
+    ATTR_DNS,
+    ATTR_DOCKER,
+    ATTR_ENABLED,
+    ATTR_FREQUENCY,
+    ATTR_GATEWAY,
+    ATTR_HOST_INTERNET,
+    ATTR_ID,
+    ATTR_INTERFACE,
+    ATTR_INTERFACES,
+    ATTR_IPV4,
+    ATTR_IPV6,
+    ATTR_MAC,
+    ATTR_METHOD,
+    ATTR_MODE,
+    ATTR_NAMESERVERS,
+    ATTR_PARENT,
+    ATTR_PRIMARY,
+    ATTR_PSK,
+    ATTR_SIGNAL,
+    ATTR_SSID,
+    ATTR_SUPERVISOR_INTERNET,
+    ATTR_TYPE,
+    ATTR_VLAN,
+    ATTR_WIFI,
+    DOCKER_NETWORK,
+    DOCKER_NETWORK_MASK,
+)
+from ..coresys import CoreSysAttributes
+from ..exceptions import APIError, HostNetworkNotFound
+from ..host.const import AuthMethod, InterfaceType, WifiMode
+from ..host.network import (
+    AccessPoint,
+    Interface,
+    InterfaceMethod,
+    IpConfig,
+    VlanConfig,
+    WifiConfig,
+)
+from .utils import api_process, api_validate
+
+_SCHEMA_IP_CONFIG = vol.Schema(
+    {
+        vol.Optional(ATTR_ADDRESS): [vol.Coerce(ip_interface)],
+        vol.Optional(ATTR_METHOD): vol.Coerce(InterfaceMethod),
+        vol.Optional(ATTR_GATEWAY): vol.Coerce(ip_address),
+        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(ip_address)],
+    }
+)
+
+_SCHEMA_WIFI_CONFIG = vol.Schema(
+    {
+        vol.Optional(ATTR_MODE): vol.Coerce(WifiMode),
+        vol.Optional(ATTR_AUTH): vol.Coerce(AuthMethod),
+        vol.Optional(ATTR_SSID): str,
+        vol.Optional(ATTR_PSK): str,
+    }
+)
+
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_UPDATE = vol.Schema(
+    {
+        vol.Optional(ATTR_IPV4): _SCHEMA_IP_CONFIG,
+        vol.Optional(ATTR_IPV6): _SCHEMA_IP_CONFIG,
+        vol.Optional(ATTR_WIFI): _SCHEMA_WIFI_CONFIG,
+        vol.Optional(ATTR_ENABLED): vol.Boolean(),
+    }
+)
+
+
+def ipconfig_struct(config: IpConfig) -> Dict[str, Any]:
+    """Return a dict with information about ip configuration."""
+    return {
+        ATTR_METHOD: config.method,
+        ATTR_ADDRESS: [address.with_prefixlen for address in config.address],
+        ATTR_NAMESERVERS: [str(address) for address in config.nameservers],
+        ATTR_GATEWAY: str(config.gateway) if config.gateway else None,
+    }
+
+
+def wifi_struct(config: WifiConfig) -> Dict[str, Any]:
+    """Return a dict with information about wifi configuration."""
+    return {
+        ATTR_MODE: config.mode,
+        ATTR_AUTH: config.auth,
+        ATTR_SSID: config.ssid,
+        ATTR_SIGNAL: config.signal,
+    }
+
+
+def vlan_struct(config: VlanConfig) -> Dict[str, Any]:
+    """Return a dict with information about VLAN configuration."""
+    return {
+        ATTR_ID: config.id,
+        ATTR_PARENT: config.interface,
+    }
+
+
+def interface_struct(interface: Interface) -> Dict[str, Any]:
+    """Return a dict with information of a interface to be used in th API."""
+    return {
+        ATTR_INTERFACE: interface.name,
+        ATTR_TYPE: interface.type,
+        ATTR_ENABLED: interface.enabled,
+        ATTR_CONNECTED: interface.connected,
+        ATTR_PRIMARY: interface.primary,
+        ATTR_IPV4: ipconfig_struct(interface.ipv4) if interface.ipv4 else None,
+        ATTR_IPV6: ipconfig_struct(interface.ipv6) if interface.ipv6 else None,
+        ATTR_WIFI: wifi_struct(interface.wifi) if interface.wifi else None,
+        ATTR_VLAN: vlan_struct(interface.vlan) if interface.vlan else None,
+    }
+
+
+def accesspoint_struct(accesspoint: AccessPoint) -> Dict[str, Any]:
+    """Return a dict for AccessPoint."""
+    return {
+        ATTR_MODE: accesspoint.mode,
+        ATTR_SSID: accesspoint.ssid,
+        ATTR_FREQUENCY: accesspoint.frequency,
+        ATTR_SIGNAL: accesspoint.signal,
+        ATTR_MAC: accesspoint.mac,
+    }
+
+
+class APINetwork(CoreSysAttributes):
+    """Handle REST API for network."""
+
+    def _get_interface(self, name: str) -> Interface:
+        """Get Interface by name or default."""
+        name = name.lower()
+
+        if name == "default":
+            for interface in self.sys_host.network.interfaces:
+                if not interface.primary:
+                    continue
+                return interface
+
+        else:
+            try:
+                return self.sys_host.network.get(name)
+            except HostNetworkNotFound:
+                pass
+
+        raise APIError(f"Interface {name} does not exist") from None
+
+    @api_process
+    async def info(self, request: web.Request) -> Dict[str, Any]:
+        """Return network information."""
+        return {
+            ATTR_INTERFACES: [
+                interface_struct(interface)
+                for interface in self.sys_host.network.interfaces
+            ],
+            ATTR_DOCKER: {
+                ATTR_INTERFACE: DOCKER_NETWORK,
+                ATTR_ADDRESS: str(DOCKER_NETWORK_MASK),
+                ATTR_GATEWAY: str(self.sys_docker.network.gateway),
+                ATTR_DNS: str(self.sys_docker.network.dns),
+            },
+            ATTR_HOST_INTERNET: self.sys_host.network.connectivity,
+            ATTR_SUPERVISOR_INTERNET: self.sys_supervisor.connectivity,
+        }
+
+    @api_process
+    async def interface_info(self, request: web.Request) -> Dict[str, Any]:
+        """Return network information for a interface."""
+        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+
+        return interface_struct(interface)
+
+    @api_process
+    async def interface_update(self, request: web.Request) -> None:
+        """Update the configuration of an interface."""
+        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+
+        # Validate data
+        body = await api_validate(SCHEMA_UPDATE, request)
+        if not body:
+            raise APIError("You need to supply at least one option to update")
+
+        # Apply config
+        for key, config in body.items():
+            if key == ATTR_IPV4:
+                interface.ipv4 = attr.evolve(
+                    interface.ipv4 or IpConfig(InterfaceMethod.STATIC, [], None, []),
+                    **config,
+                )
+            elif key == ATTR_IPV6:
+                interface.ipv6 = attr.evolve(
+                    interface.ipv6 or IpConfig(InterfaceMethod.STATIC, [], None, []),
+                    **config,
+                )
+            elif key == ATTR_WIFI:
+                interface.wifi = attr.evolve(
+                    interface.wifi
+                    or WifiConfig(
+                        WifiMode.INFRASTRUCTURE, "", AuthMethod.OPEN, None, None
+                    ),
+                    **config,
+                )
+            elif key == ATTR_ENABLED:
+                interface.enabled = config
+
+        await asyncio.shield(self.sys_host.network.apply_changes(interface))
+
+    @api_process
+    def reload(self, request: web.Request) -> Awaitable[None]:
+        """Reload network data."""
+        return asyncio.shield(self.sys_host.network.update())
+
+    @api_process
+    async def scan_accesspoints(self, request: web.Request) -> Dict[str, Any]:
+        """Scan and return a list of available networks."""
+        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+
+        # Only wlan is supported
+        if interface.type != InterfaceType.WIRELESS:
+            raise APIError(f"Interface {interface.name} is not a valid wireless card!")
+
+        ap_list = await self.sys_host.network.scan_wifi(interface)
+
+        return {ATTR_ACCESSPOINTS: [accesspoint_struct(ap) for ap in ap_list]}
+
+    @api_process
+    async def create_vlan(self, request: web.Request) -> None:
+        """Create a new vlan."""
+        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        vlan = int(request.match_info.get(ATTR_VLAN))
+
+        # Only ethernet is supported
+        if interface.type != InterfaceType.ETHERNET:
+            raise APIError(
+                f"Interface {interface.name} is not a valid ethernet card for vlan!"
+            )
+        body = await api_validate(SCHEMA_UPDATE, request)
+
+        vlan_config = VlanConfig(vlan, interface.name)
+
+        ipv4_config = None
+        if ATTR_IPV4 in body:
+            ipv4_config = IpConfig(
+                body[ATTR_IPV4].get(ATTR_METHOD, InterfaceMethod.AUTO),
+                body[ATTR_IPV4].get(ATTR_ADDRESS, []),
+                body[ATTR_IPV4].get(ATTR_GATEWAY, None),
+                body[ATTR_IPV4].get(ATTR_NAMESERVERS, []),
+            )
+
+        ipv6_config = None
+        if ATTR_IPV6 in body:
+            ipv6_config = IpConfig(
+                body[ATTR_IPV6].get(ATTR_METHOD, InterfaceMethod.AUTO),
+                body[ATTR_IPV6].get(ATTR_ADDRESS, []),
+                body[ATTR_IPV6].get(ATTR_GATEWAY, None),
+                body[ATTR_IPV6].get(ATTR_NAMESERVERS, []),
+            )
+
+        vlan_interface = Interface(
+            "",
+            True,
+            True,
+            False,
+            InterfaceType.VLAN,
+            ipv4_config,
+            ipv6_config,
+            None,
+            vlan_config,
+        )
+        await asyncio.shield(self.sys_host.network.apply_changes(vlan_interface))

supervisor/api/observer.py

@@ -0,0 +1,67 @@
+"""Init file for Supervisor Observer RESTful API."""
+import asyncio
+import logging
+from typing import Any, Dict
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..const import (
+    ATTR_BLK_READ,
+    ATTR_BLK_WRITE,
+    ATTR_CPU_PERCENT,
+    ATTR_HOST,
+    ATTR_MEMORY_LIMIT,
+    ATTR_MEMORY_PERCENT,
+    ATTR_MEMORY_USAGE,
+    ATTR_NETWORK_RX,
+    ATTR_NETWORK_TX,
+    ATTR_UPDATE_AVAILABLE,
+    ATTR_VERSION,
+    ATTR_VERSION_LATEST,
+)
+from ..coresys import CoreSysAttributes
+from ..validate import version_tag
+from .utils import api_process, api_validate
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+
+
+class APIObserver(CoreSysAttributes):
+    """Handle RESTful API for Observer functions."""
+
+    @api_process
+    async def info(self, request: web.Request) -> Dict[str, Any]:
+        """Return HA Observer information."""
+        return {
+            ATTR_HOST: str(self.sys_docker.network.observer),
+            ATTR_VERSION: self.sys_plugins.observer.version,
+            ATTR_VERSION_LATEST: self.sys_plugins.observer.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_plugins.observer.need_update,
+        }
+
+    @api_process
+    async def stats(self, request: web.Request) -> Dict[str, Any]:
+        """Return resource information."""
+        stats = await self.sys_plugins.observer.stats()
+
+        return {
+            ATTR_CPU_PERCENT: stats.cpu_percent,
+            ATTR_MEMORY_USAGE: stats.memory_usage,
+            ATTR_MEMORY_LIMIT: stats.memory_limit,
+            ATTR_MEMORY_PERCENT: stats.memory_percent,
+            ATTR_NETWORK_RX: stats.network_rx,
+            ATTR_NETWORK_TX: stats.network_tx,
+            ATTR_BLK_READ: stats.blk_read,
+            ATTR_BLK_WRITE: stats.blk_write,
+        }
+
+    @api_process
+    async def update(self, request: web.Request) -> None:
+        """Update HA observer."""
+        body = await api_validate(SCHEMA_VERSION, request)
+        version = body.get(ATTR_VERSION, self.sys_plugins.observer.latest_version)
+
+        await asyncio.shield(self.sys_plugins.observer.update(version))

supervisor/api/os.py

@@ -9,15 +9,17 @@ import voluptuous as vol
 from ..const import (
     ATTR_BOARD,
     ATTR_BOOT,
+    ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
     ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
+from ..validate import version_tag
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
 
 class APIOS(CoreSysAttributes):
@@ -29,6 +31,7 @@ class APIOS(CoreSysAttributes):
         return {
             ATTR_VERSION: self.sys_hassos.version,
             ATTR_VERSION_LATEST: self.sys_hassos.latest_version,
+            ATTR_UPDATE_AVAILABLE: self.sys_hassos.need_update,
             ATTR_BOARD: self.sys_hassos.board,
             ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
         }