Significantly speed up creating backups with isal via zlib-fast

isal is a drop in replacement for zlib with the cavet that the compression level mappings are different. zlib-fast is a tiny piece of middleware to convert the standard zlib compression levels to isal compression levels to allow for drop-in replacement https://github.com/bdraco/zlib-fast/releases/tag/v0.1.0 https://github.com/pycompression/python-isal Compression for backups is ~5x faster than the baseline https://github.com/powturbo/TurboBench/issues/43
Fix dirhash failing to import pkg_resources
2025-10-24 19:19:48 +00:00 · 2024-01-27 13:06:41 -10:00 · 2024-01-14 00:02:12 -10:00 · 2024-01-13 19:19:01 +01:00 · 2024-01-13 16:35:07 +01:00 · 2024-01-12 09:52:44 +01:00
1894 changed files with 565693 additions and 17449 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,51 +0,0 @@
 FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.7
 WORKDIR /workspaces
 # Install Node/Yarn for Frontent
 RUN apt-get update && apt-get install -y --no-install-recommends \
        curl \
        git \
        apt-utils \
        apt-transport-https \
    && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
    && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
    && apt-get update && apt-get install -y --no-install-recommends \
        nodejs \
        yarn \
    && curl -o - https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
    && rm -rf /var/lib/apt/lists/*
 ENV NVM_DIR /root/.nvm
 # Install docker
 # https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/
 RUN apt-get update && apt-get install -y --no-install-recommends \
        apt-transport-https \
        ca-certificates \
        curl \
        software-properties-common \
        gpg-agent \
    && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
    && add-apt-repository "deb https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
    && apt-get update && apt-get install -y --no-install-recommends \
        docker-ce \
        docker-ce-cli \
        containerd.io \
    && rm -rf /var/lib/apt/lists/*
 # Install tools
 RUN apt-get update && apt-get install -y --no-install-recommends \
        jq \
        dbus \
        network-manager \
        libpulse0 \
    && rm -rf /var/lib/apt/lists/*
 # Install Python dependencies from requirements.txt if it exists
 COPY requirements.txt requirements_tests.txt ./
 RUN pip3 install -r requirements.txt -r requirements_tests.txt \
    && pip3 install tox \
    && rm -f requirements.txt requirements_tests.txt
 # Set the default shell to bash instead of sh
 ENV SHELL /bin/bash
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,23 +1,38 @@
 {
  "name": "Supervisor dev",
-  "context": "..",
+  "image": "ghcr.io/home-assistant/devcontainer:supervisor",
-  "dockerFile": "Dockerfile",
+  "containerEnv": {
-  "appPort": "9123:8123",
+    "WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
  },
  "appPort": ["9123:8123", "7357:4357"],
  "postCreateCommand": "bash devcontainer_bootstrap",
  "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
-  "extensions": [
+  "customizations": {
-    "ms-python.python",
+    "vscode": {
-    "visualstudioexptteam.vscodeintellicode",
+      "extensions": [
-    "esbenp.prettier-vscode"
+        "ms-python.python",
-  ],
+        "ms-python.pylint",
-  "settings": {
+        "ms-python.vscode-pylance",
-    "python.pythonPath": "/usr/local/bin/python",
+        "visualstudioexptteam.vscodeintellicode",
-    "python.linting.pylintEnabled": true,
+        "esbenp.prettier-vscode"
-    "python.linting.enabled": true,
+      ],
-    "python.formatting.provider": "black",
+      "settings": {
-    "python.formatting.blackArgs": ["--target-version", "py37"],
+        "terminal.integrated.profiles.linux": {
-    "editor.formatOnPaste": false,
+          "zsh": {
-    "editor.formatOnSave": true,
+            "path": "/usr/bin/zsh"
-    "editor.formatOnType": true,
+          }
-    "files.trimTrailingWhitespace": true
+        },
-  }
+        "terminal.integrated.defaultProfile.linux": "zsh",
        "editor.formatOnPaste": false,
        "editor.formatOnSave": true,
        "editor.formatOnType": true,
        "files.trimTrailingWhitespace": true,
        "python.pythonPath": "/usr/local/bin/python3",
        "python.formatting.provider": "black",
        "python.formatting.blackArgs": ["--target-version", "py312"],
        "python.formatting.blackPath": "/usr/local/bin/black"
      }
    }
  },
  "mounts": ["type=volume,target=/var/lib/docker"]
 }
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,29 +1,69 @@
 ---
 name: Report a bug with the Supervisor on a supported System
 about: Report an issue related to the Home Assistant Supervisor.
 labels: bug
 ---
 <!-- READ THIS FIRST:
 - If you need additional help with this template please refer to https://www.home-assistant.io/help/reporting_issues/
 - Make sure you are running the latest version of Home Assistant before reporting an issue: https://github.com/home-assistant/home-assistant/releases
 - Do not report issues for components here, plaese refer to https://github.com/home-assistant/home-assistant/issues
 - This is for bugs only. Feature and enhancement requests should go in our community forum: https://community.home-assistant.io/c/feature-requests
 - Provide as many details as possible. Paste logs, configuration sample and code into the backticks. Do not delete any text from this template!
- If you have a problem with a Add-on, make a issue on there repository.
+- If you have a problem with an add-on, make an issue in it's repository.
 -->
 **Home Assistant release with the issue:**
 <!--
- Frontend -> Developer tools -> Info
+Important: You can only fill a bug repport for an supported system! If you run an unsupported installation. This report would be closed without comment.
 - Or use this command: hass --version
 -->
-**Operating environment (HassOS/Generic):**
+### Describe the issue
 <!-- Provide as many details as possible. -->
 ### Steps to reproduce
 <!-- What do you do to encounter the issue. -->
 1. ...
 2. ...
 3. ...
 ### Enviroment details
 <!-- You can find these details in the system tab of the supervisor panel, or by using the `ha` CLI. -->
 - **Operating System:**: xxx
 - **Supervisor version:**: xxx
 - **Home Assistant version**: xxx
 ### Supervisor logs
 <details>
 <summary>Supervisor logs</summary>
 <!--
-Please provide details about your environment.
+- Frontend -> Supervisor -> System
 - Or use this command: ha supervisor logs
 - Logs are more than just errors, even if you don't think it's important, it is.
 -->
-**Supervisor logs:**
+```
 Paste supervisor logs here
 ```
 </details>
 ### System Information
 <details>
 <summary>System Information</summary>
 <!--
- Frontend -> Hass.io -> System
+- Use this command: ha info
 - Or use this command: hassio su logs
 -->
 ```
 Paste system info here
-**Description of problem:**
+```
 </details>
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,96 @@
 name: Bug Report Form
 description: Report an issue related to the Home Assistant Supervisor.
 labels: bug
 body:
  - type: markdown
    attributes:
      value: |
        This issue form is for reporting bugs with **supported** setups only!
        If you have a feature or enhancement request, please use the [feature request][fr] section of our [Community Forum][fr].
        [fr]: https://community.home-assistant.io/c/feature-requests
  - type: textarea
    validations:
      required: true
    attributes:
      label: Describe the issue you are experiencing
      description: Provide a clear and concise description of what the bug is.
  - type: markdown
    attributes:
      value: |
        ## Environment
  - type: dropdown
    validations:
      required: true
    attributes:
      label: What type of installation are you running?
      description: >
        If you don't know, can be found in [Settings -> System -> Repairs -> System Information](https://my.home-assistant.io/redirect/system_health/).
        It is listed as the `Installation Type` value.
      options:
        - Home Assistant OS
        - Home Assistant Supervised
  - type: dropdown
    validations:
      required: true
    attributes:
      label: Which operating system are you running on?
      options:
        - Home Assistant Operating System
        - Debian
        - Other (e.g., Raspbian/Raspberry Pi OS/Fedora)
  - type: markdown
    attributes:
      value: |
        # Details
  - type: textarea
    validations:
      required: true
    attributes:
      label: Steps to reproduce the issue
      description: |
        Please tell us exactly how to reproduce your issue.
        Provide clear and concise step by step instructions and add code snippets if needed.
      value: |
        1.
        2.
        3.
        ...
  - type: textarea
    validations:
      required: true
    attributes:
      label: Anything in the Supervisor logs that might be useful for us?
      description: >
        Supervisor Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/)
        then choose `Supervisor` in the top right.
        [![Open your Home Assistant instance and show your Supervisor system logs.](https://my.home-assistant.io/badges/supervisor_logs.svg)](https://my.home-assistant.io/redirect/supervisor_logs/)
      render: txt
  - type: textarea
    validations:
      required: true
    attributes:
      label: System Health information
      description: >
        System Health information can be found in the top right menu in [Settings -> System -> Repairs](https://my.home-assistant.io/redirect/repairs/).
        Click the copy button at the bottom of the pop-up and paste it here.
        [![Open your Home Assistant instance and show health information about your system.](https://my.home-assistant.io/badges/system_health.svg)](https://my.home-assistant.io/redirect/system_health/)
  - type: textarea
    attributes:
      label: Supervisor diagnostics
      placeholder: "drag-and-drop the diagnostics data file here (do not copy-and-paste the content)"
      description: >-
        Supervisor diagnostics can be found in [Settings -> Integrations](https://my.home-assistant.io/redirect/integrations/).
        Find the card that says `Home Assistant Supervisor`, open its menu and select 'Download diagnostics'.
        **Please drag-and-drop the downloaded file into the textbox below. Do not copy and paste its contents.**
  - type: textarea
    attributes:
      label: Additional information
      description: >
        If you have any additional information for us, use the field below.
        Please note, you can attach screenshots or screen recordings here, by
        dragging and dropping files in the field below.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,25 @@
 blank_issues_enabled: false
 contact_links:
  - name: Report a bug/issues with an unsupported Supervisor
    url: https://community.home-assistant.io
    about: The Community guide can help or was updated to solve your issue
  - name: Report a bug for the Supervisor panel
    url: https://github.com/home-assistant/frontend/issues
    about: The Supervisor panel is a part of the Home Assistant frontend
  - name: Report incorrect or missing information on our developer documentation
    url: https://github.com/home-assistant/developers.home-assistant.io/issues
    about: Our documentation has its own issue tracker. Please report issues with the website there.
  - name: Request a feature for the Supervisor
    url: https://community.home-assistant.io/c/feature-requests
    about: Request an new feature for the Supervisor.
  - name: I have a question or need support
    url: https://www.home-assistant.io/help
    about: We use GitHub for tracking bugs, check our website for resources on getting help.
  - name: I'm unsure where to go?
    url: https://www.home-assistant.io/join-chat
    about: If you are unsure where to go, then joining our chat is recommended; Just ask!
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,69 @@
 <!--
  You are amazing! Thanks for contributing to our project!
  Please, DO NOT DELETE ANY TEXT from this template! (unless instructed).
 -->
 ## Proposed change
 <!--
  Describe the big picture of your changes here to communicate to the
  maintainers why we should accept this pull request. If it fixes a bug
  or resolves a feature request, be sure to link to that issue in the
  additional information section.
 -->
 ## Type of change
 <!--
  What type of change does your PR introduce to Home Assistant?
  NOTE: Please, check only 1! box!
  If your PR requires multiple boxes to be checked, you'll most likely need to
  split it into multiple PRs. This makes things easier and faster to code review.
 -->
 - [ ] Dependency upgrade
 - [ ] Bugfix (non-breaking change which fixes an issue)
 - [ ] New feature (which adds functionality to the supervisor)
 - [ ] Breaking change (fix/feature causing existing functionality to break)
 - [ ] Code quality improvements to existing code or addition of tests
 ## Additional information
 <!--
  Details are important, and help maintainers processing your PR.
  Please be sure to fill out additional details, if applicable.
 -->
 - This PR fixes or closes issue: fixes #
 - This PR is related to issue:
 - Link to documentation pull request:
 - Link to cli pull request:
 ## Checklist
 <!--
  Put an `x` in the boxes that apply. You can also fill these out after
  creating the PR. If you're unsure about any of them, don't hesitate to ask.
  We're here to help! This is simply a reminder of what we are going to look
  for before merging your code.
 -->
 - [ ] The code change is tested and works locally.
 - [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
 - [ ] There is no commented out code in this PR.
 - [ ] I have followed the [development checklist][dev-checklist]
 - [ ] The code has been formatted using Black (`black --fast supervisor tests`)
 - [ ] Tests have been added to verify that the new code works.
 If API endpoints of add-on configuration are added/changed:
 - [ ] Documentation added/updated for [developers.home-assistant.io][docs-repository]
 <!--
  Thank you for contributing <3
  Below, some useful links you could explore:
 -->
 [dev-checklist]: https://developers.home-assistant.io/docs/en/development_checklist.html
 [docs-repository]: https://github.com/home-assistant/developers.home-assistant
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
 version: 2
 updates:
 - package-ecosystem: pip
  directory: "/"
  schedule:
    interval: daily
    time: "06:00"
  open-pull-requests-limit: 10
 - package-ecosystem: "github-actions"
  directory: "/"
  schedule:
    interval: daily
    time: "06:00"
  open-pull-requests-limit: 10
--- a/.github/lock.yml
+++ b/.github/lock.yml
@@ -1,27 +0,0 @@
 # Configuration for Lock Threads - https://github.com/dessant/lock-threads
 # Number of days of inactivity before a closed issue or pull request is locked
 daysUntilLock: 1
 # Skip issues and pull requests created before a given timestamp. Timestamp must
 # follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable
 skipCreatedBefore: 2020-01-01
 # Issues and pull requests with these labels will be ignored. Set to `[]` to disable
 exemptLabels: []
 # Label to add before locking, such as `outdated`. Set to `false` to disable
 lockLabel: false
 # Comment to post before locking. Set to `false` to disable
 lockComment: false
 # Assign `resolved` as the reason for locking. Set to `false` to disable
 setLockReason: false
 # Limit to only `issues` or `pulls`
 only: pulls
 # Optionally, specify configuration settings just for `issues` or `pulls`
 issues:
  daysUntilLock: 30
--- a/.github/release-drafter.yml
+++ b/.github/release-drafter.yml
@@ -1,4 +1,50 @@
 change-template: "- #$NUMBER $TITLE @$AUTHOR"
 sort-direction: ascending
 categories:
  - title: ":boom: Breaking Changes"
    label: "breaking-change"
  - title: ":wrench: Build"
    label: "build"
  - title: ":boar: Chore"
    label: "chore"
  - title: ":sparkles: New Features"
    label: "new-feature"
  - title: ":zap: Performance"
    label: "performance"
  - title: ":recycle: Refactor"
    label: "refactor"
  - title: ":green_heart: CI"
    label: "ci"
  - title: ":bug: Bug Fixes"
    label: "bugfix"
  - title: ":white_check_mark: Test"
    label: "test"
  - title: ":arrow_up: Dependency Updates"
    label: "dependencies"
    collapse-after: 1
 include-labels:
  - "breaking-change"
  - "build"
  - "chore"
  - "performance"
  - "refactor"
  - "new-feature"
  - "bugfix"
  - "dependencies"
  - "test"
  - "ci"
 template: |
  ## What's Changed
  $CHANGES
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -1,17 +0,0 @@
 # Number of days of inactivity before an issue becomes stale
 daysUntilStale: 60
 # Number of days of inactivity before a stale issue is closed
 daysUntilClose: 7
 # Issues with these labels will never be considered stale
 exemptLabels:
  - pinned
  - security
 # Label to use when marking an issue as stale
 staleLabel: wontfix
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed if no further activity occurs. Thank you
  for your contributions.
 # Comment to post when closing a stale issue. Set to `false` to disable
 closeComment: false
--- a/.github/workflows/builder.yml
+++ b/.github/workflows/builder.yml
@@ -0,0 +1,380 @@
 name: Build supervisor
 on:
  workflow_dispatch:
    inputs:
      channel:
        description: "Channel"
        required: true
        default: "dev"
      version:
        description: "Version"
        required: true
      publish:
        description: "Publish"
        required: true
        default: "false"
      stable:
        description: "Stable"
        required: true
        default: "false"
  pull_request:
    branches: ["main"]
  release:
    types: ["published"]
  push:
    branches: ["main"]
    paths:
      - "rootfs/**"
      - "supervisor/**"
      - build.yaml
      - Dockerfile
      - requirements.txt
      - setup.py
 env:
  DEFAULT_PYTHON: "3.12"
  BUILD_NAME: supervisor
  BUILD_TYPE: supervisor
 concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: true
 jobs:
  init:
    name: Initialize build
    runs-on: ubuntu-latest
    outputs:
      architectures: ${{ steps.info.outputs.architectures }}
      version: ${{ steps.version.outputs.version }}
      channel: ${{ steps.version.outputs.channel }}
      publish: ${{ steps.version.outputs.publish }}
      requirements: ${{ steps.requirements.outputs.changed }}
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4.1.1
        with:
          fetch-depth: 0
      - name: Get information
        id: info
        uses: home-assistant/actions/helpers/info@master
      - name: Get version
        id: version
        uses: home-assistant/actions/helpers/version@master
        with:
          type: ${{ env.BUILD_TYPE }}
      - name: Get changed files
        id: changed_files
        if: steps.version.outputs.publish == 'false'
        uses: masesgroup/retrieve-changed-files@v3.0.0
      - name: Check if requirements files changed
        id: requirements
        run: |
          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.yaml) ]]; then
            echo "changed=true" >> "$GITHUB_OUTPUT"
          fi
  build:
    name: Build ${{ matrix.arch }} supervisor
    needs: init
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    strategy:
      matrix:
        arch: ${{ fromJson(needs.init.outputs.architectures) }}
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4.1.1
        with:
          fetch-depth: 0
      - name: Write env-file
        if: needs.init.outputs.requirements == 'true'
        run: |
          (
            # Fix out of memory issues with rust
            echo "CARGO_NET_GIT_FETCH_WITH_CLI=true"
          ) > .env_file
      - name: Build wheels
        if: needs.init.outputs.requirements == 'true'
        uses: home-assistant/wheels@2024.01.0
        with:
          abi: cp312
          tag: musllinux_1_2
          arch: ${{ matrix.arch }}
          wheels-key: ${{ secrets.WHEELS_KEY }}
          apk: "libffi-dev;openssl-dev;yaml-dev"
          skip-binary: aiohttp
          env-file: true
          requirements: "requirements.txt"
      - name: Set version
        if: needs.init.outputs.publish == 'true'
        uses: home-assistant/actions/helpers/version@master
        with:
          type: ${{ env.BUILD_TYPE }}
      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
        if: needs.init.outputs.publish == 'true'
        uses: actions/setup-python@v5.0.0
        with:
          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Install Cosign
        if: needs.init.outputs.publish == 'true'
        uses: sigstore/cosign-installer@v3.3.0
        with:
          cosign-release: "v2.0.2"
      - name: Install dirhash and calc hash
        if: needs.init.outputs.publish == 'true'
        run: |
          pip3 install setuptools dirhash
          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
          echo "${dir_hash}" > rootfs/supervisor.sha256
      - name: Sign supervisor SHA256
        if: needs.init.outputs.publish == 'true'
        run: |
          cosign sign-blob --yes rootfs/supervisor.sha256 --bundle rootfs/supervisor.sha256.sig
      - name: Login to GitHub Container Registry
        if: needs.init.outputs.publish == 'true'
        uses: docker/login-action@v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set build arguments
        if: needs.init.outputs.publish == 'false'
        run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
      - name: Build supervisor
        uses: home-assistant/builder@2024.01.0
        with:
          args: |
            $BUILD_ARGS \
            --${{ matrix.arch }} \
            --target /data \
            --cosign \
            --generic ${{ needs.init.outputs.version }}
        env:
          CAS_API_KEY: ${{ secrets.CAS_TOKEN }}
  version:
    name: Update version
    needs: ["init", "run_supervisor"]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
        if: needs.init.outputs.publish == 'true'
        uses: actions/checkout@v4.1.1
      - name: Initialize git
        if: needs.init.outputs.publish == 'true'
        uses: home-assistant/actions/helpers/git-init@master
        with:
          name: ${{ secrets.GIT_NAME }}
          email: ${{ secrets.GIT_EMAIL }}
          token: ${{ secrets.GIT_TOKEN }}
      - name: Update version file
        if: needs.init.outputs.publish == 'true'
        uses: home-assistant/actions/helpers/version-push@master
        with:
          key: ${{ env.BUILD_NAME }}
          version: ${{ needs.init.outputs.version }}
          channel: ${{ needs.init.outputs.channel }}
  run_supervisor:
    runs-on: ubuntu-latest
    name: Run the Supervisor
    needs: ["build", "init"]
    timeout-minutes: 60
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4.1.1
      - name: Build the Supervisor
        if: needs.init.outputs.publish != 'true'
        uses: home-assistant/builder@2024.01.0
        with:
          args: |
            --test \
            --amd64 \
            --target /data \
            --generic runner
      - name: Pull Supervisor
        if: needs.init.outputs.publish == 'true'
        run: |
          docker pull ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
          docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} ghcr.io/home-assistant/amd64-hassio-supervisor:runner
      - name: Create the Supervisor
        run: |
          mkdir -p /tmp/supervisor/data
          docker create --name hassio_supervisor \
            --privileged \
            --security-opt seccomp=unconfined \
            --security-opt apparmor=unconfined \
            -v /run/docker.sock:/run/docker.sock \
            -v /run/dbus:/run/dbus \
            -v /tmp/supervisor/data:/data \
            -v /etc/machine-id:/etc/machine-id:ro \
            -e SUPERVISOR_SHARE="/tmp/supervisor/data" \
            -e SUPERVISOR_NAME=hassio_supervisor \
            -e SUPERVISOR_DEV=1 \
            -e SUPERVISOR_MACHINE="qemux86-64" \
          ghcr.io/home-assistant/amd64-hassio-supervisor:runner
      - name: Start the Supervisor
        run: docker start hassio_supervisor
      - name: Wait for Supervisor to come up
        run: |
          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
          ping="error"
          while [ "$ping" != "ok" ]; do
            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
            sleep 5
          done
      - name: Check the Supervisor
        run: |
          echo "Checking supervisor info"
          test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          echo "Checking supervisor network info"
          test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Check the Store / Addon
        run: |
          echo "Install Core SSH Add-on"
          test=$(docker exec hassio_cli ha addons install core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          # Make sure it actually installed
          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
          if [[ "$test" == "null" ]]; then
            exit 1
          fi
          echo "Start Core SSH Add-on"
          test=$(docker exec hassio_cli ha addons start core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          # Make sure its state is started
          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
          if [ "$test" != "started" ]; then
            exit 1
          fi
      - name: Check the Supervisor code sign
        if: needs.init.outputs.publish == 'true'
        run: |
          echo "Enable Content-Trust"
          test=$(docker exec hassio_cli ha security options --content-trust=true --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          echo "Run supervisor health check"
          test=$(docker exec hassio_cli ha resolution healthcheck --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          echo "Check supervisor unhealthy"
          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unhealthy[]')
          if [ "$test" != "" ]; then
            exit 1
          fi
          echo "Check supervisor supported"
          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unsupported[]')
          if [[ "$test" =~ source_mods ]]; then
            exit 1
          fi
      - name: Create full backup
        id: backup
        run: |
          test=$(docker exec hassio_cli ha backups new --no-progress --raw-json)
          if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
            exit 1
          fi
          echo "slug=$(echo $test | jq -r '.data.slug')" >> "$GITHUB_OUTPUT"
      - name: Uninstall SSH add-on
        run: |
          test=$(docker exec hassio_cli ha addons uninstall core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Restart supervisor
        run: |
          test=$(docker exec hassio_cli ha supervisor restart --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Wait for Supervisor to come up
        run: |
          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
          ping="error"
          while [ "$ping" != "ok" ]; do
            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
            sleep 5
          done
      - name: Restore SSH add-on from backup
        run: |
          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --addons core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          # Make sure it actually installed
          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
          if [[ "$test" == "null" ]]; then
            exit 1
          fi
          # Make sure its state is started
          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
          if [ "$test" != "started" ]; then
            exit 1
          fi
      - name: Restore SSL directory from backup
        run: |
          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --folders ssl --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Get supervisor logs on failiure
        if: ${{ cancelled() || failure() }}
        run: docker logs hassio_supervisor
--- a/.github/workflows/check_pr_labels.yml
+++ b/.github/workflows/check_pr_labels.yml
@@ -0,0 +1,19 @@
 name: Check PR
 on:
  pull_request:
    branches: ["main"]
    types: [labeled, unlabeled, synchronize]
 jobs:
  init:
    name: Check labels
    runs-on: ubuntu-latest
    steps:
      - name: Check labels
        run: |
          labels=$(jq -r '.pull_request.labels[] | .name' ${{github.event_path }})
          echo "$labels"
          if [ "$labels" == "cla-signed" ]; then
            exit 1
          fi
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,433 @@
 name: CI
 # yamllint disable-line rule:truthy
 on:
  push:
    branches:
      - main
  pull_request: ~
 env:
  DEFAULT_PYTHON: "3.12"
  PRE_COMMIT_CACHE: ~/.cache/pre-commit
 concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: true
 jobs:
  # Separate job to pre-populate the base dependency cache
  # This prevent upcoming jobs to do the same individually
  prepare:
    runs-on: ubuntu-latest
    outputs:
      python-version: ${{ steps.python.outputs.python-version }}
    name: Prepare Python dependencies
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python
        id: python
        uses: actions/setup-python@v5.0.0
        with:
          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Create Python virtual environment
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          python -m venv venv
          . venv/bin/activate
          pip install -U pip setuptools
          pip install -r requirements.txt -r requirements_tests.txt
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v3.3.3
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          lookup-only: true
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
          restore-keys: |
            ${{ runner.os }}-pre-commit-
      - name: Install pre-commit dependencies
        if: steps.cache-precommit.outputs.cache-hit != 'true'
        run: |
          . venv/bin/activate
          pre-commit install-hooks
  lint-black:
    name: Check black
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run black
        run: |
          . venv/bin/activate
          black --target-version py312 --check supervisor tests setup.py
  lint-dockerfile:
    name: Check Dockerfile
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Register hadolint problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/hadolint.json"
      - name: Check Dockerfile
        uses: docker://hadolint/hadolint:v1.18.0
        with:
          args: hadolint Dockerfile
  lint-executable-shebangs:
    name: Check executables
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v3.3.3
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Register check executables problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json"
      - name: Run executables check
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
  lint-flake8:
    name: Check flake8
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Register flake8 problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/flake8.json"
      - name: Run flake8
        run: |
          . venv/bin/activate
          flake8 supervisor tests
  lint-isort:
    name: Check isort
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v3.3.3
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run isort
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual isort --all-files --show-diff-on-failure
  lint-json:
    name: Check JSON
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v3.3.3
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Register check-json problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/check-json.json"
      - name: Run check-json
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual check-json --all-files
  lint-pylint:
    name: Check pylint
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Register pylint problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/pylint.json"
      - name: Run pylint
        run: |
          . venv/bin/activate
          pylint supervisor tests
  lint-pyupgrade:
    name: Check pyupgrade
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v3.3.3
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run pyupgrade
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual pyupgrade --all-files --show-diff-on-failure
  pytest:
    runs-on: ubuntu-latest
    needs: prepare
    name: Run tests Python ${{ needs.prepare.outputs.python-version }}
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.3.0
        with:
          cosign-release: "v2.0.2"
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Install additional system dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus dbus-x11
      - name: Register Python problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/python.json"
      - name: Install Pytest Annotation plugin
        run: |
          . venv/bin/activate
          # Ideally this should be part of our dependencies
          # However this plugin is fairly new and doesn't run correctly
          # on a non-GitHub environment.
          pip install pytest-github-actions-annotate-failures
      - name: Run pytest
        run: |
          . venv/bin/activate
          pytest \
            -qq \
            --timeout=10 \
            --durations=10 \
            --cov supervisor \
            -o console_output_style=count \
            tests
      - name: Upload coverage artifact
        uses: actions/upload-artifact@v4.0.0
        with:
          name: coverage-${{ matrix.python-version }}
          path: .coverage
  coverage:
    name: Process test coverage
    runs-on: ubuntu-latest
    needs: ["pytest", "prepare"]
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.0.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v3.3.3
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Download all coverage artifacts
        uses: actions/download-artifact@v4.1.1
      - name: Combine coverage results
        run: |
          . venv/bin/activate
          coverage combine coverage*/.coverage*
          coverage report
          coverage xml
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v3.1.4
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -0,0 +1,20 @@
 name: Lock
 # yamllint disable-line rule:truthy
 on:
  schedule:
    - cron: "0 0 * * *"
 jobs:
  lock:
    runs-on: ubuntu-latest
    steps:
      - uses: dessant/lock-threads@v5.0.1
        with:
          github-token: ${{ github.token }}
          issue-inactive-days: "30"
          exclude-issue-created-before: "2020-10-01T00:00:00Z"
          issue-lock-reason: ""
          pr-inactive-days: "1"
          exclude-pr-created-before: "2020-11-01T00:00:00Z"
          pr-lock-reason: ""
--- a/.github/workflows/matchers/check-executables-have-shebangs.json
+++ b/.github/workflows/matchers/check-executables-have-shebangs.json
@@ -0,0 +1,14 @@
 {
  "problemMatcher": [
    {
      "owner": "check-executables-have-shebangs",
      "pattern": [
        {
          "regexp": "^(.+):\\s(.+)$",
          "file": 1,
          "message": 2
        }
      ]
    }
  ]
 }
--- a/.github/workflows/matchers/check-json.json
+++ b/.github/workflows/matchers/check-json.json
@@ -0,0 +1,16 @@
 {
  "problemMatcher": [
    {
      "owner": "check-json",
      "pattern": [
        {
          "regexp": "^(.+):\\s(.+\\sline\\s(\\d+)\\scolumn\\s(\\d+).+)$",
          "file": 1,
          "message": 2,
          "line": 3,
          "column": 4
        }
      ]
    }
  ]
 }
--- a/.github/workflows/matchers/flake8.json
+++ b/.github/workflows/matchers/flake8.json
@@ -0,0 +1,30 @@
 {
  "problemMatcher": [
    {
      "owner": "flake8-error",
      "severity": "error",
      "pattern": [
        {
          "regexp": "^(.*):(\\d+):(\\d+):\\s(E\\d{3}\\s.*)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4
        }
      ]
    },
    {
      "owner": "flake8-warning",
      "severity": "warning",
      "pattern": [
        {
          "regexp": "^(.*):(\\d+):(\\d+):\\s([CDFNW]\\d{3}\\s.*)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4
        }
      ]
    }
  ]
 }
--- a/.github/workflows/matchers/hadolint.json
+++ b/.github/workflows/matchers/hadolint.json
@@ -0,0 +1,16 @@
 {
  "problemMatcher": [
    {
      "owner": "hadolint",
      "pattern": [
        {
          "regexp": "^(.+):(\\d+)\\s+((DL\\d{4}).+)$",
          "file": 1,
          "line": 2,
          "message": 3,
          "code": 4
        }
      ]
    }
  ]
 }
--- a/.github/workflows/matchers/pylint.json
+++ b/.github/workflows/matchers/pylint.json
@@ -0,0 +1,32 @@
 {
  "problemMatcher": [
    {
      "owner": "pylint-error",
      "severity": "error",
      "pattern": [
        {
          "regexp": "^(.+):(\\d+):(\\d+):\\s(([EF]\\d{4}):\\s.+)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4,
          "code": 5
        }
      ]
    },
    {
      "owner": "pylint-warning",
      "severity": "warning",
      "pattern": [
        {
          "regexp": "^(.+):(\\d+):(\\d+):\\s(([CRW]\\d{4}):\\s.+)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4,
          "code": 5
        }
      ]
    }
  ]
 }
--- a/.github/workflows/matchers/python.json
+++ b/.github/workflows/matchers/python.json
@@ -0,0 +1,18 @@
 {
  "problemMatcher": [
    {
      "owner": "python",
      "pattern": [
        {
          "regexp": "^\\s*File\\s\\\"(.*)\\\",\\sline\\s(\\d+),\\sin\\s(.*)$",
          "file": 1,
          "line": 2
        },
        {
          "regexp": "^\\s*raise\\s(.*)\\(\\'(.*)\\'\\)$",
          "message": 2
        }
      ]
    }
  ]
 }
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -0,0 +1,44 @@
 name: Release Drafter
 on:
  push:
    branches:
      - main
 jobs:
  update_release_draft:
    runs-on: ubuntu-latest
    name: Release Drafter
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4.1.1
        with:
          fetch-depth: 0
      - name: Find Next Version
        id: version
        run: |
          declare -i newpost
          latest=$(git describe --tags $(git rev-list --tags --max-count=1))
          latestpre=$(echo "$latest" | awk '{split($0,a,"."); print a[1] "." a[2]}')
          datepre=$(date --utc '+%Y.%m')
          if [[ "$latestpre" == "$datepre" ]]; then
              latestpost=$(echo "$latest" | awk '{split($0,a,"."); print a[3]}')
              newpost=$latestpost+1
          else
              newpost=0
          fi
          echo Current version:    $latest
          echo New target version: $datepre.$newpost
          echo "version=$datepre.$newpost" >> "$GITHUB_OUTPUT"
      - name: Run Release Drafter
        uses: release-drafter/release-drafter@v5.25.0
        with:
          tag: ${{ steps.version.outputs.version }}
          name: ${{ steps.version.outputs.version }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/sentry.yaml
+++ b/.github/workflows/sentry.yaml
@@ -0,0 +1,21 @@
 name: Sentry Release
 # yamllint disable-line rule:truthy
 on:
  release:
    types: [published, prereleased]
 jobs:
  createSentryRelease:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.1.1
      - name: Sentry Release
        uses: getsentry/action-release@v1.6.0
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
        with:
          environment: production
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,39 @@
 name: Stale
 # yamllint disable-line rule:truthy
 on:
  schedule:
    - cron: "0 * * * *"
 jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v9.0.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          days-before-stale: 30
          days-before-close: 7
          stale-issue-label: "stale"
          exempt-issue-labels: "no-stale,Help%20wanted,help-wanted,pinned,rfc,security"
          stale-issue-message: >
            There hasn't been any activity on this issue recently. Due to the
            high number of incoming GitHub notifications, we have to clean some
            of the old issues, as many of them have already been resolved with
            the latest updates.
            Please make sure to update to the latest version and check if that
            solves the issue. Let us know if that works for you by
            adding a comment 👍
            This issue has now been marked as stale and will be closed if no
            further activity occurs. Thank you for your contributions.
          stale-pr-label: "stale"
          exempt-pr-labels: "no-stale,pinned,rfc,security"
          stale-pr-message: >
            There hasn't been any activity on this pull request recently. This
            pull request has been automatically marked as stale because of that
            and will be closed if no further activity occurs within 7 days.
            Thank you for your contributions.
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -1,5 +1,7 @@
 ignored:
-  - DL3018
+  - DL3003
  - DL3006
  - DL3013
  - DL3018
  - DL3042
  - SC2155
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,34 @@
 repos:
  - repo: https://github.com/psf/black
    rev: 23.12.1
    hooks:
      - id: black
        args:
          - --safe
          - --quiet
          - --target-version
          - py312
        files: ^((supervisor|tests)/.+)?[^/]+\.py$
  - repo: https://github.com/PyCQA/flake8
    rev: 7.0.0
    hooks:
      - id: flake8
        additional_dependencies:
          - flake8-docstrings==1.7.0
          - pydocstyle==6.3.0
        files: ^(supervisor|script|tests)/.+\.py$
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-executables-have-shebangs
        stages: [manual]
      - id: check-json
  - repo: https://github.com/PyCQA/isort
    rev: 5.13.2
    hooks:
      - id: isort
  - repo: https://github.com/asottile/pyupgrade
    rev: v3.15.0
    hooks:
      - id: pyupgrade
        args: [--py312-plus]
--- a/.vcnignore
+++ b/.vcnignore
@@ -0,0 +1,21 @@
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *$py.class
 # Distribution / packaging
 *.egg-info/
 # General files
 .git
 .github
 .devcontainer
 .vscode
 .tox
 # Data
 home-assistant-polymer/
 script/
 tests/
 data/
 venv/
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -13,6 +13,13 @@
          "remoteRoot": "/usr/src/supervisor"
        }
      ]
    },
    {
      "name": "Debug Tests",
      "type": "python",
      "request": "test",
      "console": "internalConsole",
      "justMyCode": false
    }
  ]
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -2,9 +2,9 @@
  "version": "2.0.0",
  "tasks": [
    {
-      "label": "Run Testenv",
+      "label": "Run Supervisor",
      "type": "shell",
-      "command": "./scripts/test_env.sh",
+      "command": "supervisor_run",
      "group": {
        "kind": "test",
        "isDefault": true
@@ -16,7 +16,7 @@
      "problemMatcher": []
    },
    {
-      "label": "Run Testenv CLI",
+      "label": "Run Supervisor CLI",
      "type": "shell",
      "command": "docker exec -ti hassio_cli /usr/bin/cli.sh",
      "group": {
@@ -30,9 +30,9 @@
      "problemMatcher": []
    },
    {
-      "label": "Update UI",
+      "label": "Update Supervisor Panel",
      "type": "shell",
-      "command": "./scripts/update-frontend.sh",
+      "command": "LOKALISE_TOKEN='${input:localiseToken}' ./scripts/update-frontend.sh",
      "group": {
        "kind": "build",
        "isDefault": true
@@ -86,5 +86,12 @@
      },
      "problemMatcher": []
    }
  ],
  "inputs": [
    {
      "id": "localiseToken",
      "type": "promptString",
      "description": "Paste your lokalise token to download frontend translations"
    }
  ]
 }
--- a/API.md
+++ b/API.md
--- a/29
+++ b/29
@@ -1,38 +1,45 @@
 ARG BUILD_FROM
-FROM $BUILD_FROM
+FROM ${BUILD_FROM}
 ENV \
-    S6_SERVICES_GRACETIME=10000
+    S6_SERVICES_GRACETIME=10000 \
    SUPERVISOR_API=http://localhost \
    CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
 ARG \
    COSIGN_VERSION \
    BUILD_ARCH
 # Install base
 WORKDIR /usr/src
 RUN \
-    apk add --no-cache \
+    set -x \
    && apk add --no-cache \
        findutils \
        eudev \
        eudev-libs \
        git \
        glib \
        libffi \
        libpulse \
        musl \
        openssl \
-        socat
+        yaml \
-
+    \
-ARG BUILD_ARCH
+    && curl -Lso /usr/bin/cosign "https://github.com/home-assistant/cosign/releases/download/${COSIGN_VERSION}/cosign_${BUILD_ARCH}" \
-WORKDIR /usr/src
+    && chmod a+x /usr/bin/cosign
 # Install requirements
 COPY requirements.txt .
 RUN \
    export MAKEFLAGS="-j$(nproc)" \
-    && pip3 install --no-cache-dir --no-index --only-binary=:all: --find-links \
+    && pip3 install --only-binary=:all: \
        "https://wheels.home-assistant.io/alpine-$(cut -d '.' -f 1-2 < /etc/alpine-release)/${BUILD_ARCH}/" \
        -r ./requirements.txt \
    && rm -f requirements.txt
 # Install Home Assistant Supervisor
 COPY . supervisor
 RUN \
-    pip3 install --no-cache-dir -e ./supervisor \
+    pip3 install -e ./supervisor \
    && python3 -m compileall ./supervisor/supervisor
--- a/875
+++ b/875
@@ -1,674 +1,201 @@
-                    GNU GENERAL PUBLIC LICENSE
+                                 Apache License
-                       Version 3, 29 June 2007
+                           Version 2.0, January 2004
-
+                        http://www.apache.org/licenses/
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+
- Everyone is permitted to copy and distribute verbatim copies
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
- of this license document, but changing it is not allowed.
+
-
+   1. Definitions.
-                            Preamble
+
-
+      "License" shall mean the terms and conditions for use, reproduction,
-  The GNU General Public License is a free, copyleft license for
+      and distribution as defined by Sections 1 through 9 of this document.
-software and other kinds of works.
+
-
+      "Licensor" shall mean the copyright owner or entity authorized by
-  The licenses for most software and other practical works are designed
+      the copyright owner that is granting the License.
-to take away your freedom to share and change the works.  By contrast,
+
-the GNU General Public License is intended to guarantee your freedom to
+      "Legal Entity" shall mean the union of the acting entity and all
-share and change all versions of a program--to make sure it remains free
+      other entities that control, are controlled by, or are under common
-software for all its users.  We, the Free Software Foundation, use the
+      control with that entity. For the purposes of this definition,
-GNU General Public License for most of our software; it applies also to
+      "control" means (i) the power, direct or indirect, to cause the
-any other work released this way by its authors.  You can apply it to
+      direction or management of such entity, whether by contract or
-your programs, too.
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-
+      outstanding shares, or (iii) beneficial ownership of such entity.
-  When we speak of free software, we are referring to freedom, not
+
-price.  Our General Public Licenses are designed to make sure that you
+      "You" (or "Your") shall mean an individual or Legal Entity
-have the freedom to distribute copies of free software (and charge for
+      exercising permissions granted by this License.
-them if you wish), that you receive source code or can get it if you
+
-want it, that you can change the software or use pieces of it in new
+      "Source" form shall mean the preferred form for making modifications,
-free programs, and that you know you can do these things.
+      including but not limited to software source code, documentation
-
+      source, and configuration files.
-  To protect your rights, we need to prevent others from denying you
+
-these rights or asking you to surrender the rights.  Therefore, you have
+      "Object" form shall mean any form resulting from mechanical
-certain responsibilities if you distribute copies of the software, or if
+      transformation or translation of a Source form, including but
-you modify it: responsibilities to respect the freedom of others.
+      not limited to compiled object code, generated documentation,
-
+      and conversions to other media types.
-  For example, if you distribute copies of such a program, whether
+
-gratis or for a fee, you must pass on to the recipients the same
+      "Work" shall mean the work of authorship, whether in Source or
-freedoms that you received.  You must make sure that they, too, receive
+      Object form, made available under the License, as indicated by a
-or can get the source code.  And you must show them these terms so they
+      copyright notice that is included in or attached to the work
-know their rights.
+      (an example is provided in the Appendix below).
-
+
-  Developers that use the GNU GPL protect your rights with two steps:
+      "Derivative Works" shall mean any work, whether in Source or Object
-(1) assert copyright on the software, and (2) offer you this License
+      form, that is based on (or derived from) the Work and for which the
-giving you legal permission to copy, distribute and/or modify it.
+      editorial revisions, annotations, elaborations, or other modifications
-
+      represent, as a whole, an original work of authorship. For the purposes
-  For the developers' and authors' protection, the GPL clearly explains
+      of this License, Derivative Works shall not include works that remain
-that there is no warranty for this free software.  For both users' and
+      separable from, or merely link (or bind by name) to the interfaces of,
-authors' sake, the GPL requires that modified versions be marked as
+      the Work and Derivative Works thereof.
-changed, so that their problems will not be attributed erroneously to
+
-authors of previous versions.
+      "Contribution" shall mean any work of authorship, including
-
+      the original version of the Work and any modifications or additions
-  Some devices are designed to deny users access to install or run
+      to that Work or Derivative Works thereof, that is intentionally
-modified versions of the software inside them, although the manufacturer
+      submitted to Licensor for inclusion in the Work by the copyright owner
-can do so.  This is fundamentally incompatible with the aim of
+      or by an individual or Legal Entity authorized to submit on behalf of
-protecting users' freedom to change the software.  The systematic
+      the copyright owner. For the purposes of this definition, "submitted"
-pattern of such abuse occurs in the area of products for individuals to
+      means any form of electronic, verbal, or written communication sent
-use, which is precisely where it is most unacceptable.  Therefore, we
+      to the Licensor or its representatives, including but not limited to
-have designed this version of the GPL to prohibit the practice for those
+      communication on electronic mailing lists, source code control systems,
-products.  If such problems arise substantially in other domains, we
+      and issue tracking systems that are managed by, or on behalf of, the
-stand ready to extend this provision to those domains in future versions
+      Licensor for the purpose of discussing and improving the Work, but
-of the GPL, as needed to protect the freedom of users.
+      excluding communication that is conspicuously marked or otherwise
-
+      designated in writing by the copyright owner as "Not a Contribution."
-  Finally, every program is threatened constantly by software patents.
+
-States should not allow patents to restrict development and use of
+      "Contributor" shall mean Licensor and any individual or Legal Entity
-software on general-purpose computers, but in those that do, we wish to
+      on behalf of whom a Contribution has been received by Licensor and
-avoid the special danger that patents applied to a free program could
+      subsequently incorporated within the Work.
-make it effectively proprietary.  To prevent this, the GPL assures that
+
-patents cannot be used to render the program non-free.
+   2. Grant of Copyright License. Subject to the terms and conditions of
-
+      this License, each Contributor hereby grants to You a perpetual,
-  The precise terms and conditions for copying, distribution and
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-modification follow.
+      copyright license to reproduce, prepare Derivative Works of,
-
+      publicly display, publicly perform, sublicense, and distribute the
-                       TERMS AND CONDITIONS
+      Work and such Derivative Works in Source or Object form.
-
+
-  0. Definitions.
+   3. Grant of Patent License. Subject to the terms and conditions of
-
+      this License, each Contributor hereby grants to You a perpetual,
-  "This License" refers to version 3 of the GNU General Public License.
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-
+      (except as stated in this section) patent license to make, have made,
-  "Copyright" also means copyright-like laws that apply to other kinds of
+      use, offer to sell, sell, import, and otherwise transfer the Work,
-works, such as semiconductor masks.
+      where such license applies only to those patent claims licensable
-
+      by such Contributor that are necessarily infringed by their
-  "The Program" refers to any copyrightable work licensed under this
+      Contribution(s) alone or by combination of their Contribution(s)
-License.  Each licensee is addressed as "you".  "Licensees" and
+      with the Work to which such Contribution(s) was submitted. If You
-"recipients" may be individuals or organizations.
+      institute patent litigation against any entity (including a
-
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
-  To "modify" a work means to copy from or adapt all or part of the work
+      or a Contribution incorporated within the Work constitutes direct
-in a fashion requiring copyright permission, other than the making of an
+      or contributory patent infringement, then any patent licenses
-exact copy.  The resulting work is called a "modified version" of the
+      granted to You under this License for that Work shall terminate
-earlier work or a work "based on" the earlier work.
+      as of the date such litigation is filed.
-
+
-  A "covered work" means either the unmodified Program or a work based
+   4. Redistribution. You may reproduce and distribute copies of the
-on the Program.
+      Work or Derivative Works thereof in any medium, with or without
-
+      modifications, and in Source or Object form, provided that You
-  To "propagate" a work means to do anything with it that, without
+      meet the following conditions:
-permission, would make you directly or secondarily liable for
+
-infringement under applicable copyright law, except executing it on a
+      (a) You must give any other recipients of the Work or
-computer or modifying a private copy.  Propagation includes copying,
+          Derivative Works a copy of this License; and
-distribution (with or without modification), making available to the
+
-public, and in some countries other activities as well.
+      (b) You must cause any modified files to carry prominent notices
-
+          stating that You changed the files; and
-  To "convey" a work means any kind of propagation that enables other
+
-parties to make or receive copies.  Mere interaction with a user through
+      (c) You must retain, in the Source form of any Derivative Works
-a computer network, with no transfer of a copy, is not conveying.
+          that You distribute, all copyright, patent, trademark, and
-
+          attribution notices from the Source form of the Work,
-  An interactive user interface displays "Appropriate Legal Notices"
+          excluding those notices that do not pertain to any part of
-to the extent that it includes a convenient and prominently visible
+          the Derivative Works; and
-feature that (1) displays an appropriate copyright notice, and (2)
+
-tells the user that there is no warranty for the work (except to the
+      (d) If the Work includes a "NOTICE" text file as part of its
-extent that warranties are provided), that licensees may convey the
+          distribution, then any Derivative Works that You distribute must
-work under this License, and how to view a copy of this License.  If
+          include a readable copy of the attribution notices contained
-the interface presents a list of user commands or options, such as a
+          within such NOTICE file, excluding those notices that do not
-menu, a prominent item in the list meets this criterion.
+          pertain to any part of the Derivative Works, in at least one
-
+          of the following places: within a NOTICE text file distributed
-  1. Source Code.
+          as part of the Derivative Works; within the Source form or
-
+          documentation, if provided along with the Derivative Works; or,
-  The "source code" for a work means the preferred form of the work
+          within a display generated by the Derivative Works, if and
-for making modifications to it.  "Object code" means any non-source
+          wherever such third-party notices normally appear. The contents
-form of a work.
+          of the NOTICE file are for informational purposes only and
-
+          do not modify the License. You may add Your own attribution
-  A "Standard Interface" means an interface that either is an official
+          notices within Derivative Works that You distribute, alongside
-standard defined by a recognized standards body, or, in the case of
+          or as an addendum to the NOTICE text from the Work, provided
-interfaces specified for a particular programming language, one that
+          that such additional attribution notices cannot be construed
-is widely used among developers working in that language.
+          as modifying the License.
-
+
-  The "System Libraries" of an executable work include anything, other
+      You may add Your own copyright statement to Your modifications and
-than the work as a whole, that (a) is included in the normal form of
+      may provide additional or different license terms and conditions
-packaging a Major Component, but which is not part of that Major
+      for use, reproduction, or distribution of Your modifications, or
-Component, and (b) serves only to enable use of the work with that
+      for any such Derivative Works as a whole, provided Your use,
-Major Component, or to implement a Standard Interface for which an
+      reproduction, and distribution of the Work otherwise complies with
-implementation is available to the public in source code form.  A
+      the conditions stated in this License.
-"Major Component", in this context, means a major essential component
+
-(kernel, window system, and so on) of the specific operating system
+   5. Submission of Contributions. Unless You explicitly state otherwise,
-(if any) on which the executable work runs, or a compiler used to
+      any Contribution intentionally submitted for inclusion in the Work
-produce the work, or an object code interpreter used to run it.
+      by You to the Licensor shall be under the terms and conditions of
-
+      this License, without any additional terms or conditions.
-  The "Corresponding Source" for a work in object code form means all
+      Notwithstanding the above, nothing herein shall supersede or modify
-the source code needed to generate, install, and (for an executable
+      the terms of any separate license agreement you may have executed
-work) run the object code and to modify the work, including scripts to
+      with Licensor regarding such Contributions.
-control those activities.  However, it does not include the work's
+
-System Libraries, or general-purpose tools or generally available free
+   6. Trademarks. This License does not grant permission to use the trade
-programs which are used unmodified in performing those activities but
+      names, trademarks, service marks, or product names of the Licensor,
-which are not part of the work.  For example, Corresponding Source
+      except as required for reasonable and customary use in describing the
-includes interface definition files associated with source files for
+      origin of the Work and reproducing the content of the NOTICE file.
-the work, and the source code for shared libraries and dynamically
+
-linked subprograms that the work is specifically designed to require,
+   7. Disclaimer of Warranty. Unless required by applicable law or
-such as by intimate data communication or control flow between those
+      agreed to in writing, Licensor provides the Work (and each
-subprograms and other parts of the work.
+      Contributor provides its Contributions) on an "AS IS" BASIS,
-
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-  The Corresponding Source need not include anything that users
+      implied, including, without limitation, any warranties or conditions
-can regenerate automatically from other parts of the Corresponding
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-Source.
+      PARTICULAR PURPOSE. You are solely responsible for determining the
-
+      appropriateness of using or redistributing the Work and assume any
-  The Corresponding Source for a work in source code form is that
+      risks associated with Your exercise of permissions under this License.
-same work.
+
-
+   8. Limitation of Liability. In no event and under no legal theory,
-  2. Basic Permissions.
+      whether in tort (including negligence), contract, or otherwise,
-
+      unless required by applicable law (such as deliberate and grossly
-  All rights granted under this License are granted for the term of
+      negligent acts) or agreed to in writing, shall any Contributor be
-copyright on the Program, and are irrevocable provided the stated
+      liable to You for damages, including any direct, indirect, special,
-conditions are met.  This License explicitly affirms your unlimited
+      incidental, or consequential damages of any character arising as a
-permission to run the unmodified Program.  The output from running a
+      result of this License or out of the use or inability to use the
-covered work is covered by this License only if the output, given its
+      Work (including but not limited to damages for loss of goodwill,
-content, constitutes a covered work.  This License acknowledges your
+      work stoppage, computer failure or malfunction, or any and all
-rights of fair use or other equivalent, as provided by copyright law.
+      other commercial damages or losses), even if such Contributor
-
+      has been advised of the possibility of such damages.
-  You may make, run and propagate covered works that you do not
+
-convey, without conditions so long as your license otherwise remains
+   9. Accepting Warranty or Additional Liability. While redistributing
-in force.  You may convey covered works to others for the sole purpose
+      the Work or Derivative Works thereof, You may choose to offer,
-of having them make modifications exclusively for you, or provide you
+      and charge a fee for, acceptance of support, warranty, indemnity,
-with facilities for running those works, provided that you comply with
+      or other liability obligations and/or rights consistent with this
-the terms of this License in conveying all material for which you do
+      License. However, in accepting such obligations, You may act only
-not control copyright.  Those thus making or running the covered works
+      on Your own behalf and on Your sole responsibility, not on behalf
-for you must do so exclusively on your behalf, under your direction
+      of any other Contributor, and only if You agree to indemnify,
-and control, on terms that prohibit them from making any copies of
+      defend, and hold each Contributor harmless for any liability
-your copyrighted material outside their relationship with you.
+      incurred by, or claims asserted against, such Contributor by reason
-
+      of your accepting any such warranty or additional liability.
-  Conveying under any other circumstances is permitted solely under
+
-the conditions stated below.  Sublicensing is not allowed; section 10
+   END OF TERMS AND CONDITIONS
-makes it unnecessary.
+
-
+   APPENDIX: How to apply the Apache License to your work.
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
-
+      To apply the Apache License to your work, attach the following
-  No covered work shall be deemed part of an effective technological
+      boilerplate notice, with the fields enclosed by brackets "[]"
-measure under any applicable law fulfilling obligations under article
+      replaced with your own identifying information. (Don't include
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
+      the brackets!)  The text should be enclosed in the appropriate
-similar laws prohibiting or restricting circumvention of such
+      comment syntax for the file format. We also recommend that a
-measures.
+      file or class name and description of purpose be included on the
-
+      same "printed page" as the copyright notice for easier
-  When you convey a covered work, you waive any legal power to forbid
+      identification within third-party archives.
-circumvention of technological measures to the extent such circumvention
+
-is effected by exercising rights under this License with respect to
+   Copyright [yyyy] [name of copyright owner]
-the covered work, and you disclaim any intention to limit operation or
+
-modification of the work as a means of enforcing, against the work's
+   Licensed under the Apache License, Version 2.0 (the "License");
-users, your or third parties' legal rights to forbid circumvention of
+   you may not use this file except in compliance with the License.
-technological measures.
+   You may obtain a copy of the License at
-
+
-  4. Conveying Verbatim Copies.
+       http://www.apache.org/licenses/LICENSE-2.0
-
+
-  You may convey verbatim copies of the Program's source code as you
+   Unless required by applicable law or agreed to in writing, software
-receive it, in any medium, provided that you conspicuously and
+   distributed under the License is distributed on an "AS IS" BASIS,
-appropriately publish on each copy an appropriate copyright notice;
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-keep intact all notices stating that this License and any
+   See the License for the specific language governing permissions and
-non-permissive terms added in accord with section 7 apply to the code;
+   limitations under the License.
 keep intact all notices of the absence of any warranty; and give all
 recipients a copy of this License along with the Program.
  You may charge any price or no price for each copy that you convey,
 and you may offer support or warranty protection for a fee.
  5. Conveying Modified Source Versions.
  You may convey a work based on the Program, or the modifications to
 produce it from the Program, in the form of source code under the
 terms of section 4, provided that you also meet all of these conditions:
    a) The work must carry prominent notices stating that you modified
    it, and giving a relevant date.
    b) The work must carry prominent notices stating that it is
    released under this License and any conditions added under section
    7.  This requirement modifies the requirement in section 4 to
    "keep intact all notices".
    c) You must license the entire work, as a whole, under this
    License to anyone who comes into possession of a copy.  This
    License will therefore apply, along with any applicable section 7
    additional terms, to the whole of the work, and all its parts,
    regardless of how they are packaged.  This License gives no
    permission to license the work in any other way, but it does not
    invalidate such permission if you have separately received it.
    d) If the work has interactive user interfaces, each must display
    Appropriate Legal Notices; however, if the Program has interactive
    interfaces that do not display Appropriate Legal Notices, your
    work need not make them do so.
  A compilation of a covered work with other separate and independent
 works, which are not by their nature extensions of the covered work,
 and which are not combined with it such as to form a larger program,
 in or on a volume of a storage or distribution medium, is called an
 "aggregate" if the compilation and its resulting copyright are not
 used to limit the access or legal rights of the compilation's users
 beyond what the individual works permit.  Inclusion of a covered work
 in an aggregate does not cause this License to apply to the other
 parts of the aggregate.
  6. Conveying Non-Source Forms.
  You may convey a covered work in object code form under the terms
 of sections 4 and 5, provided that you also convey the
 machine-readable Corresponding Source under the terms of this License,
 in one of these ways:
    a) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by the
    Corresponding Source fixed on a durable physical medium
    customarily used for software interchange.
    b) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by a
    written offer, valid for at least three years and valid for as
    long as you offer spare parts or customer support for that product
    model, to give anyone who possesses the object code either (1) a
    copy of the Corresponding Source for all the software in the
    product that is covered by this License, on a durable physical
    medium customarily used for software interchange, for a price no
    more than your reasonable cost of physically performing this
    conveying of source, or (2) access to copy the
    Corresponding Source from a network server at no charge.
    c) Convey individual copies of the object code with a copy of the
    written offer to provide the Corresponding Source.  This
    alternative is allowed only occasionally and noncommercially, and
    only if you received the object code with such an offer, in accord
    with subsection 6b.
    d) Convey the object code by offering access from a designated
    place (gratis or for a charge), and offer equivalent access to the
    Corresponding Source in the same way through the same place at no
    further charge.  You need not require recipients to copy the
    Corresponding Source along with the object code.  If the place to
    copy the object code is a network server, the Corresponding Source
    may be on a different server (operated by you or a third party)
    that supports equivalent copying facilities, provided you maintain
    clear directions next to the object code saying where to find the
    Corresponding Source.  Regardless of what server hosts the
    Corresponding Source, you remain obligated to ensure that it is
    available for as long as needed to satisfy these requirements.
    e) Convey the object code using peer-to-peer transmission, provided
    you inform other peers where the object code and Corresponding
    Source of the work are being offered to the general public at no
    charge under subsection 6d.
  A separable portion of the object code, whose source code is excluded
 from the Corresponding Source as a System Library, need not be
 included in conveying the object code work.
  A "User Product" is either (1) a "consumer product", which means any
 tangible personal property which is normally used for personal, family,
 or household purposes, or (2) anything designed or sold for incorporation
 into a dwelling.  In determining whether a product is a consumer product,
 doubtful cases shall be resolved in favor of coverage.  For a particular
 product received by a particular user, "normally used" refers to a
 typical or common use of that class of product, regardless of the status
 of the particular user or of the way in which the particular user
 actually uses, or expects or is expected to use, the product.  A product
 is a consumer product regardless of whether the product has substantial
 commercial, industrial or non-consumer uses, unless such uses represent
 the only significant mode of use of the product.
  "Installation Information" for a User Product means any methods,
 procedures, authorization keys, or other information required to install
 and execute modified versions of a covered work in that User Product from
 a modified version of its Corresponding Source.  The information must
 suffice to ensure that the continued functioning of the modified object
 code is in no case prevented or interfered with solely because
 modification has been made.
  If you convey an object code work under this section in, or with, or
 specifically for use in, a User Product, and the conveying occurs as
 part of a transaction in which the right of possession and use of the
 User Product is transferred to the recipient in perpetuity or for a
 fixed term (regardless of how the transaction is characterized), the
 Corresponding Source conveyed under this section must be accompanied
 by the Installation Information.  But this requirement does not apply
 if neither you nor any third party retains the ability to install
 modified object code on the User Product (for example, the work has
 been installed in ROM).
  The requirement to provide Installation Information does not include a
 requirement to continue to provide support service, warranty, or updates
 for a work that has been modified or installed by the recipient, or for
 the User Product in which it has been modified or installed.  Access to a
 network may be denied when the modification itself materially and
 adversely affects the operation of the network or violates the rules and
 protocols for communication across the network.
  Corresponding Source conveyed, and Installation Information provided,
 in accord with this section must be in a format that is publicly
 documented (and with an implementation available to the public in
 source code form), and must require no special password or key for
 unpacking, reading or copying.
  7. Additional Terms.
  "Additional permissions" are terms that supplement the terms of this
 License by making exceptions from one or more of its conditions.
 Additional permissions that are applicable to the entire Program shall
 be treated as though they were included in this License, to the extent
 that they are valid under applicable law.  If additional permissions
 apply only to part of the Program, that part may be used separately
 under those permissions, but the entire Program remains governed by
 this License without regard to the additional permissions.
  When you convey a copy of a covered work, you may at your option
 remove any additional permissions from that copy, or from any part of
 it.  (Additional permissions may be written to require their own
 removal in certain cases when you modify the work.)  You may place
 additional permissions on material, added by you to a covered work,
 for which you have or can give appropriate copyright permission.
  Notwithstanding any other provision of this License, for material you
 add to a covered work, you may (if authorized by the copyright holders of
 that material) supplement the terms of this License with terms:
    a) Disclaiming warranty or limiting liability differently from the
    terms of sections 15 and 16 of this License; or
    b) Requiring preservation of specified reasonable legal notices or
    author attributions in that material or in the Appropriate Legal
    Notices displayed by works containing it; or
    c) Prohibiting misrepresentation of the origin of that material, or
    requiring that modified versions of such material be marked in
    reasonable ways as different from the original version; or
    d) Limiting the use for publicity purposes of names of licensors or
    authors of the material; or
    e) Declining to grant rights under trademark law for use of some
    trade names, trademarks, or service marks; or
    f) Requiring indemnification of licensors and authors of that
    material by anyone who conveys the material (or modified versions of
    it) with contractual assumptions of liability to the recipient, for
    any liability that these contractual assumptions directly impose on
    those licensors and authors.
  All other non-permissive additional terms are considered "further
 restrictions" within the meaning of section 10.  If the Program as you
 received it, or any part of it, contains a notice stating that it is
 governed by this License along with a term that is a further
 restriction, you may remove that term.  If a license document contains
 a further restriction but permits relicensing or conveying under this
 License, you may add to a covered work material governed by the terms
 of that license document, provided that the further restriction does
 not survive such relicensing or conveying.
  If you add terms to a covered work in accord with this section, you
 must place, in the relevant source files, a statement of the
 additional terms that apply to those files, or a notice indicating
 where to find the applicable terms.
  Additional terms, permissive or non-permissive, may be stated in the
 form of a separately written license, or stated as exceptions;
 the above requirements apply either way.
  8. Termination.
  You may not propagate or modify a covered work except as expressly
 provided under this License.  Any attempt otherwise to propagate or
 modify it is void, and will automatically terminate your rights under
 this License (including any patent licenses granted under the third
 paragraph of section 11).
  However, if you cease all violation of this License, then your
 license from a particular copyright holder is reinstated (a)
 provisionally, unless and until the copyright holder explicitly and
 finally terminates your license, and (b) permanently, if the copyright
 holder fails to notify you of the violation by some reasonable means
 prior to 60 days after the cessation.
  Moreover, your license from a particular copyright holder is
 reinstated permanently if the copyright holder notifies you of the
 violation by some reasonable means, this is the first time you have
 received notice of violation of this License (for any work) from that
 copyright holder, and you cure the violation prior to 30 days after
 your receipt of the notice.
  Termination of your rights under this section does not terminate the
 licenses of parties who have received copies or rights from you under
 this License.  If your rights have been terminated and not permanently
 reinstated, you do not qualify to receive new licenses for the same
 material under section 10.
  9. Acceptance Not Required for Having Copies.
  You are not required to accept this License in order to receive or
 run a copy of the Program.  Ancillary propagation of a covered work
 occurring solely as a consequence of using peer-to-peer transmission
 to receive a copy likewise does not require acceptance.  However,
 nothing other than this License grants you permission to propagate or
 modify any covered work.  These actions infringe copyright if you do
 not accept this License.  Therefore, by modifying or propagating a
 covered work, you indicate your acceptance of this License to do so.
  10. Automatic Licensing of Downstream Recipients.
  Each time you convey a covered work, the recipient automatically
 receives a license from the original licensors, to run, modify and
 propagate that work, subject to this License.  You are not responsible
 for enforcing compliance by third parties with this License.
  An "entity transaction" is a transaction transferring control of an
 organization, or substantially all assets of one, or subdividing an
 organization, or merging organizations.  If propagation of a covered
 work results from an entity transaction, each party to that
 transaction who receives a copy of the work also receives whatever
 licenses to the work the party's predecessor in interest had or could
 give under the previous paragraph, plus a right to possession of the
 Corresponding Source of the work from the predecessor in interest, if
 the predecessor has it or can get it with reasonable efforts.
  You may not impose any further restrictions on the exercise of the
 rights granted or affirmed under this License.  For example, you may
 not impose a license fee, royalty, or other charge for exercise of
 rights granted under this License, and you may not initiate litigation
 (including a cross-claim or counterclaim in a lawsuit) alleging that
 any patent claim is infringed by making, using, selling, offering for
 sale, or importing the Program or any portion of it.
  11. Patents.
  A "contributor" is a copyright holder who authorizes use under this
 License of the Program or a work on which the Program is based.  The
 work thus licensed is called the contributor's "contributor version".
  A contributor's "essential patent claims" are all patent claims
 owned or controlled by the contributor, whether already acquired or
 hereafter acquired, that would be infringed by some manner, permitted
 by this License, of making, using, or selling its contributor version,
 but do not include claims that would be infringed only as a
 consequence of further modification of the contributor version.  For
 purposes of this definition, "control" includes the right to grant
 patent sublicenses in a manner consistent with the requirements of
 this License.
  Each contributor grants you a non-exclusive, worldwide, royalty-free
 patent license under the contributor's essential patent claims, to
 make, use, sell, offer for sale, import and otherwise run, modify and
 propagate the contents of its contributor version.
  In the following three paragraphs, a "patent license" is any express
 agreement or commitment, however denominated, not to enforce a patent
 (such as an express permission to practice a patent or covenant not to
 sue for patent infringement).  To "grant" such a patent license to a
 party means to make such an agreement or commitment not to enforce a
 patent against the party.
  If you convey a covered work, knowingly relying on a patent license,
 and the Corresponding Source of the work is not available for anyone
 to copy, free of charge and under the terms of this License, through a
 publicly available network server or other readily accessible means,
 then you must either (1) cause the Corresponding Source to be so
 available, or (2) arrange to deprive yourself of the benefit of the
 patent license for this particular work, or (3) arrange, in a manner
 consistent with the requirements of this License, to extend the patent
 license to downstream recipients.  "Knowingly relying" means you have
 actual knowledge that, but for the patent license, your conveying the
 covered work in a country, or your recipient's use of the covered work
 in a country, would infringe one or more identifiable patents in that
 country that you have reason to believe are valid.
  If, pursuant to or in connection with a single transaction or
 arrangement, you convey, or propagate by procuring conveyance of, a
 covered work, and grant a patent license to some of the parties
 receiving the covered work authorizing them to use, propagate, modify
 or convey a specific copy of the covered work, then the patent license
 you grant is automatically extended to all recipients of the covered
 work and works based on it.
  A patent license is "discriminatory" if it does not include within
 the scope of its coverage, prohibits the exercise of, or is
 conditioned on the non-exercise of one or more of the rights that are
 specifically granted under this License.  You may not convey a covered
 work if you are a party to an arrangement with a third party that is
 in the business of distributing software, under which you make payment
 to the third party based on the extent of your activity of conveying
 the work, and under which the third party grants, to any of the
 parties who would receive the covered work from you, a discriminatory
 patent license (a) in connection with copies of the covered work
 conveyed by you (or copies made from those copies), or (b) primarily
 for and in connection with specific products or compilations that
 contain the covered work, unless you entered into that arrangement,
 or that patent license was granted, prior to 28 March 2007.
  Nothing in this License shall be construed as excluding or limiting
 any implied license or other defenses to infringement that may
 otherwise be available to you under applicable patent law.
  12. No Surrender of Others' Freedom.
  If conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot convey a
 covered work so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you may
 not convey it at all.  For example, if you agree to terms that obligate you
 to collect a royalty for further conveying from those to whom you convey
 the Program, the only way you could satisfy both those terms and this
 License would be to refrain entirely from conveying the Program.
  13. Use with the GNU Affero General Public License.
  Notwithstanding any other provision of this License, you have
 permission to link or combine any covered work with a work licensed
 under version 3 of the GNU Affero General Public License into a single
 combined work, and to convey the resulting work.  The terms of this
 License will continue to apply to the part which is the covered work,
 but the special requirements of the GNU Affero General Public License,
 section 13, concerning interaction through a network will apply to the
 combination as such.
  14. Revised Versions of this License.
  The Free Software Foundation may publish revised and/or new versions of
 the GNU General Public License from time to time.  Such new versions will
 be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
  Each version is given a distinguishing version number.  If the
 Program specifies that a certain numbered version of the GNU General
 Public License "or any later version" applies to it, you have the
 option of following the terms and conditions either of that numbered
 version or of any later version published by the Free Software
 Foundation.  If the Program does not specify a version number of the
 GNU General Public License, you may choose any version ever published
 by the Free Software Foundation.
  If the Program specifies that a proxy can decide which future
 versions of the GNU General Public License can be used, that proxy's
 public statement of acceptance of a version permanently authorizes you
 to choose that version for the Program.
  Later license versions may give you additional or different
 permissions.  However, no additional obligations are imposed on any
 author or copyright holder as a result of your choosing to follow a
 later version.
  15. Disclaimer of Warranty.
  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
 APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
 HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
 OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
 IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
 ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
  16. Limitation of Liability.
  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
 THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
 GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
 USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
 DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
 PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
 EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGES.
  17. Interpretation of Sections 15 and 16.
  If the disclaimer of warranty and limitation of liability provided
 above cannot be given local legal effect according to their terms,
 reviewing courts shall apply local law that most closely approximates
 an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
                     END OF TERMS AND CONDITIONS
            How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
 free software which everyone can redistribute and change under these terms.
  To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 Also add information on how to contact you by electronic and paper mail.
  If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
    <program>  Copyright (C) <year>  <name of author>
    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, your program's commands
 might be different; for a GUI interface, you would use an "about box".
  You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
 <https://www.gnu.org/licenses/>.
  The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
 <https://www.gnu.org/licenses/why-not-lgpl.html>.
--- a/README.md
+++ b/README.md
@@ -10,17 +10,23 @@ network settings or installing and updating software.
 ## Installation
-Installation instructions can be found at https://home-assistant.io/hassio.
+Installation instructions can be found at https://home-assistant.io/getting-started.
 ## Development
-The development of the Supervisor is not difficult but tricky.
+For small changes and bugfixes you can just follow this, but for significant changes open a RFC first.
 Development instructions can be found [here][development].
- You can use the builder to create your Supervisor: https://github.com/home-assistant/hassio-builder
+## Release
 - Access a HassOS device or VM and pull your Supervisor.
 - Set the developer modus with the CLI tool: `ha supervisor options --channel=dev`
 - Tag it as `homeassistant/xy-hassio-supervisor:latest`
 - Restart the service with `systemctl restart hassos-supervisor | journalctl -fu hassos-supervisor`
 - Test your changes
-For small bugfixes or improvements, make a PR. For significant changes open a RFC first, please. Thanks.
+Releases are done in 3 stages (channels) with this structure:
 1. Pull requests are merged to the `main` branch.
 2. A new build is pushed to the `dev` stage.
 3. Releases are published.
 4. A new build is pushed to the `beta` stage.
 5. The [`stable.json`][stable] file is updated.
 6. The build that was pushed to `beta` will now be pushed to `stable`.
 [development]: https://developers.home-assistant.io/docs/supervisor/development
 [stable]: https://github.com/home-assistant/version/blob/master/stable.json
--- a/azure-pipelines-ci.yml
+++ b/azure-pipelines-ci.yml
@@ -1,52 +0,0 @@
 # https://dev.azure.com/home-assistant
 trigger:
  batch: true
  branches:
    include:
      - master
      - dev
 pr:
  - dev
 variables:
  - name: versionHadolint
    value: "v1.16.3"
 jobs:
  - job: "Tox"
    pool:
      vmImage: "ubuntu-latest"
    steps:
      - script: |
          sudo apt-get update
          sudo apt-get install -y libpulse0 libudev1
        displayName: "Install Host library"
      - task: UsePythonVersion@0
        displayName: "Use Python 3.7"
        inputs:
          versionSpec: "3.7"
      - script: pip install tox
        displayName: "Install Tox"
      - script: tox
        displayName: "Run Tox"
  - job: "JQ"
    pool:
      vmImage: "ubuntu-latest"
    steps:
      - script: sudo apt-get install -y jq
        displayName: "Install JQ"
      - bash: |
          shopt -s globstar
          cat **/*.json | jq '.'
        displayName: "Run JQ"
  - job: "Hadolint"
    pool:
      vmImage: "ubuntu-latest"
    steps:
      - script: sudo docker pull hadolint/hadolint:$(versionHadolint)
        displayName: "Install Hadolint"
      - script: |
          sudo docker run --rm -i \
            -v $(pwd)/.hadolint.yaml:/.hadolint.yaml:ro \
            hadolint/hadolint:$(versionHadolint) < Dockerfile
        displayName: "Run Hadolint"
--- a/azure-pipelines-release.yml
+++ b/azure-pipelines-release.yml
@@ -1,53 +0,0 @@
 # https://dev.azure.com/home-assistant
 trigger:
  batch: true
  branches:
    include:
      - dev
  tags:
    include:
      - "*"
 pr: none
 variables:
  - name: versionBuilder
    value: "7.0"
  - group: docker
 jobs:
  - job: "VersionValidate"
    pool:
      vmImage: "ubuntu-latest"
    steps:
      - task: UsePythonVersion@0
        displayName: "Use Python 3.7"
        inputs:
          versionSpec: "3.7"
      - script: |
          setup_version="$(python setup.py -V)"
          branch_version="$(Build.SourceBranchName)"
          if [ "${branch_version}" == "dev" ]; then
            exit 0
          elif [ "${setup_version}" != "${branch_version}" ]; then
            echo "Version of tag ${branch_version} don't match with ${setup_version}!"
            exit 1
          fi
        displayName: "Check version of branch/tag"
  - job: "Release"
    dependsOn:
      - "VersionValidate"
    pool:
      vmImage: "ubuntu-latest"
    steps:
      - script: sudo docker login -u $(dockerUser) -p $(dockerPassword)
        displayName: "Docker hub login"
      - script: sudo docker pull homeassistant/amd64-builder:$(versionBuilder)
        displayName: "Install Builder"
      - script: |
          sudo docker run --rm --privileged \
            -v ~/.docker:/root/.docker \
            -v /run/docker.sock:/run/docker.sock:rw -v $(pwd):/data:ro \
            homeassistant/amd64-builder:$(versionBuilder) \
            --generic $(Build.SourceBranchName) --all -t /data
        displayName: "Build Release"
--- a/azure-pipelines-wheels.yml
+++ b/azure-pipelines-wheels.yml
@@ -1,26 +0,0 @@
 # https://dev.azure.com/home-assistant
 trigger:
  batch: true
  branches:
    include:
      - dev
 pr: none
 variables:
  - name: versionWheels
    value: '1.6.1-3.7-alpine3.11'
 resources:
  repositories:
    - repository: azure
      type: github
      name: 'home-assistant/ci-azure'
      endpoint: 'home-assistant'
 jobs:
 - template: templates/azp-job-wheels.yaml@azure
  parameters:
    builderVersion: '$(versionWheels)'
    builderApk: 'build-base;libffi-dev;openssl-dev'
    builderPip: 'Cython'
    wheelsRequirement: 'requirements.txt'
--- a/build.json
+++ b/build.json
@@ -1,13 +0,0 @@
 {
  "image": "homeassistant/{arch}-hassio-supervisor",
  "build_from": {
    "aarch64": "homeassistant/aarch64-base-python:3.7-alpine3.11",
    "armhf": "homeassistant/armhf-base-python:3.7-alpine3.11",
    "armv7": "homeassistant/armv7-base-python:3.7-alpine3.11",
    "amd64": "homeassistant/amd64-base-python:3.7-alpine3.11",
    "i386": "homeassistant/i386-base-python:3.7-alpine3.11"
  },
  "labels": {
    "io.hass.type": "supervisor"
  }
 }
--- a/build.yaml
+++ b/build.yaml
@@ -0,0 +1,24 @@
 image: ghcr.io/home-assistant/{arch}-hassio-supervisor
 build_from:
  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.12-alpine3.18
  armhf: ghcr.io/home-assistant/armhf-base-python:3.12-alpine3.18
  armv7: ghcr.io/home-assistant/armv7-base-python:3.12-alpine3.18
  amd64: ghcr.io/home-assistant/amd64-base-python:3.12-alpine3.18
  i386: ghcr.io/home-assistant/i386-base-python:3.12-alpine3.18
 codenotary:
  signer: notary@home-assistant.io
  base_image: notary@home-assistant.io
 cosign:
  base_identity: https://github.com/home-assistant/docker-base/.*
  identity: https://github.com/home-assistant/supervisor/.*
 args:
  COSIGN_VERSION: 2.0.2
 labels:
  io.hass.type: supervisor
  org.opencontainers.image.title: Home Assistant Supervisor
  org.opencontainers.image.description: Container-based system for managing Home Assistant Core installation
  org.opencontainers.image.source: https://github.com/home-assistant/supervisor
  org.opencontainers.image.authors: The Home Assistant Authors
  org.opencontainers.image.url: https://www.home-assistant.io/
  org.opencontainers.image.documentation: https://www.home-assistant.io/docs/
  org.opencontainers.image.licenses: Apache License 2.0
--- a/codecov.yaml
+++ b/codecov.yaml
@@ -0,0 +1,11 @@
 codecov:
  branch: dev
 coverage:
  status:
    project:
      default:
        target: 40
        threshold: 0.09
 comment: false
 github_checks:
    annotations: false
--- a/2
+++ b/2
--- a/46
+++ b/46
@@ -1,46 +0,0 @@
 [MASTER]
 reports=no
 jobs=2
 good-names=id,i,j,k,ex,Run,_,fp,T
 # Reasons disabled:
 # format - handled by black
 # locally-disabled - it spams too much
 # duplicate-code - unavoidable
 # cyclic-import - doesn't test if both import on load
 # abstract-class-little-used - prevents from setting right foundation
 # abstract-class-not-used - is flaky, should not show up but does
 # unused-argument - generic callbacks and setup methods create a lot of warnings
 # redefined-variable-type - this is Python, we're duck typing!
 # too-many-* - are not enforced for the sake of readability
 # too-few-* - same as too-many-*
 # abstract-method - with intro of async there are always methods missing
 disable=
  format,
  abstract-class-little-used,
  abstract-method,
  cyclic-import,
  duplicate-code,
  locally-disabled,
  no-else-return,
  no-self-use,
  not-context-manager,
  redefined-variable-type,
  too-few-public-methods,
  too-many-arguments,
  too-many-branches,
  too-many-instance-attributes,
  too-many-lines,
  too-many-locals,
  too-many-public-methods,
  too-many-return-statements,
  too-many-statements,
  unused-argument,
 [EXCEPTIONS]
 overgeneral-exceptions=Exception
 [TYPECHECK]
 ignored-modules = distutils
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,112 @@
 [build-system]
 requires = ["setuptools~=68.0.0", "wheel~=0.40.0"]
 build-backend = "setuptools.build_meta"
 [project]
 name = "Supervisor"
 dynamic = ["version", "dependencies"]
 license = { text = "Apache-2.0" }
 description = "Open-source private cloud os for Home-Assistant based on HassOS"
 readme = "README.md"
 authors = [
    { name = "The Home Assistant Authors", email = "hello@home-assistant.io" },
 ]
 keywords = ["docker", "home-assistant", "api"]
 requires-python = ">=3.12.0"
 [project.urls]
 "Homepage" = "https://www.home-assistant.io/"
 "Source Code" = "https://github.com/home-assistant/supervisor"
 "Bug Reports" = "https://github.com/home-assistant/supervisor/issues"
 "Docs: Dev" = "https://developers.home-assistant.io/"
 "Discord" = "https://www.home-assistant.io/join-chat/"
 "Forum" = "https://community.home-assistant.io/"
 [tool.setuptools]
 platforms = ["any"]
 zip-safe = false
 include-package-data = true
 [tool.setuptools.packages.find]
 include = ["supervisor*"]
 [tool.pylint.MAIN]
 py-version = "3.11"
 # Use a conservative default here; 2 should speed up most setups and not hurt
 # any too bad. Override on command line as appropriate.
 jobs = 2
 persistent = false
 extension-pkg-allow-list = ["ciso8601"]
 [tool.pylint.BASIC]
 class-const-naming-style = "any"
 good-names = ["id", "i", "j", "k", "ex", "Run", "_", "fp", "T", "os"]
 [tool.pylint."MESSAGES CONTROL"]
 # Reasons disabled:
 # format - handled by black
 # abstract-method - with intro of async there are always methods missing
 # cyclic-import - doesn't test if both import on load
 # duplicate-code - unavoidable
 # locally-disabled - it spams too much
 # too-many-* - are not enforced for the sake of readability
 # too-few-* - same as too-many-*
 # unused-argument - generic callbacks and setup methods create a lot of warnings
 disable = [
    "format",
    "abstract-method",
    "cyclic-import",
    "duplicate-code",
    "locally-disabled",
    "no-else-return",
    "not-context-manager",
    "too-few-public-methods",
    "too-many-arguments",
    "too-many-branches",
    "too-many-instance-attributes",
    "too-many-lines",
    "too-many-locals",
    "too-many-public-methods",
    "too-many-return-statements",
    "too-many-statements",
    "unused-argument",
    "consider-using-with",
 ]
 [tool.pylint.REPORTS]
 score = false
 [tool.pylint.TYPECHECK]
 ignored-modules = ["distutils"]
 [tool.pylint.FORMAT]
 expected-line-ending-format = "LF"
 [tool.pylint.EXCEPTIONS]
 overgeneral-exceptions = ["builtins.BaseException", "builtins.Exception"]
 [tool.pytest.ini_options]
 testpaths = ["tests"]
 norecursedirs = [".git"]
 log_format = "%(asctime)s.%(msecs)03d %(levelname)-8s %(threadName)s %(name)s:%(filename)s:%(lineno)s %(message)s"
 log_date_format = "%Y-%m-%d %H:%M:%S"
 asyncio_mode = "auto"
 filterwarnings = [
    "error",
    "ignore:pkg_resources is deprecated as an API:DeprecationWarning:dirhash",
    "ignore::pytest.PytestUnraisableExceptionWarning",
 ]
 [tool.isort]
 multi_line_output = 3
 include_trailing_comma = true
 force_grid_wrap = 0
 line_length = 88
 indent = "    "
 force_sort_within_sections = true
 sections = ["FUTURE", "STDLIB", "THIRDPARTY", "FIRSTPARTY", "LOCALFOLDER"]
 default_section = "THIRDPARTY"
 forced_separate = "tests"
 combine_as_imports = true
 use_parentheses = true
 known_first_party = ["supervisor", "tests"]
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,18 +1,30 @@
-aiohttp==3.6.1
+aiodns==3.1.1
-async_timeout==3.0.1
+aiohttp==3.9.1
-attrs==19.3.0
+aiohttp-fast-url-dispatcher==0.3.0
-cchardet==2.1.6
+async_timeout==4.0.3
-colorlog==4.1.0
+atomicwrites-homeassistant==1.4.1
 attrs==23.2.0
 awesomeversion==23.11.0
 brotli==1.1.0
 ciso8601==2.3.1
 colorlog==6.8.0
 cpe==1.2.1
-cryptography==2.9.2
+cryptography==41.0.7
-docker==4.2.1
+debugpy==1.8.0
-gitpython==3.1.3
+deepmerge==1.1.1
-jinja2==2.11.2
+dirhash==0.2.1
-packaging==20.4
+docker==7.0.0
-ptvsd==4.3.2
+faust-cchardet==2.1.19
-pulsectl==20.5.1
+gitpython==3.1.41
-pytz==2020.1
+jinja2==3.1.3
-pyudev==0.22.0
+orjson==3.9.10
-ruamel.yaml==0.15.100
+pulsectl==23.5.2
-uvloop==0.14.0
+pyudev==0.24.1
-voluptuous==0.11.7
+PyYAML==6.0.1
 securetar==2023.12.0
 sentry-sdk==1.39.2
 setuptools==69.0.3
 voluptuous==0.14.1
 dbus-fast==2.21.0
 typing_extensions==4.9.0
 zlib-fast==0.1.0
--- a/requirements_tests.txt
+++ b/requirements_tests.txt
@@ -1,6 +1,16 @@
-flake8==3.8.3
+black==23.12.1
-pylint==2.5.3
+coverage==7.4.0
-pytest==5.4.3
+flake8-docstrings==1.7.0
-pytest-timeout==1.4.1
+flake8==7.0.0
-pytest-aiohttp==0.3.0
+pre-commit==3.6.0
-black==19.10b0
+pydocstyle==6.3.0
 pylint==3.0.3
 pytest-aiohttp==1.0.5
 pytest-asyncio==0.23.3
 pytest-cov==4.1.0
 pytest-timeout==2.2.0
 pytest==7.4.4
 pyupgrade==3.15.0
 time-machine==2.13.0
 typing_extensions==4.9.0
 urllib3==2.1.0
--- a/rootfs/etc/cont-init.d/udev.sh
+++ b/rootfs/etc/cont-init.d/udev.sh
@@ -2,8 +2,19 @@
 # ==============================================================================
 # Start udev service
 # ==============================================================================
 if bashio::fs.directory_exists /run/udev && ! bashio::fs.file_exists /run/.old_udev; then
    bashio::log.info "Using udev information from host"
    bashio::exit.ok
 fi
 bashio::log.info "Setup udev backend inside container"
 udevd --daemon
-bashio::log.info "Update udev informations"
+bashio::log.info "Update udev information"
-udevadm trigger
+touch /run/.old_udev
-udevadm settle
+if udevadm trigger; then
    udevadm settle || true
 else
    bashio::log.warning "Triggering of udev rules fails!"
 fi
--- a/rootfs/etc/pulse/client.conf
+++ b/rootfs/etc/pulse/client.conf
@@ -26,7 +26,7 @@ autospawn = no
 ; daemon-binary = /usr/bin/pulseaudio
 ; extra-arguments = --log-target=syslog
-; cookie-file =
+cookie-file = /run/pulse-cookie
 ; enable-shm = yes
 ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB
--- a/rootfs/etc/services.d/supervisor/finish
+++ b/rootfs/etc/services.d/supervisor/finish
@@ -1,5 +1,11 @@
-#!/usr/bin/execlineb -S0
+#!/usr/bin/env bashio
 # ==============================================================================
 # Take down the S6 supervision tree when Supervisor fails
 # ==============================================================================
-redirfd -w 2 /dev/null s6-svscanctl -t /var/run/s6/services
+
 if [[ "$1" -ne 100 ]] && [[ "$1" -ne 256 ]]; then
  bashio::log.warning "Halt Supervisor"
  /run/s6/basedir/bin/halt
 fi
 bashio::log.info "Supervisor restart after closing"
--- a/rootfs/etc/services.d/supervisor/run
+++ b/rootfs/etc/services.d/supervisor/run
@@ -1,7 +1,8 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
-# Start Service service
+# Start Supervisor service
 # ==============================================================================
 export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
 export MALLOC_CONF="background_thread:true,metadata_thp:auto"
 exec python3 -m supervisor
--- a/rootfs/etc/services.d/watchdog/finish
+++ b/rootfs/etc/services.d/watchdog/finish
@@ -0,0 +1,11 @@
 #!/usr/bin/env bashio
 # ==============================================================================
 # Take down the S6 supervision tree when Watchdog fails
 # ==============================================================================
 if [[ "$1" -ne 0 ]] && [[ "$1" -ne 256 ]]; then
  bashio::log.warning "Halt Supervisor (Wuff)"
  /run/s6/basedir/bin/halt
 fi
 bashio::log.info "Watchdog restart after closing"
--- a/rootfs/etc/services.d/watchdog/run
+++ b/rootfs/etc/services.d/watchdog/run
@@ -0,0 +1,34 @@
 #!/usr/bin/with-contenv bashio
 # ==============================================================================
 # Start Watchdog service
 # ==============================================================================
 declare failed_count=0
 declare supervisor_state
 bashio::log.info "Starting local supervisor watchdog..."
 while [[ failed_count -lt 2 ]];
 do
    sleep 300
    supervisor_state="$(cat /run/supervisor)"
    if [[ "${supervisor_state}" = "running"  ]]; then
        # Check API
        if bashio::supervisor.ping > /dev/null; then
            failed_count=0
        else
            bashio::log.warning "Maybe found an issue on API healthy"
            ((failed_count++))
        fi
    elif [[  "close stopping" = *"${supervisor_state}"* ]]; then
        bashio::log.warning "Maybe found an issue on shutdown"
        ((failed_count++))
    else
        failed_count=0
    fi
 done
 bashio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"
--- a/scripts/test_env.sh
+++ b/scripts/test_env.sh
@@ -1,133 +0,0 @@
 #!/bin/bash
 set -eE
 DOCKER_TIMEOUT=30
 DOCKER_PID=0
 function start_docker() {
    local starttime
    local endtime
    echo "Starting docker."
    dockerd 2> /dev/null &
    DOCKER_PID=$!
    echo "Waiting for docker to initialize..."
    starttime="$(date +%s)"
    endtime="$(date +%s)"
    until docker info >/dev/null 2>&1; do
        if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
            sleep 1
            endtime=$(date +%s)
        else
            echo "Timeout while waiting for docker to come up"
            exit 1
        fi
    done
    echo "Docker was initialized"
 }
 function stop_docker() {
    local starttime
    local endtime
    echo "Stopping in container docker..."
    if [ "$DOCKER_PID" -gt 0 ] && kill -0 "$DOCKER_PID" 2> /dev/null; then
        starttime="$(date +%s)"
        endtime="$(date +%s)"
        # Now wait for it to die
        kill "$DOCKER_PID"
        while kill -0 "$DOCKER_PID" 2> /dev/null; do
            if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
                sleep 1
                endtime=$(date +%s)
            else
                echo "Timeout while waiting for container docker to die"
                exit 1
            fi
        done
    else
        echo "Your host might have been left with unreleased resources"
    fi
 }
 function build_supervisor() {
    docker pull homeassistant/amd64-builder:dev
    docker run --rm --privileged \
        -v /run/docker.sock:/run/docker.sock -v "$(pwd):/data" \
        homeassistant/amd64-builder:dev \
            --generic dev -t /data --test --amd64 --no-cache
 }
 function cleanup_lastboot() {
    if [[ -f /workspaces/test_supervisor/config.json ]]; then
        echo "Cleaning up last boot"
        cp /workspaces/test_supervisor/config.json /tmp/config.json
        jq -rM 'del(.last_boot)' /tmp/config.json > /workspaces/test_supervisor/config.json
        rm /tmp/config.json
    fi
 }
 function cleanup_docker() {
    echo "Cleaning up stopped containers..."
    docker rm $(docker ps -a -q) || true
 }
 function setup_test_env() {
    mkdir -p /workspaces/test_supervisor
    echo "Start Supervisor"
    docker run --rm --privileged \
        --name hassio_supervisor \
        --security-opt seccomp=unconfined \
        --security-opt apparmor:unconfined \
        -v /run/docker.sock:/run/docker.sock \
        -v /run/dbus:/run/dbus \
        -v "/workspaces/test_supervisor":/data \
        -v /etc/machine-id:/etc/machine-id:ro \
        -e SUPERVISOR_SHARE="/workspaces/test_supervisor" \
        -e SUPERVISOR_NAME=hassio_supervisor \
        -e SUPERVISOR_DEV=1 \
        -e SUPERVISOR_MACHINE="qemux86-64" \
        homeassistant/amd64-hassio-supervisor:latest
 }
 function init_dbus() {
    if pgrep dbus-daemon; then
        echo "Dbus is running"
        return 0
    fi
    echo "Startup dbus"
    mkdir -p /var/lib/dbus
    cp -f /etc/machine-id /var/lib/dbus/machine-id
    # cleanups
    mkdir -p /run/dbus
    rm -f /run/dbus/pid
    # run
    dbus-daemon --system --print-address
 }
 echo "Start Test-Env"
 start_docker
 trap "stop_docker" ERR
 build_supervisor
 cleanup_lastboot
 cleanup_docker
 init_dbus
 setup_test_env
 stop_docker
--- a/scripts/update-frontend.sh
+++ b/scripts/update-frontend.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
 source "/etc/supervisor_scripts/common"
 set -e
 # Update frontend
@@ -9,10 +11,20 @@ cd home-assistant-polymer
 nvm install
 script/bootstrap
 # Download translations
 start_docker
 ./script/translations_download
 # build frontend
 cd hassio
 ./script/build_hassio
 # Copy frontend
-rm -f ../../supervisor/hassio/api/panel/*
+rm -rf ../../supervisor/api/panel/*
 cp -rf build/* ../../supervisor/api/panel/
 # Reset frontend git
 cd ..
 git reset --hard HEAD
 stop_docker
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,18 +1,3 @@
 [isort]
 multi_line_output = 3
 include_trailing_comma=True
 force_grid_wrap=0
 line_length=88
 indent = "    "
 not_skip = __init__.py
 force_sort_within_sections = true
 sections = FUTURE,STDLIB,INBETWEENS,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
 default_section = THIRDPARTY
 forced_separate = tests
 combine_as_imports = true
 use_parentheses = true
 known_first_party = supervisor,tests
 [flake8]
 exclude = .venv,.git,.tox,docs,venv,bin,lib,deps,build
 doctests = True
@@ -28,3 +13,5 @@ ignore =
    E203,
    D202,
    W504
 per-file-ignores =
    tests/dbus_service_mocks/*.py: F821,F722
--- a/setup.py
+++ b/setup.py
@@ -1,44 +1,27 @@
 """Home Assistant Supervisor setup."""
 from pathlib import Path
 import re
 from setuptools import setup
-from supervisor.const import SUPERVISOR_VERSION
+RE_SUPERVISOR_VERSION = re.compile(r"^SUPERVISOR_VERSION =\s*(.+)$")
 SUPERVISOR_DIR = Path(__file__).parent
 REQUIREMENTS_FILE = SUPERVISOR_DIR / "requirements.txt"
 CONST_FILE = SUPERVISOR_DIR / "supervisor/const.py"
 REQUIREMENTS = REQUIREMENTS_FILE.read_text(encoding="utf-8")
 CONSTANTS = CONST_FILE.read_text(encoding="utf-8")
 def _get_supervisor_version():
    for line in CONSTANTS.split("/n"):
        if match := RE_SUPERVISOR_VERSION.match(line):
            return match.group(1)
    return "99.9.9dev"
 setup(
-    name="Supervisor",
+    version=_get_supervisor_version(),
-    version=SUPERVISOR_VERSION,
+    dependencies=REQUIREMENTS.split("/n"),
    license="BSD License",
    author="The Home Assistant Authors",
    author_email="hello@home-assistant.io",
    url="https://home-assistant.io/",
    description=("Open-source private cloud os for Home-Assistant" " based on HassOS"),
    long_description=(
        "A maintainless private cloud operator system that"
        "setup a Home-Assistant instance. Based on HassOS"
    ),
    classifiers=[
        "Intended Audience :: End Users/Desktop",
        "Intended Audience :: Developers",
        "License :: OSI Approved :: Apache Software License",
        "Operating System :: OS Independent",
        "Topic :: Home Automation",
        "Topic :: Software Development :: Libraries :: Python Modules",
        "Topic :: Scientific/Engineering :: Atmospheric Science",
        "Development Status :: 5 - Production/Stable",
        "Intended Audience :: Developers",
        "Programming Language :: Python :: 3.7",
    ],
    keywords=["docker", "home-assistant", "api"],
    zip_safe=False,
    platforms="any",
    packages=[
        "supervisor",
        "supervisor.docker",
        "supervisor.addons",
        "supervisor.api",
        "supervisor.misc",
        "supervisor.utils",
        "supervisor.plugins",
        "supervisor.snapshots",
    ],
    include_package_data=True,
 )
--- a/supervisor/main.py
+++ b/supervisor/main.py
@@ -2,24 +2,31 @@
 import asyncio
 from concurrent.futures import ThreadPoolExecutor
 import logging
 from pathlib import Path
 import sys
-from supervisor import bootstrap
+import zlib_fast
 # Enable fast zlib before importing supervisor
 zlib_fast.enable()
 from supervisor import bootstrap  # noqa: E402
 from supervisor.utils.logging import activate_log_queue_handler  # noqa: E402
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 CONTAINER_OS_STARTUP_CHECK = Path("/run/os/startup-marker")
 def run_os_startup_check_cleanup() -> None:
    """Cleanup OS startup check."""
    if not CONTAINER_OS_STARTUP_CHECK.exists():
        return
 def initialize_event_loop():
    """Attempt to use uvloop."""
    try:
-        # pylint: disable=import-outside-toplevel
+        CONTAINER_OS_STARTUP_CHECK.unlink()
-        import uvloop
+    except OSError as err:
-
+        _LOGGER.warning("Not able to remove the startup health file: %s", err)
        uvloop.install()
    except ImportError:
        pass
    return asyncio.get_event_loop()
 # pylint: disable=invalid-name
@@ -27,7 +34,8 @@ if __name__ == "__main__":
    bootstrap.initialize_logging()
    # Init async event loop
-    loop = initialize_event_loop()
+    loop = asyncio.new_event_loop()
    asyncio.set_event_loop(loop)
    # Check if all information are available to setup Supervisor
    bootstrap.check_environment()
@@ -36,27 +44,30 @@ if __name__ == "__main__":
    executor = ThreadPoolExecutor(thread_name_prefix="SyncWorker")
    loop.set_default_executor(executor)
-    _LOGGER.info("Initialize Supervisor setup")
+    activate_log_queue_handler()
    _LOGGER.info("Initializing Supervisor setup")
    coresys = loop.run_until_complete(bootstrap.initialize_coresys())
    loop.set_debug(coresys.config.debug)
    loop.run_until_complete(coresys.core.connect())
    bootstrap.supervisor_debugger(coresys)
    bootstrap.migrate_system_env(coresys)
-    _LOGGER.info("Setup Supervisor")
+    # Signal health startup for container
    run_os_startup_check_cleanup()
    _LOGGER.info("Setting up Supervisor")
    loop.run_until_complete(coresys.core.setup())
    loop.call_soon_threadsafe(loop.create_task, coresys.core.start())
-    loop.call_soon_threadsafe(bootstrap.reg_signal, loop)
+    loop.call_soon_threadsafe(bootstrap.reg_signal, loop, coresys)
    try:
-        _LOGGER.info("Run Supervisor")
+        _LOGGER.info("Running Supervisor")
        loop.run_forever()
    finally:
        _LOGGER.info("Stopping Supervisor")
        loop.run_until_complete(coresys.core.stop())
        executor.shutdown(wait=False)
        loop.close()
-    _LOGGER.info("Close Supervisor")
+    _LOGGER.info("Closing Supervisor")
-    sys.exit(0)
+    sys.exit(coresys.core.exit_code)
--- a/supervisor/addons/init.py
+++ b/supervisor/addons/init.py
@@ -1,356 +1 @@
 """Init file for Supervisor add-ons."""
 import asyncio
 from contextlib import suppress
 import logging
 import tarfile
 from typing import Dict, List, Optional, Union
 from ..const import BOOT_AUTO, STATE_STARTED, AddonStartup
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import (
    AddonsError,
    AddonsNotSupportedError,
    CoreDNSError,
    DockerAPIError,
    HomeAssistantAPIError,
    HostAppArmorError,
 )
 from ..store.addon import AddonStore
 from .addon import Addon
 from .data import AddonsData
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 AnyAddon = Union[Addon, AddonStore]
 class AddonManager(CoreSysAttributes):
    """Manage add-ons inside Supervisor."""
    def __init__(self, coresys: CoreSys):
        """Initialize Docker base wrapper."""
        self.coresys: CoreSys = coresys
        self.data: AddonsData = AddonsData(coresys)
        self.local: Dict[str, Addon] = {}
        self.store: Dict[str, AddonStore] = {}
    @property
    def all(self) -> List[AnyAddon]:
        """Return a list of all add-ons."""
        addons: Dict[str, AnyAddon] = {**self.store, **self.local}
        return list(addons.values())
    @property
    def installed(self) -> List[Addon]:
        """Return a list of all installed add-ons."""
        return list(self.local.values())
    def get(self, addon_slug: str) -> Optional[AnyAddon]:
        """Return an add-on from slug.
        Prio:
          1 - Local
          2 - Store
        """
        if addon_slug in self.local:
            return self.local[addon_slug]
        return self.store.get(addon_slug)
    def from_token(self, token: str) -> Optional[Addon]:
        """Return an add-on from Supervisor token."""
        for addon in self.installed:
            if token == addon.supervisor_token:
                return addon
        return None
    async def load(self) -> None:
        """Start up add-on management."""
        tasks = []
        for slug in self.data.system:
            addon = self.local[slug] = Addon(self.coresys, slug)
            tasks.append(addon.load())
        # Run initial tasks
        _LOGGER.info("Found %d installed add-ons", len(tasks))
        if tasks:
            await asyncio.wait(tasks)
        # Sync DNS
        await self.sync_dns()
    async def boot(self, stage: AddonStartup) -> None:
        """Boot add-ons with mode auto."""
        tasks: List[Addon] = []
        for addon in self.installed:
            if addon.boot != BOOT_AUTO or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be started
        _LOGGER.info("Phase '%s' start %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Start Add-ons sequential
        # avoid issue on slow IO
        for addon in tasks:
            try:
                await addon.start()
            except Exception as err:  # pylint: disable=broad-except
                _LOGGER.warning("Can't start Add-on %s: %s", addon.slug, err)
        await asyncio.sleep(self.sys_config.wait_boot)
    async def shutdown(self, stage: AddonStartup) -> None:
        """Shutdown addons."""
        tasks: List[Addon] = []
        for addon in self.installed:
            if await addon.state() != STATE_STARTED or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be stopped
        _LOGGER.info("Phase '%s' stop %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Stop Add-ons sequential
        # avoid issue on slow IO
        for addon in tasks:
            try:
                await addon.stop()
            except Exception as err:  # pylint: disable=broad-except
                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
    async def install(self, slug: str) -> None:
        """Install an add-on."""
        if slug in self.local:
            _LOGGER.warning("Add-on %s is already installed", slug)
            return
        store = self.store.get(slug)
        if not store:
            _LOGGER.error("Add-on %s not exists", slug)
            raise AddonsError()
        if not store.available:
            _LOGGER.error("Add-on %s not supported on that platform", slug)
            raise AddonsNotSupportedError()
        self.data.install(store)
        addon = Addon(self.coresys, slug)
        if not addon.path_data.is_dir():
            _LOGGER.info("Create Home Assistant add-on data folder %s", addon.path_data)
            addon.path_data.mkdir()
        # Setup/Fix AppArmor profile
        await addon.install_apparmor()
        try:
            await addon.instance.install(store.version, store.image)
        except DockerAPIError:
            self.data.uninstall(addon)
            raise AddonsError() from None
        else:
            self.local[slug] = addon
            _LOGGER.info("Add-on '%s' successfully installed", slug)
    async def uninstall(self, slug: str) -> None:
        """Remove an add-on."""
        if slug not in self.local:
            _LOGGER.warning("Add-on %s is not installed", slug)
            return
        addon = self.local[slug]
        try:
            await addon.instance.remove()
        except DockerAPIError:
            raise AddonsError() from None
        await addon.remove_data()
        # Cleanup audio settings
        if addon.path_pulse.exists():
            with suppress(OSError):
                addon.path_pulse.unlink()
        # Cleanup AppArmor profile
        with suppress(HostAppArmorError):
            await addon.uninstall_apparmor()
        # Cleanup Ingress panel from sidebar
        if addon.ingress_panel:
            addon.ingress_panel = False
            with suppress(HomeAssistantAPIError):
                await self.sys_ingress.update_hass_panel(addon)
        # Cleanup Ingress dynamic port assignment
        self.sys_ingress.del_dynamic_port(slug)
        # Cleanup discovery data
        for message in self.sys_discovery.list_messages:
            if message.addon != addon.slug:
                continue
            self.sys_discovery.remove(message)
        # Cleanup services data
        for service in self.sys_services.list_services:
            if addon.slug not in service.active:
                continue
            service.del_service_data(addon)
        self.data.uninstall(addon)
        self.local.pop(slug)
        _LOGGER.info("Add-on '%s' successfully removed", slug)
    async def update(self, slug: str) -> None:
        """Update add-on."""
        if slug not in self.local:
            _LOGGER.error("Add-on %s is not installed", slug)
            raise AddonsError()
        addon = self.local[slug]
        if addon.is_detached:
            _LOGGER.error("Add-on %s is not available inside store", slug)
            raise AddonsError()
        store = self.store[slug]
        if addon.version == store.version:
            _LOGGER.warning("No update available for add-on %s", slug)
            return
        # Check if available, Maybe something have changed
        if not store.available:
            _LOGGER.error("Add-on %s not supported on that platform", slug)
            raise AddonsNotSupportedError()
        # Update instance
        last_state = await addon.state()
        try:
            await addon.instance.update(store.version, store.image)
            # Cleanup
            with suppress(DockerAPIError):
                await addon.instance.cleanup()
        except DockerAPIError:
            raise AddonsError() from None
        else:
            self.data.update(store)
            _LOGGER.info("Add-on '%s' successfully updated", slug)
        # Setup/Fix AppArmor profile
        await addon.install_apparmor()
        # restore state
        if last_state == STATE_STARTED:
            await addon.start()
    async def rebuild(self, slug: str) -> None:
        """Perform a rebuild of local build add-on."""
        if slug not in self.local:
            _LOGGER.error("Add-on %s is not installed", slug)
            raise AddonsError()
        addon = self.local[slug]
        if addon.is_detached:
            _LOGGER.error("Add-on %s is not available inside store", slug)
            raise AddonsError()
        store = self.store[slug]
        # Check if a rebuild is possible now
        if addon.version != store.version:
            _LOGGER.error("Version changed, use Update instead Rebuild")
            raise AddonsError()
        if not addon.need_build:
            _LOGGER.error("Can't rebuild a image based add-on")
            raise AddonsNotSupportedError()
        # remove docker container but not addon config
        last_state = await addon.state()
        try:
            await addon.instance.remove()
            await addon.instance.install(addon.version)
        except DockerAPIError:
            raise AddonsError() from None
        else:
            self.data.update(store)
            _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
        # restore state
        if last_state == STATE_STARTED:
            await addon.start()
    async def restore(self, slug: str, tar_file: tarfile.TarFile) -> None:
        """Restore state of an add-on."""
        if slug not in self.local:
            _LOGGER.debug("Add-on %s is not local available for restore", slug)
            addon = Addon(self.coresys, slug)
        else:
            _LOGGER.debug("Add-on %s is local available for restore", slug)
            addon = self.local[slug]
        await addon.restore(tar_file)
        # Check if new
        if slug not in self.local:
            _LOGGER.info("Detect new Add-on after restore %s", slug)
            self.local[slug] = addon
        # Update ingress
        if addon.with_ingress:
            with suppress(HomeAssistantAPIError):
                await self.sys_ingress.update_hass_panel(addon)
    async def repair(self) -> None:
        """Repair local add-ons."""
        needs_repair: List[Addon] = []
        # Evaluate Add-ons to repair
        for addon in self.installed:
            if await addon.instance.exists():
                continue
            needs_repair.append(addon)
        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
        if not needs_repair:
            return
        for addon in needs_repair:
            _LOGGER.info("Start repair for add-on: %s", addon.slug)
            await self.sys_run_in_executor(
                self.sys_docker.network.stale_cleanup, addon.instance.name
            )
            with suppress(DockerAPIError, KeyError):
                # Need pull a image again
                if not addon.need_build:
                    await addon.instance.install(addon.version, addon.image)
                    continue
                # Need local lookup
                if addon.need_build and not addon.is_detached:
                    store = self.store[addon.slug]
                    # If this add-on is available for rebuild
                    if addon.version == store.version:
                        await addon.instance.install(addon.version, addon.image)
                        continue
            _LOGGER.error("Can't repair %s", addon.slug)
            with suppress(AddonsError):
                await self.uninstall(addon.slug)
    async def sync_dns(self) -> None:
        """Sync add-ons DNS names."""
        # Update hosts
        for addon in self.installed:
            if not await addon.instance.is_running():
                continue
            self.sys_plugins.dns.add_host(
                ipv4=addon.ip_address, names=[addon.hostname], write=False
            )
        # Write hosts files
        with suppress(CoreDNSError):
            self.sys_plugins.dns.write_hosts()
--- a/supervisor/addons/addon.py
+++ b/supervisor/addons/addon.py
--- a/supervisor/addons/build.py
+++ b/supervisor/addons/build.py
@@ -1,19 +1,31 @@
 """Supervisor add-on build environment."""
 from __future__ import annotations
 from functools import cached_property
 from pathlib import Path
-from typing import TYPE_CHECKING, Dict
+from typing import TYPE_CHECKING
-from ..const import ATTR_ARGS, ATTR_BUILD_FROM, ATTR_SQUASH, META_ADDON
+from awesomeversion import AwesomeVersion
 from ..const import (
    ATTR_ARGS,
    ATTR_BUILD_FROM,
    ATTR_LABELS,
    ATTR_SQUASH,
    FILE_SUFFIX_CONFIGURATION,
    META_ADDON,
 )
 from ..coresys import CoreSys, CoreSysAttributes
-from ..utils.json import JsonConfig
+from ..docker.interface import MAP_ARCH
 from ..exceptions import ConfigurationFileError, HassioArchNotFound
 from ..utils.common import FileConfiguration, find_one_filetype
 from .validate import SCHEMA_BUILD_CONFIG
 if TYPE_CHECKING:
    from . import AnyAddon
-class AddonBuild(JsonConfig, CoreSysAttributes):
+class AddonBuild(FileConfiguration, CoreSysAttributes):
    """Handle build options for add-ons."""
    def __init__(self, coresys: CoreSys, addon: AnyAddon) -> None:
@@ -21,20 +33,46 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
        self.coresys: CoreSys = coresys
        self.addon = addon
-        super().__init__(
+        try:
-            Path(self.addon.path_location, "build.json"), SCHEMA_BUILD_CONFIG
+            build_file = find_one_filetype(
-        )
+                self.addon.path_location, "build", FILE_SUFFIX_CONFIGURATION
            )
        except ConfigurationFileError:
            build_file = self.addon.path_location / "build.json"
        super().__init__(build_file, SCHEMA_BUILD_CONFIG)
    def save_data(self):
        """Ignore save function."""
        raise RuntimeError()
    @cached_property
    def arch(self) -> str:
        """Return arch of the add-on."""
        return self.sys_arch.match(self.addon.arch)
    @property
    def base_image(self) -> str:
        """Return base image for this add-on."""
-        return self._data[ATTR_BUILD_FROM].get(
+        if not self._data[ATTR_BUILD_FROM]:
-            self.sys_arch.default, f"homeassistant/{self.sys_arch.default}-base:latest"
+            return f"ghcr.io/home-assistant/{self.sys_arch.default}-base:latest"
-        )
+
        if isinstance(self._data[ATTR_BUILD_FROM], str):
            return self._data[ATTR_BUILD_FROM]
        # Evaluate correct base image
        if self.arch not in self._data[ATTR_BUILD_FROM]:
            raise HassioArchNotFound(
                f"Add-on {self.addon.slug} is not supported on {self.arch}"
            )
        return self._data[ATTR_BUILD_FROM][self.arch]
    @property
    def dockerfile(self) -> Path:
        """Return Dockerfile path."""
        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
        return self.addon.path_location.joinpath("Dockerfile")
    @property
    def squash(self) -> bool:
@@ -42,24 +80,45 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
        return self._data[ATTR_SQUASH]
    @property
-    def additional_args(self) -> Dict[str, str]:
+    def additional_args(self) -> dict[str, str]:
        """Return additional Docker build arguments."""
        return self._data[ATTR_ARGS]
-    def get_docker_args(self, version):
+    @property
    def additional_labels(self) -> dict[str, str]:
        """Return additional Docker labels."""
        return self._data[ATTR_LABELS]
    @property
    def is_valid(self) -> bool:
        """Return true if the build env is valid."""
        try:
            return all(
                [
                    self.addon.path_location.is_dir(),
                    self.dockerfile.is_file(),
                ]
            )
        except HassioArchNotFound:
            return False
    def get_docker_args(self, version: AwesomeVersion):
        """Create a dict with Docker build arguments."""
        args = {
            "path": str(self.addon.path_location),
-            "tag": f"{self.addon.image}:{version}",
+            "tag": f"{self.addon.image}:{version!s}",
            "dockerfile": str(self.dockerfile),
            "pull": True,
-            "forcerm": True,
+            "forcerm": not self.sys_dev,
            "squash": self.squash,
            "platform": MAP_ARCH[self.arch],
            "labels": {
                "io.hass.version": version,
-                "io.hass.arch": self.sys_arch.default,
+                "io.hass.arch": self.arch,
                "io.hass.type": META_ADDON,
                "io.hass.name": self._fix_label("name"),
                "io.hass.description": self._fix_label("description"),
                **self.additional_labels,
            },
            "buildargs": {
                "BUILD_FROM": self.base_image,
--- a/supervisor/addons/configuration.py
+++ b/supervisor/addons/configuration.py
@@ -0,0 +1,11 @@
 """Confgiuration Objects for Addon Config."""
 from dataclasses import dataclass
@dataclass(slots=True)
 class FolderMapping:
    """Represent folder mapping configuration."""
    path: str | None
    read_only: bool
--- a/supervisor/addons/const.py
+++ b/supervisor/addons/const.py
@@ -0,0 +1,47 @@
 """Add-on static data."""
 from datetime import timedelta
 from enum import StrEnum
 from ..jobs.const import JobCondition
 class AddonBackupMode(StrEnum):
    """Backup mode of an Add-on."""
    HOT = "hot"
    COLD = "cold"
 class MappingType(StrEnum):
    """Mapping type of an Add-on Folder."""
    DATA = "data"
    CONFIG = "config"
    SSL = "ssl"
    ADDONS = "addons"
    BACKUP = "backup"
    SHARE = "share"
    MEDIA = "media"
    HOMEASSISTANT_CONFIG = "homeassistant_config"
    ALL_ADDON_CONFIGS = "all_addon_configs"
    ADDON_CONFIG = "addon_config"
 ATTR_BACKUP = "backup"
 ATTR_CODENOTARY = "codenotary"
 ATTR_READ_ONLY = "read_only"
 ATTR_PATH = "path"
 WATCHDOG_RETRY_SECONDS = 10
 WATCHDOG_MAX_ATTEMPTS = 5
 WATCHDOG_THROTTLE_PERIOD = timedelta(minutes=30)
 WATCHDOG_THROTTLE_MAX_CALLS = 10
 ADDON_UPDATE_CONDITIONS = [
    JobCondition.FREE_SPACE,
    JobCondition.HEALTHY,
    JobCondition.INTERNET_HOST,
    JobCondition.PLUGINS_UPDATED,
    JobCondition.SUPERVISOR_UPDATED,
 ]
 RE_SLUG = r"[-_.A-Za-z0-9]+"
--- a/supervisor/addons/data.py
+++ b/supervisor/addons/data.py
@@ -1,7 +1,6 @@
 """Init file for Supervisor add-on data."""
 from copy import deepcopy
-import logging
+from typing import Any
 from typing import Any, Dict
 from ..const import (
    ATTR_IMAGE,
@@ -13,16 +12,14 @@ from ..const import (
 )
 from ..coresys import CoreSys, CoreSysAttributes
 from ..store.addon import AddonStore
-from ..utils.json import JsonConfig
+from ..utils.common import FileConfiguration
 from .addon import Addon
 from .validate import SCHEMA_ADDONS_FILE
-_LOGGER: logging.Logger = logging.getLogger(__name__)
+Config = dict[str, Any]
 Config = Dict[str, Any]
-class AddonsData(JsonConfig, CoreSysAttributes):
+class AddonsData(FileConfiguration, CoreSysAttributes):
    """Hold data for installed Add-ons inside Supervisor."""
    def __init__(self, coresys: CoreSys):
--- a/supervisor/addons/manager.py
+++ b/supervisor/addons/manager.py
@@ -0,0 +1,374 @@
 """Supervisor add-on manager."""
 import asyncio
 from collections.abc import Awaitable
 from contextlib import suppress
 import logging
 import tarfile
 from typing import Union
 from ..const import AddonBoot, AddonStartup, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import (
    AddonConfigurationError,
    AddonsError,
    AddonsJobError,
    AddonsNotSupportedError,
    CoreDNSError,
    DockerAPIError,
    DockerError,
    DockerNotFound,
    HassioError,
    HomeAssistantAPIError,
 )
 from ..jobs.decorator import Job, JobCondition
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
 from ..utils import check_exception_chain
 from ..utils.sentry import capture_exception
 from .addon import Addon
 from .const import ADDON_UPDATE_CONDITIONS
 from .data import AddonsData
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 AnyAddon = Union[Addon, AddonStore]
 class AddonManager(CoreSysAttributes):
    """Manage add-ons inside Supervisor."""
    def __init__(self, coresys: CoreSys):
        """Initialize Docker base wrapper."""
        self.coresys: CoreSys = coresys
        self.data: AddonsData = AddonsData(coresys)
        self.local: dict[str, Addon] = {}
        self.store: dict[str, AddonStore] = {}
    @property
    def all(self) -> list[AnyAddon]:
        """Return a list of all add-ons."""
        addons: dict[str, AnyAddon] = {**self.store, **self.local}
        return list(addons.values())
    @property
    def installed(self) -> list[Addon]:
        """Return a list of all installed add-ons."""
        return list(self.local.values())
    def get(self, addon_slug: str, local_only: bool = False) -> AnyAddon | None:
        """Return an add-on from slug.
        Prio:
          1 - Local
          2 - Store
        """
        if addon_slug in self.local:
            return self.local[addon_slug]
        if not local_only:
            return self.store.get(addon_slug)
        return None
    def from_token(self, token: str) -> Addon | None:
        """Return an add-on from Supervisor token."""
        for addon in self.installed:
            if token == addon.supervisor_token:
                return addon
        return None
    async def load(self) -> None:
        """Start up add-on management."""
        tasks = []
        for slug in self.data.system:
            addon = self.local[slug] = Addon(self.coresys, slug)
            tasks.append(self.sys_create_task(addon.load()))
        # Run initial tasks
        _LOGGER.info("Found %d installed add-ons", len(tasks))
        if tasks:
            await asyncio.wait(tasks)
        # Sync DNS
        await self.sync_dns()
    async def boot(self, stage: AddonStartup) -> None:
        """Boot add-ons with mode auto."""
        tasks: list[Addon] = []
        for addon in self.installed:
            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be started
        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Start Add-ons sequential
        # avoid issue on slow IO
        # Config.wait_boot is deprecated. Until addons update with healthchecks,
        # add a sleep task for it to keep the same minimum amount of wait time
        wait_boot: list[Awaitable[None]] = [asyncio.sleep(self.sys_config.wait_boot)]
        for addon in tasks:
            try:
                if start_task := await addon.start():
                    wait_boot.append(start_task)
            except AddonsError as err:
                # Check if there is an system/user issue
                if check_exception_chain(
                    err, (DockerAPIError, DockerNotFound, AddonConfigurationError)
                ):
                    addon.boot = AddonBoot.MANUAL
                    addon.save_persist()
            except HassioError:
                pass  # These are already handled
            else:
                continue
            _LOGGER.warning("Can't start Add-on %s", addon.slug)
        # Ignore exceptions from waiting for addon startup, addon errors handled elsewhere
        await asyncio.gather(*wait_boot, return_exceptions=True)
    async def shutdown(self, stage: AddonStartup) -> None:
        """Shutdown addons."""
        tasks: list[Addon] = []
        for addon in self.installed:
            if addon.state != AddonState.STARTED or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be stopped
        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Stop Add-ons sequential
        # avoid issue on slow IO
        for addon in tasks:
            try:
                await addon.stop()
            except Exception as err:  # pylint: disable=broad-except
                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
                capture_exception(err)
    @Job(
        name="addon_manager_install",
        conditions=ADDON_UPDATE_CONDITIONS,
        on_condition=AddonsJobError,
    )
    async def install(self, slug: str) -> None:
        """Install an add-on."""
        self.sys_jobs.current.reference = slug
        if slug in self.local:
            raise AddonsError(f"Add-on {slug} is already installed", _LOGGER.warning)
        store = self.store.get(slug)
        if not store:
            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
        store.validate_availability()
        await Addon(self.coresys, slug).install()
        _LOGGER.info("Add-on '%s' successfully installed", slug)
    async def uninstall(self, slug: str) -> None:
        """Remove an add-on."""
        if slug not in self.local:
            _LOGGER.warning("Add-on %s is not installed", slug)
            return
        await self.local[slug].uninstall()
        _LOGGER.info("Add-on '%s' successfully removed", slug)
    @Job(
        name="addon_manager_update",
        conditions=ADDON_UPDATE_CONDITIONS,
        on_condition=AddonsJobError,
    )
    async def update(
        self, slug: str, backup: bool | None = False
    ) -> asyncio.Task | None:
        """Update add-on.
        Returns a Task that completes when addon has state 'started' (see addon.start)
        if addon is started after update. Else nothing is returned.
        """
        self.sys_jobs.current.reference = slug
        if slug not in self.local:
            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
        addon = self.local[slug]
        if addon.is_detached:
            raise AddonsError(
                f"Add-on {slug} is not available inside store", _LOGGER.error
            )
        store = self.store[slug]
        if addon.version == store.version:
            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
        # Check if available, Maybe something have changed
        store.validate_availability()
        if backup:
            await self.sys_backups.do_backup_partial(
                name=f"addon_{addon.slug}_{addon.version}",
                homeassistant=False,
                addons=[addon.slug],
            )
        return await addon.update()
    @Job(
        name="addon_manager_rebuild",
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def rebuild(self, slug: str) -> asyncio.Task | None:
        """Perform a rebuild of local build add-on.
        Returns a Task that completes when addon has state 'started' (see addon.start)
        if addon is started after rebuild. Else nothing is returned.
        """
        self.sys_jobs.current.reference = slug
        if slug not in self.local:
            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
        addon = self.local[slug]
        if addon.is_detached:
            raise AddonsError(
                f"Add-on {slug} is not available inside store", _LOGGER.error
            )
        store = self.store[slug]
        # Check if a rebuild is possible now
        if addon.version != store.version:
            raise AddonsError(
                "Version changed, use Update instead Rebuild", _LOGGER.error
            )
        if not addon.need_build:
            raise AddonsNotSupportedError(
                "Can't rebuild a image based add-on", _LOGGER.error
            )
        return await addon.rebuild()
    @Job(
        name="addon_manager_restore",
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def restore(
        self, slug: str, tar_file: tarfile.TarFile
    ) -> asyncio.Task | None:
        """Restore state of an add-on.
        Returns a Task that completes when addon has state 'started' (see addon.start)
        if addon is started after restore. Else nothing is returned.
        """
        self.sys_jobs.current.reference = slug
        if slug not in self.local:
            _LOGGER.debug("Add-on %s is not local available for restore", slug)
            addon = Addon(self.coresys, slug)
            had_ingress = False
        else:
            _LOGGER.debug("Add-on %s is local available for restore", slug)
            addon = self.local[slug]
            had_ingress = addon.ingress_panel
        wait_for_start = await addon.restore(tar_file)
        # Check if new
        if slug not in self.local:
            _LOGGER.info("Detect new Add-on after restore %s", slug)
            self.local[slug] = addon
        # Update ingress
        if had_ingress != addon.ingress_panel:
            await self.sys_ingress.reload()
            with suppress(HomeAssistantAPIError):
                await self.sys_ingress.update_hass_panel(addon)
        return wait_for_start
    @Job(
        name="addon_manager_repair",
        conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST],
    )
    async def repair(self) -> None:
        """Repair local add-ons."""
        needs_repair: list[Addon] = []
        # Evaluate Add-ons to repair
        for addon in self.installed:
            if await addon.instance.exists():
                continue
            needs_repair.append(addon)
        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
        if not needs_repair:
            return
        for addon in needs_repair:
            _LOGGER.info("Repairing for add-on: %s", addon.slug)
            with suppress(DockerError, KeyError):
                # Need pull a image again
                if not addon.need_build:
                    await addon.instance.install(addon.version, addon.image)
                    continue
                # Need local lookup
                if addon.need_build and not addon.is_detached:
                    store = self.store[addon.slug]
                    # If this add-on is available for rebuild
                    if addon.version == store.version:
                        await addon.instance.install(addon.version, addon.image)
                        continue
            _LOGGER.error("Can't repair %s", addon.slug)
            with suppress(AddonsError):
                await self.uninstall(addon.slug)
    async def sync_dns(self) -> None:
        """Sync add-ons DNS names."""
        # Update hosts
        add_host_coros: list[Awaitable[None]] = []
        for addon in self.installed:
            try:
                if not await addon.instance.is_running():
                    continue
            except DockerError as err:
                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
                self.sys_resolution.create_issue(
                    IssueType.CORRUPT_DOCKER,
                    ContextType.ADDON,
                    reference=addon.slug,
                    suggestions=[SuggestionType.EXECUTE_REPAIR],
                )
                capture_exception(err)
            else:
                add_host_coros.append(
                    self.sys_plugins.dns.add_host(
                        ipv4=addon.ip_address, names=[addon.hostname], write=False
                    )
                )
        await asyncio.gather(*add_host_coros)
        # Write hosts files
        with suppress(CoreDNSError):
            await self.sys_plugins.dns.write_hosts()
--- a/supervisor/addons/model.py
+++ b/supervisor/addons/model.py
@@ -1,10 +1,13 @@
 """Init file for Supervisor add-ons."""
 from abc import ABC, abstractmethod
 from collections import defaultdict
 from collections.abc import Callable
 from contextlib import suppress
 import logging
 from pathlib import Path
-from typing import Any, Awaitable, Dict, List, Optional
+from typing import Any
-from packaging import version as pkg_version
+from awesomeversion import AwesomeVersion, AwesomeVersionException
 import voluptuous as vol
 from ..const import (
    ATTR_ADVANCED,
@@ -12,7 +15,9 @@ from ..const import (
    ATTR_ARCH,
    ATTR_AUDIO,
    ATTR_AUTH_API,
-    ATTR_AUTO_UART,
+    ATTR_BACKUP_EXCLUDE,
    ATTR_BACKUP_POST,
    ATTR_BACKUP_PRE,
    ATTR_BOOT,
    ATTR_DESCRIPTON,
    ATTR_DEVICES,
@@ -30,9 +35,12 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
    ATTR_HOST_UTS,
    ATTR_IMAGE,
    ATTR_INGRESS,
    ATTR_INGRESS_STREAM,
    ATTR_INIT,
    ATTR_JOURNALD,
    ATTR_KERNEL_MODULES,
    ATTR_LEGACY,
    ATTR_LOCATON,
@@ -46,39 +54,64 @@ from ..const import (
    ATTR_PORTS,
    ATTR_PORTS_DESCRIPTION,
    ATTR_PRIVILEGED,
    ATTR_REALTIME,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
    ATTR_SNAPSHOT_EXCLUDE,
    ATTR_STAGE,
    ATTR_STARTUP,
    ATTR_STDIN,
    ATTR_TIMEOUT,
    ATTR_TMPFS,
    ATTR_TRANSLATIONS,
    ATTR_TYPE,
    ATTR_UART,
    ATTR_UDEV,
    ATTR_URL,
    ATTR_USB,
    ATTR_VERSION,
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
    SECURITY_DEFAULT,
    SECURITY_DISABLE,
    SECURITY_PROFILE,
-    AddonStages,
+    AddonBoot,
    AddonStage,
    AddonStartup,
 )
-from ..coresys import CoreSys, CoreSysAttributes
+from ..coresys import CoreSys
-from .validate import RE_SERVICE, RE_VOLUME, schema_ui_options, validate_options
+from ..docker.const import Capabilities
 from ..exceptions import AddonsNotSupportedError
 from ..jobs.const import JOB_GROUP_ADDON
 from ..jobs.job_group import JobGroup
 from ..utils import version_is_new_enough
 from .configuration import FolderMapping
 from .const import (
    ATTR_BACKUP,
    ATTR_CODENOTARY,
    ATTR_PATH,
    ATTR_READ_ONLY,
    AddonBackupMode,
    MappingType,
 )
 from .options import AddonOptions, UiOptions
 from .validate import RE_SERVICE
-Data = Dict[str, Any]
+_LOGGER: logging.Logger = logging.getLogger(__name__)
 Data = dict[str, Any]
-class AddonModel(CoreSysAttributes, ABC):
+class AddonModel(JobGroup, ABC):
    """Add-on Data layout."""
    def __init__(self, coresys: CoreSys, slug: str):
        """Initialize data holder."""
-        self.coresys: CoreSys = coresys
+        super().__init__(
            coresys, JOB_GROUP_ADDON.format_map(defaultdict(str, slug=slug)), slug
        )
        self.slug: str = slug
    @property
@@ -102,17 +135,17 @@ class AddonModel(CoreSysAttributes, ABC):
        return self._available(self.data)
    @property
-    def options(self) -> Dict[str, Any]:
+    def options(self) -> dict[str, Any]:
        """Return options with local changes."""
        return self.data[ATTR_OPTIONS]
    @property
-    def boot(self) -> bool:
+    def boot(self) -> AddonBoot:
        """Return boot config with prio local settings."""
        return self.data[ATTR_BOOT]
    @property
-    def auto_update(self) -> Optional[bool]:
+    def auto_update(self) -> bool | None:
        """Return if auto update is enable."""
        return None
@@ -127,7 +160,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.slug.replace("_", "-")
    @property
-    def dns(self) -> List[str]:
+    def dns(self) -> list[str]:
        """Return list of DNS name for that add-on."""
        return []
@@ -137,22 +170,22 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_TIMEOUT]
    @property
-    def uuid(self) -> Optional[str]:
+    def uuid(self) -> str | None:
        """Return an API token for this add-on."""
        return None
    @property
-    def supervisor_token(self) -> Optional[str]:
+    def supervisor_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return None
    @property
-    def ingress_token(self) -> Optional[str]:
+    def ingress_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return None
    @property
-    def ingress_entry(self) -> Optional[str]:
+    def ingress_entry(self) -> str | None:
        """Return ingress external URL."""
        return None
@@ -162,7 +195,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_DESCRIPTON]
    @property
-    def long_description(self) -> Optional[str]:
+    def long_description(self) -> str | None:
        """Return README.md as long_description."""
        readme = Path(self.path_location, "README.md")
@@ -171,8 +204,7 @@ class AddonModel(CoreSysAttributes, ABC):
            return None
        # Return data
-        with readme.open("r") as readme_file:
+        return readme.read_text(encoding="utf-8")
            return readme_file.read()
    @property
    def repository(self) -> str:
@@ -180,12 +212,17 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_REPOSITORY]
    @property
-    def latest_version(self) -> str:
+    def translations(self) -> dict:
        """Return add-on translations."""
        return self.data[ATTR_TRANSLATIONS]
    @property
    def latest_version(self) -> AwesomeVersion:
        """Return latest version of add-on."""
        return self.data[ATTR_VERSION]
    @property
-    def version(self) -> Optional[str]:
+    def version(self) -> AwesomeVersion:
        """Return version of add-on."""
        return self.data[ATTR_VERSION]
@@ -205,12 +242,12 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_ADVANCED]
    @property
-    def stage(self) -> AddonStages:
+    def stage(self) -> AddonStage:
        """Return stage mode of add-on."""
        return self.data[ATTR_STAGE]
    @property
-    def services_role(self) -> Dict[str, str]:
+    def services_role(self) -> dict[str, str]:
        """Return dict of services with rights."""
        services_list = self.data.get(ATTR_SERVICES, [])
@@ -223,32 +260,37 @@ class AddonModel(CoreSysAttributes, ABC):
        return services
    @property
-    def discovery(self) -> List[str]:
+    def discovery(self) -> list[str]:
        """Return list of discoverable components/platforms."""
        return self.data.get(ATTR_DISCOVERY, [])
    @property
-    def ports_description(self) -> Optional[Dict[str, str]]:
+    def ports_description(self) -> dict[str, str] | None:
        """Return descriptions of ports."""
        return self.data.get(ATTR_PORTS_DESCRIPTION)
    @property
-    def ports(self) -> Optional[Dict[str, Optional[int]]]:
+    def ports(self) -> dict[str, int | None] | None:
        """Return ports of add-on."""
        return self.data.get(ATTR_PORTS)
    @property
-    def ingress_url(self) -> Optional[str]:
+    def ingress_url(self) -> str | None:
        """Return URL to ingress url."""
        return None
    @property
-    def webui(self) -> Optional[str]:
+    def webui(self) -> str | None:
        """Return URL to webui or None."""
        return self.data.get(ATTR_WEBUI)
    @property
-    def ingress_port(self) -> Optional[int]:
+    def watchdog(self) -> str | None:
        """Return URL to for watchdog or None."""
        return self.data.get(ATTR_WATCHDOG)
    @property
    def ingress_port(self) -> int | None:
        """Return Ingress port."""
        return None
@@ -282,33 +324,28 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if add-on run on host IPC namespace."""
        return self.data[ATTR_HOST_IPC]
    @property
    def host_uts(self) -> bool:
        """Return True if add-on run on host UTS namespace."""
        return self.data[ATTR_HOST_UTS]
    @property
    def host_dbus(self) -> bool:
        """Return True if add-on run on host D-BUS."""
        return self.data[ATTR_HOST_DBUS]
    @property
-    def devices(self) -> List[str]:
+    def static_devices(self) -> list[Path]:
-        """Return devices of add-on."""
+        """Return static devices of add-on."""
-        return self.data.get(ATTR_DEVICES, [])
+        return [Path(node) for node in self.data.get(ATTR_DEVICES, [])]
    @property
-    def auto_uart(self) -> bool:
+    def environment(self) -> dict[str, str] | None:
        """Return True if we should map all UART device."""
        return self.data[ATTR_AUTO_UART]
    @property
    def tmpfs(self) -> Optional[str]:
        """Return tmpfs of add-on."""
        return self.data.get(ATTR_TMPFS)
    @property
    def environment(self) -> Optional[Dict[str, str]]:
        """Return environment of add-on."""
        return self.data.get(ATTR_ENVIRONMENT)
    @property
-    def privileged(self) -> List[str]:
+    def privileged(self) -> list[Capabilities]:
        """Return list of privilege."""
        return self.data.get(ATTR_PRIVILEGED, [])
@@ -347,9 +384,24 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_HASSIO_ROLE]
    @property
-    def snapshot_exclude(self) -> List[str]:
+    def backup_exclude(self) -> list[str]:
-        """Return Exclude list for snapshot."""
+        """Return Exclude list for backup."""
-        return self.data.get(ATTR_SNAPSHOT_EXCLUDE, [])
+        return self.data.get(ATTR_BACKUP_EXCLUDE, [])
    @property
    def backup_pre(self) -> str | None:
        """Return pre-backup command."""
        return self.data.get(ATTR_BACKUP_PRE)
    @property
    def backup_post(self) -> str | None:
        """Return post-backup command."""
        return self.data.get(ATTR_BACKUP_POST)
    @property
    def backup_mode(self) -> AddonBackupMode:
        """Return if backup is hot/cold."""
        return self.data[ATTR_BACKUP]
    @property
    def default_init(self) -> bool:
@@ -367,15 +419,30 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_INGRESS]
    @property
-    def ingress_panel(self) -> Optional[bool]:
+    def ingress_panel(self) -> bool | None:
        """Return True if the add-on access support ingress."""
        return None
    @property
    def ingress_stream(self) -> bool:
        """Return True if post requests to ingress should be streamed."""
        return self.data[ATTR_INGRESS_STREAM]
    @property
    def with_gpio(self) -> bool:
        """Return True if the add-on access to GPIO interface."""
        return self.data[ATTR_GPIO]
    @property
    def with_usb(self) -> bool:
        """Return True if the add-on need USB access."""
        return self.data[ATTR_USB]
    @property
    def with_uart(self) -> bool:
        """Return True if we should map all UART device."""
        return self.data[ATTR_UART]
    @property
    def with_udev(self) -> bool:
        """Return True if the add-on have his own udev."""
@@ -386,6 +453,11 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if the add-on access to kernel modules."""
        return self.data[ATTR_KERNEL_MODULES]
    @property
    def with_realtime(self) -> bool:
        """Return True if the add-on need realtime schedule functions."""
        return self.data[ATTR_REALTIME]
    @property
    def with_full_access(self) -> bool:
        """Return True if the add-on want full access to hardware."""
@@ -396,6 +468,11 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if the add-on read access to devicetree."""
        return self.data[ATTR_DEVICETREE]
    @property
    def with_tmpfs(self) -> str | None:
        """Return if tmp is in memory of add-on."""
        return self.data[ATTR_TMPFS]
    @property
    def access_auth_api(self) -> bool:
        """Return True if the add-on access to login/auth backend."""
@@ -412,12 +489,12 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_VIDEO]
    @property
-    def homeassistant_version(self) -> Optional[str]:
+    def homeassistant_version(self) -> str | None:
        """Return min Home Assistant version they needed by Add-on."""
        return self.data.get(ATTR_HOMEASSISTANT)
    @property
-    def url(self) -> Optional[str]:
+    def url(self) -> str | None:
        """Return URL of add-on."""
        return self.data.get(ATTR_URL)
@@ -442,17 +519,25 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.path_documentation.exists()
    @property
-    def supported_arch(self) -> List[str]:
+    def supported_arch(self) -> list[str]:
        """Return list of supported arch."""
        return self.data[ATTR_ARCH]
    @property
-    def supported_machine(self) -> List[str]:
+    def supported_machine(self) -> list[str]:
        """Return list of supported machine."""
        return self.data.get(ATTR_MACHINE, [])
    @property
-    def image(self) -> Optional[str]:
+    def arch(self) -> str:
        """Return architecture to use for the addon's image."""
        if ATTR_IMAGE in self.data:
            return self.sys_arch.match(self.data[ATTR_ARCH])
        return self.sys_arch.default
    @property
    def image(self) -> str | None:
        """Generate image name from data."""
        return self._image(self.data)
@@ -462,14 +547,13 @@ class AddonModel(CoreSysAttributes, ABC):
        return ATTR_IMAGE not in self.data
    @property
-    def map_volumes(self) -> Dict[str, str]:
+    def map_volumes(self) -> dict[MappingType, FolderMapping]:
-        """Return a dict of {volume: policy} from add-on."""
+        """Return a dict of {MappingType: FolderMapping} from add-on."""
        volumes = {}
        for volume in self.data[ATTR_MAP]:
-            result = RE_VOLUME.match(volume)
+            volumes[MappingType(volume[ATTR_TYPE])] = FolderMapping(
-            if not result:
+                volume.get(ATTR_PATH), volume[ATTR_READ_ONLY]
-                continue
+            )
            volumes[result.group(1)] = result.group(2) or "ro"
        return volumes
@@ -504,22 +588,41 @@ class AddonModel(CoreSysAttributes, ABC):
        return Path(self.path_location, "apparmor.txt")
    @property
-    def schema(self) -> vol.Schema:
+    def schema(self) -> AddonOptions:
-        """Create a schema for add-on options."""
+        """Return Addon options validation object."""
        raw_schema = self.data[ATTR_SCHEMA]
        if isinstance(raw_schema, bool):
-            return vol.Schema(dict)
+            raw_schema = {}
-        return vol.Schema(vol.All(dict, validate_options(self.coresys, raw_schema)))
+
        return AddonOptions(self.coresys, raw_schema, self.name, self.slug)
    @property
-    def schema_ui(self) -> Optional[List[Dict[str, Any]]]:
+    def schema_ui(self) -> list[dict[any, any]] | None:
        """Create a UI schema for add-on options."""
        raw_schema = self.data[ATTR_SCHEMA]
        if isinstance(raw_schema, bool):
            return None
-        return schema_ui_options(raw_schema)
+        return UiOptions(self.coresys)(raw_schema)
    @property
    def with_journald(self) -> bool:
        """Return True if the add-on accesses the system journal."""
        return self.data[ATTR_JOURNALD]
    @property
    def signed(self) -> bool:
        """Return True if the image is signed."""
        return ATTR_CODENOTARY in self.data
    @property
    def codenotary(self) -> str | None:
        """Return Signer email address for CAS."""
        return self.data.get(ATTR_CODENOTARY)
    def validate_availability(self) -> None:
        """Validate if addon is available for current system."""
        return self._validate_availability(self.data, logger=_LOGGER.error)
    def __eq__(self, other):
        """Compaired add-on objects."""
@@ -527,28 +630,46 @@ class AddonModel(CoreSysAttributes, ABC):
            return False
        return self.slug == other.slug
-    def _available(self, config) -> bool:
+    def _validate_availability(
-        """Return True if this add-on is available on this platform."""
+        self, config, *, logger: Callable[..., None] | None = None
    ) -> None:
        """Validate if addon is available for current system."""
        # Architecture
        if not self.sys_arch.is_supported(config[ATTR_ARCH]):
-            return False
+            raise AddonsNotSupportedError(
                f"Add-on {self.slug} not supported on this platform, supported architectures: {', '.join(config[ATTR_ARCH])}",
                logger,
            )
        # Machine / Hardware
        machine = config.get(ATTR_MACHINE)
-        if machine and self.sys_machine not in machine:
+        if machine and (
-            return False
+            f"!{self.sys_machine}" in machine or self.sys_machine not in machine
        ):
            raise AddonsNotSupportedError(
                f"Add-on {self.slug} not supported on this machine, supported machine types: {', '.join(machine)}",
                logger,
            )
        # Home Assistant
-        version = config.get(ATTR_HOMEASSISTANT)
+        version: AwesomeVersion | None = config.get(ATTR_HOMEASSISTANT)
-        if version is None or self.sys_homeassistant.version is None:
+        with suppress(AwesomeVersionException, TypeError):
-            return True
+            if version and not version_is_new_enough(
                self.sys_homeassistant.version, version
            ):
                raise AddonsNotSupportedError(
                    f"Add-on {self.slug} not supported on this system, requires Home Assistant version {version} or greater",
                    logger,
                )
    def _available(self, config) -> bool:
        """Return True if this add-on is available on this platform."""
        try:
-            return pkg_version.parse(
+            self._validate_availability(config)
-                self.sys_homeassistant.version
+        except AddonsNotSupportedError:
-            ) >= pkg_version.parse(version)
+            return False
-        except pkg_version.InvalidVersion:
+
-            return True
+        return True
    def _image(self, config) -> str:
        """Generate image name from data."""
@@ -559,19 +680,3 @@ class AddonModel(CoreSysAttributes, ABC):
        # local build
        return f"{config[ATTR_REPOSITORY]}/{self.sys_arch.default}-addon-{config[ATTR_SLUG]}"
    def install(self) -> Awaitable[None]:
        """Install this add-on."""
        return self.sys_addons.install(self.slug)
    def uninstall(self) -> Awaitable[None]:
        """Uninstall this add-on."""
        return self.sys_addons.uninstall(self.slug)
    def update(self) -> Awaitable[None]:
        """Update this add-on."""
        return self.sys_addons.update(self.slug)
    def rebuild(self) -> Awaitable[None]:
        """Rebuild this add-on."""
        return self.sys_addons.rebuild(self.slug)
--- a/supervisor/addons/options.py
+++ b/supervisor/addons/options.py
@@ -0,0 +1,422 @@
 """Add-on Options / UI rendering."""
 import hashlib
 import logging
 from pathlib import Path
 import re
 from typing import Any
 import voluptuous as vol
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import HardwareNotFound
 from ..hardware.const import UdevSubsystem
 from ..hardware.data import Device
 from ..validate import network_port
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 _STR = "str"
 _INT = "int"
 _FLOAT = "float"
 _BOOL = "bool"
 _PASSWORD = "password"
 _EMAIL = "email"
 _URL = "url"
 _PORT = "port"
 _MATCH = "match"
 _LIST = "list"
 _DEVICE = "device"
 RE_SCHEMA_ELEMENT = re.compile(
    r"^(?:"
    r"|bool"
    r"|email"
    r"|url"
    r"|port"
    r"|device(?:\((?P<filter>subsystem=[a-z]+)\))?"
    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
    r"|match\((?P<match>.*)\)"
    r"|list\((?P<list>.+)\)"
    r")\??$"
 )
 _SCHEMA_LENGTH_PARTS = (
    "i_min",
    "i_max",
    "f_min",
    "f_max",
    "s_min",
    "s_max",
    "p_min",
    "p_max",
 )
 class AddonOptions(CoreSysAttributes):
    """Validate Add-ons Options."""
    def __init__(
        self, coresys: CoreSys, raw_schema: dict[str, Any], name: str, slug: str
    ):
        """Validate schema."""
        self.coresys: CoreSys = coresys
        self.raw_schema: dict[str, Any] = raw_schema
        self.devices: set[Device] = set()
        self.pwned: set[str] = set()
        self._name = name
        self._slug = slug
    @property
    def validate(self) -> vol.Schema:
        """Create a schema for add-on options."""
        return vol.Schema(vol.All(dict, self))
    def __call__(self, struct):
        """Create schema validator for add-ons options."""
        options = {}
        # read options
        for key, value in struct.items():
            # Ignore unknown options / remove from list
            if key not in self.raw_schema:
                _LOGGER.warning(
                    "Option '%s' does not exist in the schema for %s (%s)",
                    key,
                    self._name,
                    self._slug,
                )
                continue
            typ = self.raw_schema[key]
            try:
                if isinstance(typ, list):
                    # nested value list
                    options[key] = self._nested_validate_list(typ[0], value, key)
                elif isinstance(typ, dict):
                    # nested value dict
                    options[key] = self._nested_validate_dict(typ, value, key)
                else:
                    # normal value
                    options[key] = self._single_validate(typ, value, key)
            except (IndexError, KeyError):
                raise vol.Invalid(
                    f"Type error for option '{key}' in {self._name} ({self._slug})"
                ) from None
        self._check_missing_options(self.raw_schema, options, "root")
        return options
    # pylint: disable=no-value-for-parameter
    def _single_validate(self, typ: str, value: Any, key: str):
        """Validate a single element."""
        # if required argument
        if value is None:
            raise vol.Invalid(
                f"Missing required option '{key}' in {self._name} ({self._slug})"
            ) from None
        # Lookup secret
        if str(value).startswith("!secret "):
            secret: str = value.partition(" ")[2]
            value = self.sys_homeassistant.secrets.get(secret)
            if value is None:
                raise vol.Invalid(
                    f"Unknown secret '{secret}' in {self._name} ({self._slug})"
                ) from None
        # parse extend data from type
        match = RE_SCHEMA_ELEMENT.match(typ)
        if not match:
            raise vol.Invalid(
                f"Unknown type '{typ}' in {self._name} ({self._slug})"
            ) from None
        # prepare range
        range_args = {}
        for group_name in _SCHEMA_LENGTH_PARTS:
            group_value = match.group(group_name)
            if group_value:
                range_args[group_name[2:]] = float(group_value)
        if typ.startswith(_STR) or typ.startswith(_PASSWORD):
            if typ.startswith(_PASSWORD) and value:
                self.pwned.add(hashlib.sha1(str(value).encode()).hexdigest())
            return vol.All(str(value), vol.Range(**range_args))(value)
        elif typ.startswith(_INT):
            return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
        elif typ.startswith(_FLOAT):
            return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
        elif typ.startswith(_BOOL):
            return vol.Boolean()(value)
        elif typ.startswith(_EMAIL):
            return vol.Email()(value)
        elif typ.startswith(_URL):
            return vol.Url()(value)
        elif typ.startswith(_PORT):
            return network_port(value)
        elif typ.startswith(_MATCH):
            return vol.Match(match.group("match"))(str(value))
        elif typ.startswith(_LIST):
            return vol.In(match.group("list").split("|"))(str(value))
        elif typ.startswith(_DEVICE):
            try:
                device = self.sys_hardware.get_by_path(Path(value))
            except HardwareNotFound:
                raise vol.Invalid(
                    f"Device '{value}' does not exist in {self._name} ({self._slug})"
                ) from None
            # Have filter
            if match.group("filter"):
                str_filter = match.group("filter")
                device_filter = _create_device_filter(str_filter)
                if device not in self.sys_hardware.filter_devices(**device_filter):
                    raise vol.Invalid(
                        f"Device '{value}' don't match the filter {str_filter}! in {self._name} ({self._slug})"
                    )
            # Device valid
            self.devices.add(device)
            return str(device.path)
        raise vol.Invalid(
            f"Fatal error for option '{key}' with type '{typ}' in {self._name} ({self._slug})"
        ) from None
    def _nested_validate_list(self, typ: Any, data_list: list[Any], key: str):
        """Validate nested items."""
        options = []
        # Make sure it is a list
        if not isinstance(data_list, list):
            raise vol.Invalid(
                f"Invalid list for option '{key}' in {self._name} ({self._slug})"
            ) from None
        # Process list
        for element in data_list:
            # Nested?
            if isinstance(typ, dict):
                c_options = self._nested_validate_dict(typ, element, key)
                options.append(c_options)
            else:
                options.append(self._single_validate(typ, element, key))
        return options
    def _nested_validate_dict(
        self, typ: dict[Any, Any], data_dict: dict[Any, Any], key: str
    ):
        """Validate nested items."""
        options = {}
        # Make sure it is a dict
        if not isinstance(data_dict, dict):
            raise vol.Invalid(
                f"Invalid dict for option '{key}' in {self._name} ({self._slug})"
            ) from None
        # Process dict
        for c_key, c_value in data_dict.items():
            # Ignore unknown options / remove from list
            if c_key not in typ:
                _LOGGER.warning(
                    "Unknown option '%s' for %s (%s)", c_key, self._name, self._slug
                )
                continue
            # Nested?
            if isinstance(typ[c_key], list):
                options[c_key] = self._nested_validate_list(
                    typ[c_key][0], c_value, c_key
                )
            else:
                options[c_key] = self._single_validate(typ[c_key], c_value, c_key)
        self._check_missing_options(typ, options, key)
        return options
    def _check_missing_options(
        self, origin: dict[Any, Any], exists: dict[Any, Any], root: str
    ) -> None:
        """Check if all options are exists."""
        missing = set(origin) - set(exists)
        for miss_opt in missing:
            miss_schema = origin[miss_opt]
            # If its a list then value in list decides if its optional like ["str?"]
            if isinstance(miss_schema, list) and len(miss_schema) > 0:
                miss_schema = miss_schema[0]
            if isinstance(miss_schema, str) and miss_schema.endswith("?"):
                continue
            raise vol.Invalid(
                f"Missing option '{miss_opt}' in {root} in {self._name} ({self._slug})"
            ) from None
 class UiOptions(CoreSysAttributes):
    """Render UI Add-ons Options."""
    def __init__(self, coresys: CoreSys) -> None:
        """Initialize UI option render."""
        self.coresys = coresys
    def __call__(self, raw_schema: dict[str, Any]) -> list[dict[str, Any]]:
        """Generate UI schema."""
        ui_schema: list[dict[str, Any]] = []
        # read options
        for key, value in raw_schema.items():
            if isinstance(value, list):
                # nested value list
                self._nested_ui_list(ui_schema, value, key)
            elif isinstance(value, dict):
                # nested value dict
                self._nested_ui_dict(ui_schema, value, key)
            else:
                # normal value
                self._single_ui_option(ui_schema, value, key)
        return ui_schema
    def _single_ui_option(
        self,
        ui_schema: list[dict[str, Any]],
        value: str,
        key: str,
        multiple: bool = False,
    ) -> None:
        """Validate a single element."""
        ui_node: dict[str, str | bool | float | list[str]] = {"name": key}
        # If multiple
        if multiple:
            ui_node["multiple"] = True
        # Parse extend data from type
        match = RE_SCHEMA_ELEMENT.match(value)
        if not match:
            return
        # Prepare range
        for group_name in _SCHEMA_LENGTH_PARTS:
            group_value = match.group(group_name)
            if not group_value:
                continue
            if group_name[2:] == "min":
                ui_node["lengthMin"] = float(group_value)
            elif group_name[2:] == "max":
                ui_node["lengthMax"] = float(group_value)
        # If required
        if value.endswith("?"):
            ui_node["optional"] = True
        else:
            ui_node["required"] = True
        # Data types
        if value.startswith(_STR):
            ui_node["type"] = "string"
        elif value.startswith(_PASSWORD):
            ui_node["type"] = "string"
            ui_node["format"] = "password"
        elif value.startswith(_INT):
            ui_node["type"] = "integer"
        elif value.startswith(_FLOAT):
            ui_node["type"] = "float"
        elif value.startswith(_BOOL):
            ui_node["type"] = "boolean"
        elif value.startswith(_EMAIL):
            ui_node["type"] = "string"
            ui_node["format"] = "email"
        elif value.startswith(_URL):
            ui_node["type"] = "string"
            ui_node["format"] = "url"
        elif value.startswith(_PORT):
            ui_node["type"] = "integer"
        elif value.startswith(_MATCH):
            ui_node["type"] = "string"
        elif value.startswith(_LIST):
            ui_node["type"] = "select"
            ui_node["options"] = match.group("list").split("|")
        elif value.startswith(_DEVICE):
            ui_node["type"] = "select"
            # Have filter
            if match.group("filter"):
                device_filter = _create_device_filter(match.group("filter"))
                ui_node["options"] = [
                    (device.by_id or device.path).as_posix()
                    for device in self.sys_hardware.filter_devices(**device_filter)
                ]
            else:
                ui_node["options"] = [
                    (device.by_id or device.path).as_posix()
                    for device in self.sys_hardware.devices
                ]
        ui_schema.append(ui_node)
    def _nested_ui_list(
        self,
        ui_schema: list[dict[str, Any]],
        option_list: list[Any],
        key: str,
    ) -> None:
        """UI nested list items."""
        try:
            element = option_list[0]
        except IndexError:
            _LOGGER.error("Invalid schema %s", key)
            return
        if isinstance(element, dict):
            self._nested_ui_dict(ui_schema, element, key, multiple=True)
        else:
            self._single_ui_option(ui_schema, element, key, multiple=True)
    def _nested_ui_dict(
        self,
        ui_schema: list[dict[str, Any]],
        option_dict: dict[str, Any],
        key: str,
        multiple: bool = False,
    ) -> None:
        """UI nested dict items."""
        ui_node = {
            "name": key,
            "type": "schema",
            "optional": True,
            "multiple": multiple,
        }
        nested_schema = []
        for c_key, c_value in option_dict.items():
            # Nested?
            if isinstance(c_value, list):
                self._nested_ui_list(nested_schema, c_value, c_key)
            else:
                self._single_ui_option(nested_schema, c_value, c_key)
        ui_node["schema"] = nested_schema
        ui_schema.append(ui_node)
 def _create_device_filter(str_filter: str) -> dict[str, Any]:
    """Generate device Filter."""
    raw_filter = dict(value.split("=") for value in str_filter.split(";"))
    clean_filter = {}
    for key, value in raw_filter.items():
        if key == "subsystem":
            clean_filter[key] = UdevSubsystem(value)
        else:
            clean_filter[key] = value
    return clean_filter
--- a/supervisor/addons/utils.py
+++ b/supervisor/addons/utils.py
@@ -6,18 +6,8 @@ import logging
 from pathlib import Path
 from typing import TYPE_CHECKING
-from ..const import (
+from ..const import ROLE_ADMIN, ROLE_MANAGER, SECURITY_DISABLE, SECURITY_PROFILE
-    PRIVILEGED_DAC_READ_SEARCH,
+from ..docker.const import Capabilities
    PRIVILEGED_NET_ADMIN,
    PRIVILEGED_SYS_ADMIN,
    PRIVILEGED_SYS_MODULE,
    PRIVILEGED_SYS_PTRACE,
    PRIVILEGED_SYS_RAWIO,
    ROLE_ADMIN,
    ROLE_MANAGER,
    SECURITY_DISABLE,
    SECURITY_PROFILE,
 )
 if TYPE_CHECKING:
    from .model import AddonModel
@@ -26,10 +16,10 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 def rating_security(addon: AddonModel) -> int:
-    """Return 1-6 for security rating.
+    """Return 1-8 for security rating.
    1 = not secure
-    6 = high secure
+    8 = high secure
    """
    rating = 5
@@ -45,17 +35,27 @@ def rating_security(addon: AddonModel) -> int:
    elif addon.access_auth_api:
        rating += 1
    # Signed
    if addon.signed:
        rating += 1
    # Privileged options
-    if any(
+    if (
-        privilege in addon.privileged
+        any(
-        for privilege in (
+            privilege in addon.privileged
-            PRIVILEGED_NET_ADMIN,
+            for privilege in (
-            PRIVILEGED_SYS_ADMIN,
+                Capabilities.BPF,
-            PRIVILEGED_SYS_RAWIO,
+                Capabilities.DAC_READ_SEARCH,
-            PRIVILEGED_SYS_PTRACE,
+                Capabilities.NET_ADMIN,
-            PRIVILEGED_SYS_MODULE,
+                Capabilities.NET_RAW,
-            PRIVILEGED_DAC_READ_SEARCH,
+                Capabilities.PERFMON,
                Capabilities.SYS_ADMIN,
                Capabilities.SYS_MODULE,
                Capabilities.SYS_PTRACE,
                Capabilities.SYS_RAWIO,
            )
        )
        or addon.with_kernel_modules
    ):
        rating += -1
@@ -73,15 +73,15 @@ def rating_security(addon: AddonModel) -> int:
    if addon.host_pid:
        rating += -2
-    # Full Access
+    # UTS host namespace allows to set hostname only with SYS_ADMIN
-    if addon.with_full_access:
+    if addon.host_uts and Capabilities.SYS_ADMIN in addon.privileged:
-        rating += -2
+        rating += -1
-    # Docker Access
+    # Docker Access & full Access
-    if addon.access_docker_api:
+    if addon.access_docker_api or addon.with_full_access:
        rating = 1
-    return max(min(6, rating), 1)
+    return max(min(8, rating), 1)
 async def remove_data(folder: Path) -> None:
--- a/supervisor/addons/validate.py
+++ b/supervisor/addons/validate.py
@@ -2,7 +2,7 @@
 import logging
 import re
 import secrets
-from typing import Any, Dict, List, Union
+from typing import Any
 import uuid
 import voluptuous as vol
@@ -18,10 +18,13 @@ from ..const import (
    ATTR_AUDIO_INPUT,
    ATTR_AUDIO_OUTPUT,
    ATTR_AUTH_API,
    ATTR_AUTO_UART,
    ATTR_AUTO_UPDATE,
    ATTR_BACKUP_EXCLUDE,
    ATTR_BACKUP_POST,
    ATTR_BACKUP_PRE,
    ATTR_BOOT,
    ATTR_BUILD_FROM,
    ATTR_CONFIGURATION,
    ATTR_DESCRIPTON,
    ATTR_DEVICES,
    ATTR_DEVICETREE,
@@ -38,14 +41,18 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
    ATTR_HOST_UTS,
    ATTR_IMAGE,
    ATTR_INGRESS,
    ATTR_INGRESS_ENTRY,
    ATTR_INGRESS_PANEL,
    ATTR_INGRESS_PORT,
    ATTR_INGRESS_STREAM,
    ATTR_INGRESS_TOKEN,
    ATTR_INIT,
    ATTR_JOURNALD,
    ATTR_KERNEL_MODULES,
    ATTR_LABELS,
    ATTR_LEGACY,
    ATTR_LOCATON,
    ATTR_MACHINE,
@@ -60,11 +67,11 @@ from ..const import (
    ATTR_PORTS_DESCRIPTION,
    ATTR_PRIVILEGED,
    ATTR_PROTECTED,
    ATTR_REALTIME,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
    ATTR_SNAPSHOT_EXCLUDE,
    ATTR_SQUASH,
    ATTR_STAGE,
    ATTR_STARTUP,
@@ -73,126 +80,267 @@ from ..const import (
    ATTR_SYSTEM,
    ATTR_TIMEOUT,
    ATTR_TMPFS,
    ATTR_TRANSLATIONS,
    ATTR_TYPE,
    ATTR_UART,
    ATTR_UDEV,
    ATTR_URL,
    ATTR_USB,
    ATTR_USER,
    ATTR_UUID,
    ATTR_VERSION,
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
    BOOT_AUTO,
    BOOT_MANUAL,
    PRIVILEGED_ALL,
    ROLE_ALL,
    ROLE_DEFAULT,
-    STATE_STARTED,
+    AddonBoot,
-    STATE_STOPPED,
+    AddonStage,
    AddonStages,
    AddonStartup,
    AddonState,
 )
 from ..coresys import CoreSys
 from ..discovery.validate import valid_discovery_service
 from ..docker.const import Capabilities
 from ..validate import (
-    DOCKER_PORTS,
+    docker_image,
-    DOCKER_PORTS_DESCRIPTION,
+    docker_ports,
    docker_ports_description,
    network_port,
    token,
    uuid_match,
    version_tag,
 )
 from .const import (
    ATTR_BACKUP,
    ATTR_CODENOTARY,
    ATTR_PATH,
    ATTR_READ_ONLY,
    RE_SLUG,
    AddonBackupMode,
    MappingType,
 )
 from .options import RE_SCHEMA_ELEMENT
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-
+RE_VOLUME = re.compile(
-RE_VOLUME = re.compile(r"^(config|ssl|addons|backup|share)(?::(rw|ro))?$")
+    r"^(data|config|ssl|addons|backup|share|media|homeassistant_config|all_addon_configs|addon_config)(?::(rw|ro))?$"
 )
 RE_SERVICE = re.compile(r"^(?P<service>mqtt|mysql):(?P<rights>provide|want|need)$")
 V_STR = "str"
 V_INT = "int"
 V_FLOAT = "float"
 V_BOOL = "bool"
 V_PASSWORD = "password"
 V_EMAIL = "email"
 V_URL = "url"
 V_PORT = "port"
 V_MATCH = "match"
 V_LIST = "list"
 RE_SCHEMA_ELEMENT = re.compile(
    r"^(?:"
    r"|bool|email|url|port"
    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
    r"|match\((?P<match>.*)\)"
    r"|list\((?P<list>.+)\)"
    r")\??$"
 )
 _SCHEMA_LENGTH_PARTS = (
    "i_min",
    "i_max",
    "f_min",
    "f_max",
    "s_min",
    "s_max",
    "p_min",
    "p_max",
 )
 RE_DOCKER_IMAGE = re.compile(r"^([a-zA-Z\-\.:\d{}]+/)*?([\-\w{}]+)/([\-\w{}]+)$")
 RE_DOCKER_IMAGE_BUILD = re.compile(
    r"^([a-zA-Z\-\.:\d{}]+/)*?([\-\w{}]+)/([\-\w{}]+)(:[\.\-\w{}]+)?$"
 )
 SCHEMA_ELEMENT = vol.Match(RE_SCHEMA_ELEMENT)
 RE_MACHINE = re.compile(
    r"^!?(?:"
    r"|intel-nuc"
    r"|generic-x86-64"
    r"|odroid-c2"
    r"|odroid-c4"
    r"|odroid-m1"
    r"|odroid-n2"
    r"|odroid-xu"
    r"|qemuarm-64"
    r"|qemuarm"
    r"|qemux86-64"
    r"|qemux86"
    r"|raspberrypi"
    r"|raspberrypi2"
    r"|raspberrypi3-64"
    r"|raspberrypi3"
    r"|raspberrypi4-64"
    r"|raspberrypi4"
    r"|raspberrypi5-64"
    r"|yellow"
    r"|green"
    r"|tinker"
    r")$"
 )
-MACHINE_ALL = [
+RE_SLUG_FIELD = re.compile(r"^" + RE_SLUG + r"$")
    "intel-nuc",
    "odroid-c2",
    "odroid-n2",
    "odroid-xu",
    "qemuarm-64",
    "qemuarm",
    "qemux86-64",
    "qemux86",
    "raspberrypi",
    "raspberrypi2",
    "raspberrypi3-64",
    "raspberrypi3",
    "raspberrypi4-64",
    "raspberrypi4",
    "tinker",
 ]
-def _simple_startup(value) -> str:
+def _warn_addon_config(config: dict[str, Any]):
-    """Define startup schema."""
+    """Warn about miss configs."""
-    if value == "before":
+    name = config.get(ATTR_NAME)
-        return AddonStartup.SERVICES.value
+    if not name:
-    if value == "after":
+        raise vol.Invalid("Invalid Add-on config!")
-        return AddonStartup.APPLICATION.value
+
-    return value
+    if config.get(ATTR_FULL_ACCESS, False) and (
        config.get(ATTR_DEVICES)
        or config.get(ATTR_UART)
        or config.get(ATTR_USB)
        or config.get(ATTR_GPIO)
    ):
        _LOGGER.warning(
            "Add-on have full device access, and selective device access in the configuration. Please report this to the maintainer of %s",
            name,
        )
    if config.get(ATTR_BACKUP, AddonBackupMode.HOT) == AddonBackupMode.COLD and (
        config.get(ATTR_BACKUP_POST) or config.get(ATTR_BACKUP_PRE)
    ):
        _LOGGER.warning(
            "Add-on which only support COLD backups trying to use post/pre commands. Please report this to the maintainer of %s",
            name,
        )
    invalid_services: list[str] = []
    for service in config.get(ATTR_DISCOVERY, []):
        try:
            valid_discovery_service(service)
        except vol.Invalid:
            invalid_services.append(service)
    if invalid_services:
        _LOGGER.warning(
            "Add-on lists the following unknown services for discovery: %s. Please report this to the maintainer of %s",
            ", ".join(invalid_services),
            name,
        )
    return config
 def _migrate_addon_config(protocol=False):
    """Migrate addon config."""
    def _migrate(config: dict[str, Any]):
        name = config.get(ATTR_NAME)
        if not name:
            raise vol.Invalid("Invalid Add-on config!")
        # Startup 2018-03-30
        if config.get(ATTR_STARTUP) in ("before", "after"):
            value = config[ATTR_STARTUP]
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'startup' with '%s' is deprecated. Please report this to the maintainer of %s",
                    value,
                    name,
                )
            if value == "before":
                config[ATTR_STARTUP] = AddonStartup.SERVICES
            elif value == "after":
                config[ATTR_STARTUP] = AddonStartup.APPLICATION
        # UART 2021-01-20
        if "auto_uart" in config:
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'auto_uart' is deprecated, use 'uart'. Please report this to the maintainer of %s",
                    name,
                )
            config[ATTR_UART] = config.pop("auto_uart")
        # Device 2021-01-20
        if ATTR_DEVICES in config and any(":" in line for line in config[ATTR_DEVICES]):
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'devices' use a deprecated format, the new format uses a list of paths only. Please report this to the maintainer of %s",
                    name,
                )
            config[ATTR_DEVICES] = [line.split(":")[0] for line in config[ATTR_DEVICES]]
        # TMPFS 2021-02-01
        if ATTR_TMPFS in config and not isinstance(config[ATTR_TMPFS], bool):
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'tmpfs' use a deprecated format, new it's only a boolean. Please report this to the maintainer of %s",
                    name,
                )
            config[ATTR_TMPFS] = True
        # 2021-06 "snapshot" renamed to "backup"
        for entry in (
            "snapshot_exclude",
            "snapshot_post",
            "snapshot_pre",
            "snapshot",
        ):
            if entry in config:
                new_entry = entry.replace("snapshot", "backup")
                config[new_entry] = config.pop(entry)
                _LOGGER.warning(
                    "Add-on config '%s' is deprecated, '%s' should be used instead. Please report this to the maintainer of %s",
                    entry,
                    new_entry,
                    name,
                )
        # 2023-11 "map" entries can also be dict to allow path configuration
        volumes = []
        for entry in config.get(ATTR_MAP, []):
            if isinstance(entry, dict):
                volumes.append(entry)
            if isinstance(entry, str):
                result = RE_VOLUME.match(entry)
                if not result:
                    continue
                volumes.append(
                    {
                        ATTR_TYPE: result.group(1),
                        ATTR_READ_ONLY: result.group(2) != "rw",
                    }
                )
        if volumes:
            config[ATTR_MAP] = volumes
        # 2023-10 "config" became "homeassistant" so /config can be used for addon's public config
        if any(volume[ATTR_TYPE] == MappingType.CONFIG for volume in volumes):
            if any(
                volume
                and volume[ATTR_TYPE]
                in {MappingType.ADDON_CONFIG, MappingType.HOMEASSISTANT_CONFIG}
                for volume in volumes
            ):
                _LOGGER.warning(
                    "Add-on config using incompatible map options, '%s' and '%s' are ignored if '%s' is included. Please report this to the maintainer of %s",
                    MappingType.ADDON_CONFIG,
                    MappingType.HOMEASSISTANT_CONFIG,
                    MappingType.CONFIG,
                    name,
                )
            else:
                _LOGGER.debug(
                    "Add-on config using deprecated map option '%s' instead of '%s'. Please report this to the maintainer of %s",
                    MappingType.CONFIG,
                    MappingType.HOMEASSISTANT_CONFIG,
                    name,
                )
        return config
    return _migrate
 # pylint: disable=no-value-for-parameter
-SCHEMA_ADDON_CONFIG = vol.Schema(
+_SCHEMA_ADDON_CONFIG = vol.Schema(
    {
-        vol.Required(ATTR_NAME): vol.Coerce(str),
+        vol.Required(ATTR_NAME): str,
-        vol.Required(ATTR_VERSION): vol.Coerce(str),
+        vol.Required(ATTR_VERSION): version_tag,
-        vol.Required(ATTR_SLUG): vol.Coerce(str),
+        vol.Required(ATTR_SLUG): vol.Match(RE_SLUG_FIELD),
-        vol.Required(ATTR_DESCRIPTON): vol.Coerce(str),
+        vol.Required(ATTR_DESCRIPTON): str,
        vol.Required(ATTR_ARCH): [vol.In(ARCH_ALL)],
-        vol.Optional(ATTR_MACHINE): [vol.In(MACHINE_ALL)],
+        vol.Optional(ATTR_MACHINE): vol.All([vol.Match(RE_MACHINE)], vol.Unique()),
        vol.Optional(ATTR_URL): vol.Url(),
-        vol.Required(ATTR_STARTUP): vol.All(_simple_startup, vol.Coerce(AddonStartup)),
+        vol.Optional(ATTR_STARTUP, default=AddonStartup.APPLICATION): vol.Coerce(
-        vol.Required(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL]),
+            AddonStartup
        ),
        vol.Optional(ATTR_BOOT, default=AddonBoot.AUTO): vol.Coerce(AddonBoot),
        vol.Optional(ATTR_INIT, default=True): vol.Boolean(),
        vol.Optional(ATTR_ADVANCED, default=False): vol.Boolean(),
-        vol.Optional(ATTR_STAGE, default=AddonStages.STABLE): vol.Coerce(AddonStages),
+        vol.Optional(ATTR_STAGE, default=AddonStage.STABLE): vol.Coerce(AddonStage),
-        vol.Optional(ATTR_PORTS): DOCKER_PORTS,
+        vol.Optional(ATTR_PORTS): docker_ports,
-        vol.Optional(ATTR_PORTS_DESCRIPTION): DOCKER_PORTS_DESCRIPTION,
+        vol.Optional(ATTR_PORTS_DESCRIPTION): docker_ports_description,
        vol.Optional(ATTR_WATCHDOG): vol.Match(
            r"^(?:https?|\[PROTO:\w+\]|tcp):\/\/\[HOST\]:(\[PORT:\d+\]|\d+).*$"
        ),
        vol.Optional(ATTR_WEBUI): vol.Match(
            r"^(?:https?|\[PROTO:\w+\]):\/\/\[HOST\]:\[PORT:\d+\].*$"
        ),
@@ -200,29 +348,41 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_INGRESS_PORT, default=8099): vol.Any(
            network_port, vol.Equal(0)
        ),
-        vol.Optional(ATTR_INGRESS_ENTRY): vol.Coerce(str),
+        vol.Optional(ATTR_INGRESS_ENTRY): str,
-        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): vol.Coerce(str),
+        vol.Optional(ATTR_INGRESS_STREAM, default=False): vol.Boolean(),
-        vol.Optional(ATTR_PANEL_TITLE): vol.Coerce(str),
+        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): str,
        vol.Optional(ATTR_PANEL_TITLE): str,
        vol.Optional(ATTR_PANEL_ADMIN, default=True): vol.Boolean(),
-        vol.Optional(ATTR_HOMEASSISTANT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_HOMEASSISTANT): version_tag,
        vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_UTS, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_DBUS, default=False): vol.Boolean(),
-        vol.Optional(ATTR_DEVICES): [vol.Match(r"^(.*):(.*):([rwm]{1,3})$")],
+        vol.Optional(ATTR_DEVICES): [str],
        vol.Optional(ATTR_AUTO_UART, default=False): vol.Boolean(),
        vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),
-        vol.Optional(ATTR_TMPFS): vol.Match(r"^size=(\d)*[kmg](,uid=\d{1,4})?(,rw)?$"),
+        vol.Optional(ATTR_TMPFS, default=False): vol.Boolean(),
-        vol.Optional(ATTR_MAP, default=list): [vol.Match(RE_VOLUME)],
+        vol.Optional(ATTR_MAP, default=list): [
-        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): vol.Coerce(str)},
+            vol.Schema(
-        vol.Optional(ATTR_PRIVILEGED): [vol.In(PRIVILEGED_ALL)],
+                {
                    vol.Required(ATTR_TYPE): vol.Coerce(MappingType),
                    vol.Optional(ATTR_READ_ONLY, default=True): bool,
                    vol.Optional(ATTR_PATH): str,
                }
            )
        ],
        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): str},
        vol.Optional(ATTR_PRIVILEGED): [vol.Coerce(Capabilities)],
        vol.Optional(ATTR_APPARMOR, default=True): vol.Boolean(),
        vol.Optional(ATTR_FULL_ACCESS, default=False): vol.Boolean(),
        vol.Optional(ATTR_AUDIO, default=False): vol.Boolean(),
        vol.Optional(ATTR_VIDEO, default=False): vol.Boolean(),
        vol.Optional(ATTR_GPIO, default=False): vol.Boolean(),
        vol.Optional(ATTR_USB, default=False): vol.Boolean(),
        vol.Optional(ATTR_UART, default=False): vol.Boolean(),
        vol.Optional(ATTR_DEVICETREE, default=False): vol.Boolean(),
        vol.Optional(ATTR_KERNEL_MODULES, default=False): vol.Boolean(),
        vol.Optional(ATTR_REALTIME, default=False): vol.Boolean(),
        vol.Optional(ATTR_HASSIO_API, default=False): vol.Boolean(),
        vol.Optional(ATTR_HASSIO_ROLE, default=ROLE_DEFAULT): vol.In(ROLE_ALL),
        vol.Optional(ATTR_HOMEASSISTANT_API, default=False): vol.Boolean(),
@@ -231,51 +391,73 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_DOCKER_API, default=False): vol.Boolean(),
        vol.Optional(ATTR_AUTH_API, default=False): vol.Boolean(),
        vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
-        vol.Optional(ATTR_DISCOVERY): [valid_discovery_service],
+        vol.Optional(ATTR_DISCOVERY): [str],
-        vol.Optional(ATTR_SNAPSHOT_EXCLUDE): [vol.Coerce(str)],
+        vol.Optional(ATTR_BACKUP_EXCLUDE): [str],
-        vol.Required(ATTR_OPTIONS): dict,
+        vol.Optional(ATTR_BACKUP_PRE): str,
-        vol.Required(ATTR_SCHEMA): vol.Any(
+        vol.Optional(ATTR_BACKUP_POST): str,
        vol.Optional(ATTR_BACKUP, default=AddonBackupMode.HOT): vol.Coerce(
            AddonBackupMode
        ),
        vol.Optional(ATTR_CODENOTARY): vol.Email(),
        vol.Optional(ATTR_OPTIONS, default={}): dict,
        vol.Optional(ATTR_SCHEMA, default={}): vol.Any(
            vol.Schema(
                {
-                    vol.Coerce(str): vol.Any(
+                    str: vol.Any(
                        SCHEMA_ELEMENT,
                        [
                            vol.Any(
                                SCHEMA_ELEMENT,
-                                {
+                                {str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])},
                                    vol.Coerce(str): vol.Any(
                                        SCHEMA_ELEMENT, [SCHEMA_ELEMENT]
                                    )
                                },
                            )
                        ],
-                        vol.Schema(
+                        vol.Schema({str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}),
                            {vol.Coerce(str): vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}
                        ),
                    )
                }
            ),
            False,
        ),
-        vol.Optional(ATTR_IMAGE): vol.Match(RE_DOCKER_IMAGE),
+        vol.Optional(ATTR_IMAGE): docker_image,
        vol.Optional(ATTR_TIMEOUT, default=10): vol.All(
            vol.Coerce(int), vol.Range(min=10, max=300)
        ),
        vol.Optional(ATTR_JOURNALD, default=False): vol.Boolean(),
    },
    extra=vol.REMOVE_EXTRA,
 )
 SCHEMA_ADDON_CONFIG = vol.All(
    _migrate_addon_config(True), _warn_addon_config, _SCHEMA_ADDON_CONFIG
 )
 # pylint: disable=no-value-for-parameter
 SCHEMA_BUILD_CONFIG = vol.Schema(
    {
-        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Schema(
+        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Any(
-            {vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}
+            vol.Match(RE_DOCKER_IMAGE_BUILD),
            vol.Schema({vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}),
        ),
        vol.Optional(ATTR_SQUASH, default=False): vol.Boolean(),
-        vol.Optional(ATTR_ARGS, default=dict): vol.Schema(
+        vol.Optional(ATTR_ARGS, default=dict): vol.Schema({str: str}),
-            {vol.Coerce(str): vol.Coerce(str)}
+        vol.Optional(ATTR_LABELS, default=dict): vol.Schema({str: str}),
-        ),
+    },
    extra=vol.REMOVE_EXTRA,
 )
 SCHEMA_TRANSLATION_CONFIGURATION = vol.Schema(
    {
        vol.Required(ATTR_NAME): str,
        vol.Optional(ATTR_DESCRIPTON): vol.Maybe(str),
    },
    extra=vol.REMOVE_EXTRA,
 )
 SCHEMA_ADDON_TRANSLATIONS = vol.Schema(
    {
        vol.Optional(ATTR_CONFIGURATION): {str: SCHEMA_TRANSLATION_CONFIGURATION},
        vol.Optional(ATTR_NETWORK): {str: str},
    },
    extra=vol.REMOVE_EXTRA,
 )
@@ -284,294 +466,53 @@ SCHEMA_BUILD_CONFIG = vol.Schema(
 # pylint: disable=no-value-for-parameter
 SCHEMA_ADDON_USER = vol.Schema(
    {
-        vol.Required(ATTR_VERSION): vol.Coerce(str),
+        vol.Required(ATTR_VERSION): version_tag,
-        vol.Optional(ATTR_IMAGE): vol.Coerce(str),
+        vol.Optional(ATTR_IMAGE): docker_image,
        vol.Optional(ATTR_UUID, default=lambda: uuid.uuid4().hex): uuid_match,
        vol.Optional(ATTR_ACCESS_TOKEN): token,
-        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): vol.Coerce(
+        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): str,
            str
        ),
        vol.Optional(ATTR_OPTIONS, default=dict): dict,
        vol.Optional(ATTR_AUTO_UPDATE, default=False): vol.Boolean(),
-        vol.Optional(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL]),
+        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
-        vol.Optional(ATTR_NETWORK): DOCKER_PORTS,
+        vol.Optional(ATTR_NETWORK): docker_ports,
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
        vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
        vol.Optional(ATTR_INGRESS_PANEL, default=False): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG, default=False): vol.Boolean(),
    },
    extra=vol.REMOVE_EXTRA,
 )
-
+SCHEMA_ADDON_SYSTEM = vol.All(
-SCHEMA_ADDON_SYSTEM = SCHEMA_ADDON_CONFIG.extend(
+    _migrate_addon_config(),
-    {
+    _SCHEMA_ADDON_CONFIG.extend(
-        vol.Required(ATTR_LOCATON): vol.Coerce(str),
+        {
-        vol.Required(ATTR_REPOSITORY): vol.Coerce(str),
+            vol.Required(ATTR_LOCATON): str,
-    }
+            vol.Required(ATTR_REPOSITORY): str,
            vol.Required(ATTR_TRANSLATIONS, default=dict): {
                str: SCHEMA_ADDON_TRANSLATIONS
            },
        }
    ),
 )
 SCHEMA_ADDONS_FILE = vol.Schema(
    {
-        vol.Optional(ATTR_USER, default=dict): {vol.Coerce(str): SCHEMA_ADDON_USER},
+        vol.Optional(ATTR_USER, default=dict): {str: SCHEMA_ADDON_USER},
-        vol.Optional(ATTR_SYSTEM, default=dict): {vol.Coerce(str): SCHEMA_ADDON_SYSTEM},
+        vol.Optional(ATTR_SYSTEM, default=dict): {str: SCHEMA_ADDON_SYSTEM},
    }
 )
 SCHEMA_ADDON_SNAPSHOT = vol.Schema(
    {
        vol.Required(ATTR_USER): SCHEMA_ADDON_USER,
        vol.Required(ATTR_SYSTEM): SCHEMA_ADDON_SYSTEM,
        vol.Required(ATTR_STATE): vol.In([STATE_STARTED, STATE_STOPPED]),
        vol.Required(ATTR_VERSION): vol.Coerce(str),
    },
    extra=vol.REMOVE_EXTRA,
 )
-def validate_options(coresys: CoreSys, raw_schema: Dict[str, Any]):
+SCHEMA_ADDON_BACKUP = vol.Schema(
-    """Validate schema."""
+    {
-
+        vol.Required(ATTR_USER): SCHEMA_ADDON_USER,
-    def validate(struct):
+        vol.Required(ATTR_SYSTEM): SCHEMA_ADDON_SYSTEM,
-        """Create schema validator for add-ons options."""
+        vol.Required(ATTR_STATE): vol.Coerce(AddonState),
-        options = {}
+        vol.Required(ATTR_VERSION): version_tag,
-
+    },
-        # read options
+    extra=vol.REMOVE_EXTRA,
-        for key, value in struct.items():
+)
            # Ignore unknown options / remove from list
            if key not in raw_schema:
                _LOGGER.warning("Unknown options %s", key)
                continue
            typ = raw_schema[key]
            try:
                if isinstance(typ, list):
                    # nested value list
                    options[key] = _nested_validate_list(coresys, typ[0], value, key)
                elif isinstance(typ, dict):
                    # nested value dict
                    options[key] = _nested_validate_dict(coresys, typ, value, key)
                else:
                    # normal value
                    options[key] = _single_validate(coresys, typ, value, key)
            except (IndexError, KeyError):
                raise vol.Invalid(f"Type error for {key}") from None
        _check_missing_options(raw_schema, options, "root")
        return options
    return validate
 # pylint: disable=no-value-for-parameter
 # pylint: disable=inconsistent-return-statements
 def _single_validate(coresys: CoreSys, typ: str, value: Any, key: str):
    """Validate a single element."""
    # if required argument
    if value is None:
        raise vol.Invalid(f"Missing required option '{key}'")
    # Lookup secret
    if str(value).startswith("!secret "):
        secret: str = value.partition(" ")[2]
        value = coresys.secrets.get(secret)
        if value is None:
            raise vol.Invalid(f"Unknown secret {secret}")
    # parse extend data from type
    match = RE_SCHEMA_ELEMENT.match(typ)
    if not match:
        raise vol.Invalid(f"Unknown type {typ}")
    # prepare range
    range_args = {}
    for group_name in _SCHEMA_LENGTH_PARTS:
        group_value = match.group(group_name)
        if group_value:
            range_args[group_name[2:]] = float(group_value)
    if typ.startswith(V_STR) or typ.startswith(V_PASSWORD):
        return vol.All(str(value), vol.Range(**range_args))(value)
    elif typ.startswith(V_INT):
        return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
    elif typ.startswith(V_FLOAT):
        return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
    elif typ.startswith(V_BOOL):
        return vol.Boolean()(value)
    elif typ.startswith(V_EMAIL):
        return vol.Email()(value)
    elif typ.startswith(V_URL):
        return vol.Url()(value)
    elif typ.startswith(V_PORT):
        return network_port(value)
    elif typ.startswith(V_MATCH):
        return vol.Match(match.group("match"))(str(value))
    elif typ.startswith(V_LIST):
        return vol.In(match.group("list").split("|"))(str(value))
    raise vol.Invalid(f"Fatal error for {key} type {typ}")
 def _nested_validate_list(coresys, typ, data_list, key):
    """Validate nested items."""
    options = []
    for element in data_list:
        # Nested?
        if isinstance(typ, dict):
            c_options = _nested_validate_dict(coresys, typ, element, key)
            options.append(c_options)
        else:
            options.append(_single_validate(coresys, typ, element, key))
    return options
 def _nested_validate_dict(coresys, typ, data_dict, key):
    """Validate nested items."""
    options = {}
    for c_key, c_value in data_dict.items():
        # Ignore unknown options / remove from list
        if c_key not in typ:
            _LOGGER.warning("Unknown options %s", c_key)
            continue
        # Nested?
        if isinstance(typ[c_key], list):
            options[c_key] = _nested_validate_list(
                coresys, typ[c_key][0], c_value, c_key
            )
        else:
            options[c_key] = _single_validate(coresys, typ[c_key], c_value, c_key)
    _check_missing_options(typ, options, key)
    return options
 def _check_missing_options(origin, exists, root):
    """Check if all options are exists."""
    missing = set(origin) - set(exists)
    for miss_opt in missing:
        if isinstance(origin[miss_opt], str) and origin[miss_opt].endswith("?"):
            continue
        raise vol.Invalid(f"Missing option {miss_opt} in {root}")
 def schema_ui_options(raw_schema: Dict[str, Any]) -> List[Dict[str, Any]]:
    """Generate UI schema."""
    ui_schema: List[Dict[str, Any]] = []
    # read options
    for key, value in raw_schema.items():
        if isinstance(value, list):
            # nested value list
            _nested_ui_list(ui_schema, value, key)
        elif isinstance(value, dict):
            # nested value dict
            _nested_ui_dict(ui_schema, value, key)
        else:
            # normal value
            _single_ui_option(ui_schema, value, key)
    return ui_schema
 def _single_ui_option(
    ui_schema: List[Dict[str, Any]], value: str, key: str, multiple: bool = False
 ) -> None:
    """Validate a single element."""
    ui_node: Dict[str, Union[str, bool, float, List[str]]] = {"name": key}
    # If multiple
    if multiple:
        ui_node["multiple"] = True
    # Parse extend data from type
    match = RE_SCHEMA_ELEMENT.match(value)
    if not match:
        return
    # Prepare range
    for group_name in _SCHEMA_LENGTH_PARTS:
        group_value = match.group(group_name)
        if not group_value:
            continue
        if group_name[2:] == "min":
            ui_node["lengthMin"] = float(group_value)
        elif group_name[2:] == "max":
            ui_node["lengthMax"] = float(group_value)
    # If required
    if value.endswith("?"):
        ui_node["optional"] = True
    else:
        ui_node["required"] = True
    # Data types
    if value.startswith(V_STR):
        ui_node["type"] = "string"
    elif value.startswith(V_PASSWORD):
        ui_node["type"] = "string"
        ui_node["format"] = "password"
    elif value.startswith(V_INT):
        ui_node["type"] = "integer"
    elif value.startswith(V_FLOAT):
        ui_node["type"] = "float"
    elif value.startswith(V_BOOL):
        ui_node["type"] = "boolean"
    elif value.startswith(V_EMAIL):
        ui_node["type"] = "string"
        ui_node["format"] = "email"
    elif value.startswith(V_URL):
        ui_node["type"] = "string"
        ui_node["format"] = "url"
    elif value.startswith(V_PORT):
        ui_node["type"] = "integer"
    elif value.startswith(V_MATCH):
        ui_node["type"] = "string"
    elif value.startswith(V_LIST):
        ui_node["type"] = "select"
        ui_node["options"] = match.group("list").split("|")
    ui_schema.append(ui_node)
 def _nested_ui_list(
    ui_schema: List[Dict[str, Any]], option_list: List[Any], key: str
 ) -> None:
    """UI nested list items."""
    try:
        element = option_list[0]
    except IndexError:
        _LOGGER.error("Invalid schema %s", key)
        return
    if isinstance(element, dict):
        _nested_ui_dict(ui_schema, element, key, multiple=True)
    else:
        _single_ui_option(ui_schema, element, key, multiple=True)
 def _nested_ui_dict(
    ui_schema: List[Dict[str, Any]],
    option_dict: Dict[str, Any],
    key: str,
    multiple: bool = False,
 ) -> None:
    """UI nested dict items."""
    ui_node = {"name": key, "type": "schema", "optional": True, "multiple": multiple}
    nested_schema = []
    for c_key, c_value in option_dict.items():
        # Nested?
        if isinstance(c_value, list):
            _nested_ui_list(nested_schema, c_value, c_key)
        else:
            _single_ui_option(nested_schema, c_value, c_key)
    ui_node["schema"] = nested_schema
    ui_schema.append(ui_node)
--- a/supervisor/api/init.py
+++ b/supervisor/api/init.py
@@ -1,34 +1,48 @@
 """Init file for Supervisor RESTful API."""
 from functools import partial
 import logging
 from pathlib import Path
-from typing import Optional
+from typing import Any
 from aiohttp import web
 from aiohttp_fast_url_dispatcher import FastUrlDispatcher, attach_fast_url_dispatcher
 from ..const import AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import APIAddonNotInstalled
 from .addons import APIAddons
 from .audio import APIAudio
 from .auth import APIAuth
 from .backups import APIBackups
 from .cli import APICli
 from .discovery import APIDiscovery
 from .dns import APICoreDNS
 from .docker import APIDocker
 from .hardware import APIHardware
 from .homeassistant import APIHomeAssistant
 from .host import APIHost
 from .info import APIInfo
 from .ingress import APIIngress
 from .jobs import APIJobs
 from .middleware.security import SecurityMiddleware
 from .mounts import APIMounts
 from .multicast import APIMulticast
 from .network import APINetwork
 from .observer import APIObserver
 from .os import APIOS
 from .proxy import APIProxy
-from .security import SecurityMiddleware
+from .resolution import APIResoulution
 from .root import APIRoot
 from .security import APISecurity
 from .services import APIServices
-from .snapshots import APISnapshots
+from .store import APIStore
 from .supervisor import APISupervisor
 from .utils import api_process
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-MAX_CLIENT_SIZE: int = 1024 ** 2 * 16
+MAX_CLIENT_SIZE: int = 1024**2 * 16
 MAX_LINE_SIZE: int = 24570
 class RestAPI(CoreSysAttributes):
@@ -40,33 +54,53 @@ class RestAPI(CoreSysAttributes):
        self.security: SecurityMiddleware = SecurityMiddleware(coresys)
        self.webapp: web.Application = web.Application(
            client_max_size=MAX_CLIENT_SIZE,
-            middlewares=[self.security.token_validation],
+            middlewares=[
                self.security.block_bad_requests,
                self.security.system_validation,
                self.security.token_validation,
                self.security.core_proxy,
            ],
            handler_args={
                "max_line_size": MAX_LINE_SIZE,
                "max_field_size": MAX_LINE_SIZE,
            },
        )
        attach_fast_url_dispatcher(self.webapp, FastUrlDispatcher())
        # service stuff
-        self._runner: web.AppRunner = web.AppRunner(self.webapp)
+        self._runner: web.AppRunner = web.AppRunner(self.webapp, shutdown_timeout=5)
-        self._site: Optional[web.TCPSite] = None
+        self._site: web.TCPSite | None = None
    async def load(self) -> None:
        """Register REST API Calls."""
-        self._register_supervisor()
+        self._register_addons()
-        self._register_host()
+        self._register_audio()
-        self._register_os()
+        self._register_auth()
        self._register_backups()
        self._register_cli()
-        self._register_multicast()
+        self._register_discovery()
        self._register_dns()
        self._register_docker()
        self._register_hardware()
        self._register_homeassistant()
-        self._register_proxy()
+        self._register_host()
-        self._register_panel()
+        self._register_jobs()
        self._register_addons()
        self._register_ingress()
-        self._register_snapshots()
+        self._register_mounts()
-        self._register_discovery()
+        self._register_multicast()
        self._register_network()
        self._register_observer()
        self._register_os()
        self._register_panel()
        self._register_proxy()
        self._register_resolution()
        self._register_root()
        self._register_security()
        self._register_services()
-        self._register_info()
+        self._register_store()
-        self._register_auth()
+        self._register_supervisor()
-        self._register_dns()
+
-        self._register_audio()
+        await self.start()
    def _register_host(self) -> None:
        """Register hostcontrol functions."""
@@ -76,16 +110,63 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/host/info", api_host.info),
-                web.get("/host/logs", api_host.logs),
+                web.get("/host/logs", api_host.advanced_logs),
                web.get(
                    "/host/logs/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.get("/host/logs/identifiers", api_host.list_identifiers),
                web.get("/host/logs/identifiers/{identifier}", api_host.advanced_logs),
                web.get(
                    "/host/logs/identifiers/{identifier}/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.get("/host/logs/boots", api_host.list_boots),
                web.get("/host/logs/boots/{bootid}", api_host.advanced_logs),
                web.get(
                    "/host/logs/boots/{bootid}/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.get(
                    "/host/logs/boots/{bootid}/identifiers/{identifier}",
                    api_host.advanced_logs,
                ),
                web.get(
                    "/host/logs/boots/{bootid}/identifiers/{identifier}/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.post("/host/reboot", api_host.reboot),
                web.post("/host/shutdown", api_host.shutdown),
                web.post("/host/reload", api_host.reload),
                web.post("/host/options", api_host.options),
                web.get("/host/services", api_host.services),
-                web.post("/host/services/{service}/stop", api_host.service_stop),
+            ]
-                web.post("/host/services/{service}/start", api_host.service_start),
+        )
-                web.post("/host/services/{service}/restart", api_host.service_restart),
+
-                web.post("/host/services/{service}/reload", api_host.service_reload),
+    def _register_network(self) -> None:
        """Register network functions."""
        api_network = APINetwork()
        api_network.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/network/info", api_network.info),
                web.post("/network/reload", api_network.reload),
                web.get(
                    "/network/interface/{interface}/info", api_network.interface_info
                ),
                web.post(
                    "/network/interface/{interface}/update",
                    api_network.interface_update,
                ),
                web.get(
                    "/network/interface/{interface}/accesspoints",
                    api_network.scan_accesspoints,
                ),
                web.post(
                    "/network/interface/{interface}/vlan/{vlan}",
                    api_network.create_vlan,
                ),
            ]
        )
@@ -99,6 +180,45 @@ class RestAPI(CoreSysAttributes):
                web.get("/os/info", api_os.info),
                web.post("/os/update", api_os.update),
                web.post("/os/config/sync", api_os.config_sync),
                web.post("/os/datadisk/move", api_os.migrate_data),
                web.get("/os/datadisk/list", api_os.list_data),
            ]
        )
        # Boards endpoints
        self.webapp.add_routes(
            [
                web.get("/os/boards/green", api_os.boards_green_info),
                web.post("/os/boards/green", api_os.boards_green_options),
                web.get("/os/boards/yellow", api_os.boards_yellow_info),
                web.post("/os/boards/yellow", api_os.boards_yellow_options),
                web.get("/os/boards/{board}", api_os.boards_other_info),
            ]
        )
    def _register_security(self) -> None:
        """Register Security functions."""
        api_security = APISecurity()
        api_security.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/security/info", api_security.info),
                web.post("/security/options", api_security.options),
                web.post("/security/integrity", api_security.integrity_check),
            ]
        )
    def _register_jobs(self) -> None:
        """Register Jobs functions."""
        api_jobs = APIJobs()
        api_jobs.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/jobs/info", api_jobs.info),
                web.post("/jobs/options", api_jobs.options),
                web.post("/jobs/reset", api_jobs.reset),
            ]
        )
@@ -115,6 +235,19 @@ class RestAPI(CoreSysAttributes):
            ]
        )
    def _register_observer(self) -> None:
        """Register Observer functions."""
        api_observer = APIObserver()
        api_observer.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/observer/info", api_observer.info),
                web.get("/observer/stats", api_observer.stats),
                web.post("/observer/update", api_observer.update),
            ]
        )
    def _register_multicast(self) -> None:
        """Register Multicast functions."""
        api_multicast = APIMulticast()
@@ -139,16 +272,56 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/hardware/info", api_hardware.info),
                web.get("/hardware/audio", api_hardware.audio),
                web.post("/hardware/trigger", api_hardware.trigger),
            ]
        )
-    def _register_info(self) -> None:
+    def _register_root(self) -> None:
-        """Register info functions."""
+        """Register root functions."""
-        api_info = APIInfo()
+        api_root = APIRoot()
-        api_info.coresys = self.coresys
+        api_root.coresys = self.coresys
-        self.webapp.add_routes([web.get("/info", api_info.info)])
+        self.webapp.add_routes([web.get("/info", api_root.info)])
        self.webapp.add_routes([web.post("/refresh_updates", api_root.refresh_updates)])
        self.webapp.add_routes(
            [web.get("/available_updates", api_root.available_updates)]
        )
        # Remove: 2023
        self.webapp.add_routes(
            [web.get("/supervisor/available_updates", api_root.available_updates)]
        )
    def _register_resolution(self) -> None:
        """Register info functions."""
        api_resolution = APIResoulution()
        api_resolution.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/resolution/info", api_resolution.info),
                web.post(
                    "/resolution/check/{check}/options", api_resolution.options_check
                ),
                web.post("/resolution/check/{check}/run", api_resolution.run_check),
                web.post(
                    "/resolution/suggestion/{suggestion}",
                    api_resolution.apply_suggestion,
                ),
                web.delete(
                    "/resolution/suggestion/{suggestion}",
                    api_resolution.dismiss_suggestion,
                ),
                web.delete(
                    "/resolution/issue/{issue}",
                    api_resolution.dismiss_issue,
                ),
                web.get(
                    "/resolution/issue/{issue}/suggestions",
                    api_resolution.suggestions_for_issue,
                ),
                web.post("/resolution/healthcheck", api_resolution.healthcheck),
            ]
        )
    def _register_auth(self) -> None:
        """Register auth functions."""
@@ -156,7 +329,12 @@ class RestAPI(CoreSysAttributes):
        api_auth.coresys = self.coresys
        self.webapp.add_routes(
-            [web.post("/auth", api_auth.auth), web.post("/auth/reset", api_auth.reset)]
+            [
                web.get("/auth", api_auth.auth),
                web.post("/auth", api_auth.auth),
                web.post("/auth/reset", api_auth.reset),
                web.delete("/auth/cache", api_auth.cache),
            ]
        )
    def _register_supervisor(self) -> None:
@@ -172,6 +350,7 @@ class RestAPI(CoreSysAttributes):
                web.get("/supervisor/logs", api_supervisor.logs),
                web.post("/supervisor/update", api_supervisor.update),
                web.post("/supervisor/reload", api_supervisor.reload),
                web.post("/supervisor/restart", api_supervisor.restart),
                web.post("/supervisor/options", api_supervisor.options),
                web.post("/supervisor/repair", api_supervisor.repair),
            ]
@@ -194,17 +373,22 @@ class RestAPI(CoreSysAttributes):
                web.post("/core/start", api_hass.start),
                web.post("/core/check", api_hass.check),
                web.post("/core/rebuild", api_hass.rebuild),
-                # Remove with old Supervisor fallback
+            ]
        )
        # Reroute from legacy
        self.webapp.add_routes(
            [
                web.get("/homeassistant/info", api_hass.info),
                web.get("/homeassistant/logs", api_hass.logs),
                web.get("/homeassistant/stats", api_hass.stats),
                web.post("/homeassistant/options", api_hass.options),
                web.post("/homeassistant/update", api_hass.update),
                web.post("/homeassistant/restart", api_hass.restart),
                web.post("/homeassistant/stop", api_hass.stop),
                web.post("/homeassistant/start", api_hass.start),
-                web.post("/homeassistant/check", api_hass.check),
+                web.post("/homeassistant/update", api_hass.update),
                web.post("/homeassistant/rebuild", api_hass.rebuild),
                web.post("/homeassistant/check", api_hass.check),
            ]
        )
@@ -221,7 +405,12 @@ class RestAPI(CoreSysAttributes):
                web.post("/core/api/{path:.+}", api_proxy.api),
                web.get("/core/api/{path:.+}", api_proxy.api),
                web.get("/core/api/", api_proxy.api),
-                # Remove with old Supervisor fallback
+            ]
        )
        # Reroute from legacy
        self.webapp.add_routes(
            [
                web.get("/homeassistant/api/websocket", api_proxy.websocket),
                web.get("/homeassistant/websocket", api_proxy.websocket),
                web.get("/homeassistant/api/stream", api_proxy.stream),
@@ -239,27 +428,42 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/addons", api_addons.list),
                web.post("/addons/reload", api_addons.reload),
                web.get("/addons/{addon}/info", api_addons.info),
                web.post("/addons/{addon}/install", api_addons.install),
                web.post("/addons/{addon}/uninstall", api_addons.uninstall),
                web.post("/addons/{addon}/start", api_addons.start),
                web.post("/addons/{addon}/stop", api_addons.stop),
                web.post("/addons/{addon}/restart", api_addons.restart),
                web.post("/addons/{addon}/update", api_addons.update),
                web.post("/addons/{addon}/options", api_addons.options),
                web.post(
                    "/addons/{addon}/options/validate", api_addons.options_validate
                ),
                web.get("/addons/{addon}/options/config", api_addons.options_config),
                web.post("/addons/{addon}/rebuild", api_addons.rebuild),
                web.get("/addons/{addon}/logs", api_addons.logs),
                web.get("/addons/{addon}/icon", api_addons.icon),
                web.get("/addons/{addon}/logo", api_addons.logo),
                web.get("/addons/{addon}/changelog", api_addons.changelog),
                web.get("/addons/{addon}/documentation", api_addons.documentation),
                web.post("/addons/{addon}/stdin", api_addons.stdin),
                web.post("/addons/{addon}/security", api_addons.security),
                web.get("/addons/{addon}/stats", api_addons.stats),
            ]
        )
        # Legacy routing to support requests for not installed addons
        api_store = APIStore()
        api_store.coresys = self.coresys
        @api_process
        async def addons_addon_info(request: web.Request) -> dict[str, Any]:
            """Route to store if info requested for not installed addon."""
            try:
                return await api_addons.info(request)
            except APIAddonNotInstalled:
                # Route to store/{addon}/info but add missing fields
                return dict(
                    await api_store.addons_addon_info_wrapped(request),
                    state=AddonState.UNKNOWN,
                    options=self.sys_addons.store[request.match_info["addon"]].options,
                )
        self.webapp.add_routes([web.get("/addons/{addon}/info", addons_addon_info)])
    def _register_ingress(self) -> None:
        """Register Ingress functions."""
        api_ingress = APIIngress()
@@ -268,33 +472,36 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.post("/ingress/session", api_ingress.create_session),
                web.post("/ingress/validate_session", api_ingress.validate_session),
                web.get("/ingress/panels", api_ingress.panels),
                web.view("/ingress/{token}/{path:.*}", api_ingress.handler),
            ]
        )
-    def _register_snapshots(self) -> None:
+    def _register_backups(self) -> None:
-        """Register snapshots functions."""
+        """Register backups functions."""
-        api_snapshots = APISnapshots()
+        api_backups = APIBackups()
-        api_snapshots.coresys = self.coresys
+        api_backups.coresys = self.coresys
        self.webapp.add_routes(
            [
-                web.get("/snapshots", api_snapshots.list),
+                web.get("/backups", api_backups.list),
-                web.post("/snapshots/reload", api_snapshots.reload),
+                web.get("/backups/info", api_backups.info),
-                web.post("/snapshots/new/full", api_snapshots.snapshot_full),
+                web.post("/backups/options", api_backups.options),
-                web.post("/snapshots/new/partial", api_snapshots.snapshot_partial),
+                web.post("/backups/reload", api_backups.reload),
-                web.post("/snapshots/new/upload", api_snapshots.upload),
+                web.post("/backups/freeze", api_backups.freeze),
-                web.get("/snapshots/{snapshot}/info", api_snapshots.info),
+                web.post("/backups/thaw", api_backups.thaw),
-                web.post("/snapshots/{snapshot}/remove", api_snapshots.remove),
+                web.post("/backups/new/full", api_backups.backup_full),
                web.post("/backups/new/partial", api_backups.backup_partial),
                web.post("/backups/new/upload", api_backups.upload),
                web.get("/backups/{slug}/info", api_backups.backup_info),
                web.delete("/backups/{slug}", api_backups.remove),
                web.post("/backups/{slug}/restore/full", api_backups.restore_full),
                web.post(
-                    "/snapshots/{snapshot}/restore/full", api_snapshots.restore_full
+                    "/backups/{slug}/restore/partial",
                    api_backups.restore_partial,
                ),
-                web.post(
+                web.get("/backups/{slug}/download", api_backups.download),
                    "/snapshots/{snapshot}/restore/partial",
                    api_snapshots.restore_partial,
                ),
                web.get("/snapshots/{snapshot}/download", api_snapshots.download),
            ]
        )
@@ -347,6 +554,8 @@ class RestAPI(CoreSysAttributes):
        """Register Audio functions."""
        api_audio = APIAudio()
        api_audio.coresys = self.coresys
        api_host = APIHost()
        api_host.coresys = self.coresys
        self.webapp.add_routes(
            [
@@ -365,24 +574,113 @@ class RestAPI(CoreSysAttributes):
            ]
        )
    def _register_mounts(self) -> None:
        """Register mounts endpoints."""
        api_mounts = APIMounts()
        api_mounts.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/mounts", api_mounts.info),
                web.post("/mounts/options", api_mounts.options),
                web.post("/mounts", api_mounts.create_mount),
                web.put("/mounts/{mount}", api_mounts.update_mount),
                web.delete("/mounts/{mount}", api_mounts.delete_mount),
                web.post("/mounts/{mount}/reload", api_mounts.reload_mount),
            ]
        )
    def _register_store(self) -> None:
        """Register store endpoints."""
        api_store = APIStore()
        api_store.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/store", api_store.store_info),
                web.get("/store/addons", api_store.addons_list),
                web.get("/store/addons/{addon}", api_store.addons_addon_info),
                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
                web.get("/store/addons/{addon}/icon", api_store.addons_addon_icon),
                web.get("/store/addons/{addon}/logo", api_store.addons_addon_logo),
                web.get(
                    "/store/addons/{addon}/changelog", api_store.addons_addon_changelog
                ),
                web.get(
                    "/store/addons/{addon}/documentation",
                    api_store.addons_addon_documentation,
                ),
                web.post(
                    "/store/addons/{addon}/install", api_store.addons_addon_install
                ),
                web.post(
                    "/store/addons/{addon}/install/{version}",
                    api_store.addons_addon_install,
                ),
                web.post("/store/addons/{addon}/update", api_store.addons_addon_update),
                web.post(
                    "/store/addons/{addon}/update/{version}",
                    api_store.addons_addon_update,
                ),
                web.post("/store/reload", api_store.reload),
                web.get("/store/repositories", api_store.repositories_list),
                web.get(
                    "/store/repositories/{repository}",
                    api_store.repositories_repository_info,
                ),
                web.post("/store/repositories", api_store.add_repository),
                web.delete(
                    "/store/repositories/{repository}", api_store.remove_repository
                ),
            ]
        )
        # Reroute from legacy
        self.webapp.add_routes(
            [
                web.post("/addons/reload", api_store.reload),
                web.post("/addons/{addon}/install", api_store.addons_addon_install),
                web.post("/addons/{addon}/update", api_store.addons_addon_update),
                web.get("/addons/{addon}/icon", api_store.addons_addon_icon),
                web.get("/addons/{addon}/logo", api_store.addons_addon_logo),
                web.get("/addons/{addon}/changelog", api_store.addons_addon_changelog),
                web.get(
                    "/addons/{addon}/documentation",
                    api_store.addons_addon_documentation,
                ),
            ]
        )
    def _register_panel(self) -> None:
        """Register panel for Home Assistant."""
        panel_dir = Path(__file__).parent.joinpath("panel")
        self.webapp.add_routes([web.static("/app", panel_dir)])
    def _register_docker(self) -> None:
        """Register docker configuration functions."""
        api_docker = APIDocker()
        api_docker.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/docker/info", api_docker.info),
                web.get("/docker/registries", api_docker.registries),
                web.post("/docker/registries", api_docker.create_registry),
                web.delete("/docker/registries/{hostname}", api_docker.remove_registry),
            ]
        )
    async def start(self) -> None:
        """Run RESTful API webserver."""
        await self._runner.setup()
-        self._site = web.TCPSite(
+        self._site = web.TCPSite(self._runner, host="0.0.0.0", port=80)
            self._runner, host="0.0.0.0", port=80, shutdown_timeout=5
        )
        try:
            await self._site.start()
        except OSError as err:
            _LOGGER.critical("Failed to create HTTP server at 0.0.0.0:80 -> %s", err)
        else:
-            _LOGGER.info("Start API on %s", self.sys_docker.network.supervisor)
+            _LOGGER.info("Starting API on %s", self.sys_docker.network.supervisor)
    async def stop(self) -> None:
        """Stop RESTful API webserver."""
@@ -393,4 +691,4 @@ class RestAPI(CoreSysAttributes):
        await self._site.stop()
        await self._runner.cleanup()
-        _LOGGER.info("Stop API on %s", self.sys_docker.network.supervisor)
+        _LOGGER.info("Stopping API on %s", self.sys_docker.network.supervisor)
--- a/supervisor/api/addons.py
+++ b/supervisor/api/addons.py
@@ -1,13 +1,15 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict, List
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 from ..addons import AnyAddon
 from ..addons.addon import Addon
 from ..addons.manager import AnyAddon
 from ..addons.utils import rating_security
 from ..const import (
    ATTR_ADDONS,
@@ -44,6 +46,7 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
    ATTR_HOST_UTS,
    ATTR_HOSTNAME,
    ATTR_ICON,
    ATTR_INGRESS,
@@ -51,16 +54,15 @@ from ..const import (
    ATTR_INGRESS_PANEL,
    ATTR_INGRESS_PORT,
    ATTR_INGRESS_URL,
    ATTR_INSTALLED,
    ATTR_IP_ADDRESS,
    ATTR_KERNEL_MODULES,
    ATTR_LOGO,
    ATTR_LONG_DESCRIPTION,
    ATTR_MACHINE,
    ATTR_MAINTAINER,
    ATTR_MEMORY_LIMIT,
    ATTR_MEMORY_PERCENT,
    ATTR_MEMORY_USAGE,
    ATTR_MESSAGE,
    ATTR_NAME,
    ATTR_NETWORK,
    ATTR_NETWORK_DESCRIPTION,
@@ -69,49 +71,58 @@ from ..const import (
    ATTR_OPTIONS,
    ATTR_PRIVILEGED,
    ATTR_PROTECTED,
    ATTR_PWNED,
    ATTR_RATING,
    ATTR_REPOSITORIES,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
    ATTR_SOURCE,
    ATTR_STAGE,
    ATTR_STARTUP,
    ATTR_STATE,
    ATTR_STDIN,
    ATTR_TRANSLATIONS,
    ATTR_UART,
    ATTR_UDEV,
    ATTR_UPDATE_AVAILABLE,
    ATTR_URL,
    ATTR_USB,
    ATTR_VALID,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
    BOOT_AUTO,
    BOOT_MANUAL,
    CONTENT_TYPE_BINARY,
    CONTENT_TYPE_PNG,
    CONTENT_TYPE_TEXT,
    REQUEST_FROM,
-    STATE_NONE,
+    AddonBoot,
 )
 from ..coresys import CoreSysAttributes
 from ..docker.stats import DockerStats
-from ..exceptions import APIError
+from ..exceptions import (
-from ..validate import DOCKER_PORTS
+    APIAddonNotInstalled,
-from .utils import api_process, api_process_raw, api_validate
+    APIError,
    APIForbidden,
    PwnedError,
    PwnedSecret,
 )
 from ..validate import docker_ports
 from .const import ATTR_SIGNED, CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate, json_loads
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): str})
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema(
    {
-        vol.Optional(ATTR_BOOT): vol.In([BOOT_AUTO, BOOT_MANUAL]),
+        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
-        vol.Optional(ATTR_NETWORK): vol.Maybe(DOCKER_PORTS),
+        vol.Optional(ATTR_NETWORK): vol.Maybe(docker_ports),
        vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
        vol.Optional(ATTR_INGRESS_PANEL): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
    }
 )
@@ -122,7 +133,7 @@ SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
 class APIAddons(CoreSysAttributes):
    """Handle RESTful API for add-on functions."""
-    def _extract_addon(self, request: web.Request) -> AnyAddon:
+    def _extract_addon(self, request: web.Request) -> Addon:
        """Return addon, throw an exception it it doesn't exist."""
        addon_slug: str = request.match_info.get("addon")
@@ -136,17 +147,13 @@ class APIAddons(CoreSysAttributes):
        addon = self.sys_addons.get(addon_slug)
        if not addon:
            raise APIError(f"Addon {addon_slug} does not exist")
        return addon
    def _extract_addon_installed(self, request: web.Request) -> Addon:
        addon = self._extract_addon(request)
        if not isinstance(addon, Addon) or not addon.is_installed:
-            raise APIError("Addon is not installed")
+            raise APIAddonNotInstalled("Addon is not installed")
        return addon
    @api_process
-    async def list(self, request: web.Request) -> Dict[str, Any]:
+    async def list(self, request: web.Request) -> dict[str, Any]:
        """Return all add-ons or repositories."""
        data_addons = [
            {
@@ -155,38 +162,30 @@ class APIAddons(CoreSysAttributes):
                ATTR_DESCRIPTON: addon.description,
                ATTR_ADVANCED: addon.advanced,
                ATTR_STAGE: addon.stage,
-                ATTR_VERSION: addon.latest_version,
+                ATTR_VERSION: addon.version,
-                ATTR_INSTALLED: addon.version if addon.is_installed else None,
+                ATTR_VERSION_LATEST: addon.latest_version,
                ATTR_UPDATE_AVAILABLE: addon.need_update,
                ATTR_AVAILABLE: addon.available,
                ATTR_DETACHED: addon.is_detached,
                ATTR_HOMEASSISTANT: addon.homeassistant_version,
                ATTR_STATE: addon.state,
                ATTR_REPOSITORY: addon.repository,
                ATTR_BUILD: addon.need_build,
                ATTR_URL: addon.url,
                ATTR_ICON: addon.with_icon,
                ATTR_LOGO: addon.with_logo,
            }
-            for addon in self.sys_addons.all
+            for addon in self.sys_addons.installed
        ]
-        data_repositories = [
+        return {ATTR_ADDONS: data_addons}
            {
                ATTR_SLUG: repository.slug,
                ATTR_NAME: repository.name,
                ATTR_SOURCE: repository.source,
                ATTR_URL: repository.url,
                ATTR_MAINTAINER: repository.maintainer,
            }
            for repository in self.sys_store.all
        ]
        return {ATTR_ADDONS: data_addons, ATTR_REPOSITORIES: data_repositories}
    @api_process
    async def reload(self, request: web.Request) -> None:
        """Reload all add-on data from store."""
        await asyncio.shield(self.sys_store.reload())
-    @api_process
+    async def info(self, request: web.Request) -> dict[str, Any]:
    async def info(self, request: web.Request) -> Dict[str, Any]:
        """Return add-on information."""
        addon: AnyAddon = self._extract_addon(request)
@@ -199,9 +198,7 @@ class APIAddons(CoreSysAttributes):
            ATTR_LONG_DESCRIPTION: addon.long_description,
            ATTR_ADVANCED: addon.advanced,
            ATTR_STAGE: addon.stage,
            ATTR_AUTO_UPDATE: None,
            ATTR_REPOSITORY: addon.repository,
            ATTR_VERSION: None,
            ATTR_VERSION_LATEST: addon.latest_version,
            ATTR_PROTECTED: addon.protected,
            ATTR_RATING: rating_security(addon),
@@ -212,7 +209,6 @@ class APIAddons(CoreSysAttributes):
            ATTR_MACHINE: addon.supported_machine,
            ATTR_HOMEASSISTANT: addon.homeassistant_version,
            ATTR_URL: addon.url,
            ATTR_STATE: STATE_NONE,
            ATTR_DETACHED: addon.is_detached,
            ATTR_AVAILABLE: addon.available,
            ATTR_BUILD: addon.need_build,
@@ -221,70 +217,65 @@ class APIAddons(CoreSysAttributes):
            ATTR_HOST_NETWORK: addon.host_network,
            ATTR_HOST_PID: addon.host_pid,
            ATTR_HOST_IPC: addon.host_ipc,
            ATTR_HOST_UTS: addon.host_uts,
            ATTR_HOST_DBUS: addon.host_dbus,
            ATTR_PRIVILEGED: addon.privileged,
            ATTR_FULL_ACCESS: addon.with_full_access,
            ATTR_APPARMOR: addon.apparmor,
            ATTR_DEVICES: _pretty_devices(addon),
            ATTR_ICON: addon.with_icon,
            ATTR_LOGO: addon.with_logo,
            ATTR_CHANGELOG: addon.with_changelog,
            ATTR_DOCUMENTATION: addon.with_documentation,
            ATTR_STDIN: addon.with_stdin,
            ATTR_WEBUI: None,
            ATTR_HASSIO_API: addon.access_hassio_api,
            ATTR_HASSIO_ROLE: addon.hassio_role,
            ATTR_AUTH_API: addon.access_auth_api,
            ATTR_HOMEASSISTANT_API: addon.access_homeassistant_api,
            ATTR_GPIO: addon.with_gpio,
            ATTR_USB: addon.with_usb,
            ATTR_UART: addon.with_uart,
            ATTR_KERNEL_MODULES: addon.with_kernel_modules,
            ATTR_DEVICETREE: addon.with_devicetree,
            ATTR_UDEV: addon.with_udev,
            ATTR_DOCKER_API: addon.access_docker_api,
            ATTR_VIDEO: addon.with_video,
            ATTR_AUDIO: addon.with_audio,
-            ATTR_AUDIO_INPUT: None,
+            ATTR_STARTUP: addon.startup,
            ATTR_AUDIO_OUTPUT: None,
            ATTR_SERVICES: _pretty_services(addon),
            ATTR_DISCOVERY: addon.discovery,
-            ATTR_IP_ADDRESS: None,
+            ATTR_TRANSLATIONS: addon.translations,
            ATTR_INGRESS: addon.with_ingress,
-            ATTR_INGRESS_ENTRY: None,
+            ATTR_SIGNED: addon.signed,
-            ATTR_INGRESS_URL: None,
+            ATTR_STATE: addon.state,
-            ATTR_INGRESS_PORT: None,
+            ATTR_WEBUI: addon.webui,
-            ATTR_INGRESS_PANEL: None,
+            ATTR_INGRESS_ENTRY: addon.ingress_entry,
            ATTR_INGRESS_URL: addon.ingress_url,
            ATTR_INGRESS_PORT: addon.ingress_port,
            ATTR_INGRESS_PANEL: addon.ingress_panel,
            ATTR_AUDIO_INPUT: addon.audio_input,
            ATTR_AUDIO_OUTPUT: addon.audio_output,
            ATTR_AUTO_UPDATE: addon.auto_update,
            ATTR_IP_ADDRESS: str(addon.ip_address),
            ATTR_VERSION: addon.version,
            ATTR_UPDATE_AVAILABLE: addon.need_update,
            ATTR_WATCHDOG: addon.watchdog,
            ATTR_DEVICES: addon.static_devices
            + [device.path for device in addon.devices],
        }
        if isinstance(addon, Addon) and addon.is_installed:
            data.update(
                {
                    ATTR_STATE: await addon.state(),
                    ATTR_WEBUI: addon.webui,
                    ATTR_INGRESS_ENTRY: addon.ingress_entry,
                    ATTR_INGRESS_URL: addon.ingress_url,
                    ATTR_INGRESS_PORT: addon.ingress_port,
                    ATTR_INGRESS_PANEL: addon.ingress_panel,
                    ATTR_AUDIO_INPUT: addon.audio_input,
                    ATTR_AUDIO_OUTPUT: addon.audio_output,
                    ATTR_AUTO_UPDATE: addon.auto_update,
                    ATTR_IP_ADDRESS: str(addon.ip_address),
                    ATTR_VERSION: addon.version,
                }
            )
        return data
    @api_process
    async def options(self, request: web.Request) -> None:
        """Store user options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        # Update secrets for validation
-        await self.sys_secrets.reload()
+        await self.sys_homeassistant.secrets.reload()
        # Extend schema with add-on specific validation
        addon_schema = SCHEMA_OPTIONS.extend(
-            {vol.Optional(ATTR_OPTIONS): vol.Any(None, addon.schema)}
+            {vol.Optional(ATTR_OPTIONS): vol.Maybe(addon.schema)}
        )
        # Validate/Process Body
@@ -304,25 +295,81 @@ class APIAddons(CoreSysAttributes):
        if ATTR_INGRESS_PANEL in body:
            addon.ingress_panel = body[ATTR_INGRESS_PANEL]
            await self.sys_ingress.update_hass_panel(addon)
        if ATTR_WATCHDOG in body:
            addon.watchdog = body[ATTR_WATCHDOG]
        addon.save_persist()
    @api_process
    async def options_validate(self, request: web.Request) -> None:
        """Validate user options for add-on."""
        addon = self._extract_addon(request)
        data = {ATTR_MESSAGE: "", ATTR_VALID: True, ATTR_PWNED: False}
        options = await request.json(loads=json_loads) or addon.options
        # Validate config
        options_schema = addon.schema
        try:
            options_schema.validate(options)
        except vol.Invalid as ex:
            data[ATTR_MESSAGE] = humanize_error(options, ex)
            data[ATTR_VALID] = False
        if not self.sys_security.pwned:
            return data
        # Pwned check
        for secret in options_schema.pwned:
            try:
                await self.sys_security.verify_secret(secret)
                continue
            except PwnedSecret:
                data[ATTR_PWNED] = True
            except PwnedError:
                data[ATTR_PWNED] = None
            break
        if self.sys_security.force and data[ATTR_PWNED] in (None, True):
            data[ATTR_VALID] = False
            if data[ATTR_PWNED] is None:
                data[ATTR_MESSAGE] = "Error happening on pwned secrets check!"
            else:
                data[ATTR_MESSAGE] = "Add-on uses pwned secrets!"
        return data
    @api_process
    async def options_config(self, request: web.Request) -> None:
        """Validate user options for add-on."""
        slug: str = request.match_info.get("addon")
        if slug != "self":
            raise APIForbidden("This can be only read by the Add-on itself!")
        addon = self._extract_addon(request)
        # Lookup/reload secrets
        await self.sys_homeassistant.secrets.reload()
        try:
            return addon.schema.validate(addon.options)
        except vol.Invalid:
            raise APIError("Invalid configuration data for the add-on") from None
    @api_process
    async def security(self, request: web.Request) -> None:
        """Store security options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
-        body: Dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
+        body: dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
        if ATTR_PROTECTED in body:
-            _LOGGER.warning("Protected flag changing for %s!", addon.slug)
+            _LOGGER.warning("Changing protected flag for %s!", addon.slug)
            addon.protected = body[ATTR_PROTECTED]
        addon.save_persist()
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        stats: DockerStats = await addon.stats()
@@ -337,98 +384,49 @@ class APIAddons(CoreSysAttributes):
            ATTR_BLK_WRITE: stats.blk_write,
        }
    @api_process
    def install(self, request: web.Request) -> Awaitable[None]:
        """Install add-on."""
        addon = self._extract_addon(request)
        return asyncio.shield(addon.install())
    @api_process
    def uninstall(self, request: web.Request) -> Awaitable[None]:
        """Uninstall add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
-        return asyncio.shield(addon.uninstall())
+        return asyncio.shield(self.sys_addons.uninstall(addon.slug))
    @api_process
-    def start(self, request: web.Request) -> Awaitable[None]:
+    async def start(self, request: web.Request) -> None:
        """Start add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
-        return asyncio.shield(addon.start())
+        if start_task := await asyncio.shield(addon.start()):
            await start_task
    @api_process
    def stop(self, request: web.Request) -> Awaitable[None]:
        """Stop add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return asyncio.shield(addon.stop())
    @api_process
-    def update(self, request: web.Request) -> Awaitable[None]:
+    async def restart(self, request: web.Request) -> None:
        """Update add-on."""
        addon: Addon = self._extract_addon_installed(request)
        return asyncio.shield(addon.update())
    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart add-on."""
-        addon: Addon = self._extract_addon_installed(request)
+        addon: Addon = self._extract_addon(request)
-        return asyncio.shield(addon.restart())
+        if start_task := await asyncio.shield(addon.restart()):
            await start_task
    @api_process
-    def rebuild(self, request: web.Request) -> Awaitable[None]:
+    async def rebuild(self, request: web.Request) -> None:
        """Rebuild local build add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
-        return asyncio.shield(addon.rebuild())
+        if start_task := await asyncio.shield(self.sys_addons.rebuild(addon.slug)):
            await start_task
    @api_process_raw(CONTENT_TYPE_BINARY)
    def logs(self, request: web.Request) -> Awaitable[bytes]:
        """Return logs from add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        return addon.logs()
    @api_process_raw(CONTENT_TYPE_PNG)
    async def icon(self, request: web.Request) -> bytes:
        """Return icon from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_icon:
            raise APIError(f"No icon found for add-on {addon.slug}!")
        with addon.path_icon.open("rb") as png:
            return png.read()
    @api_process_raw(CONTENT_TYPE_PNG)
    async def logo(self, request: web.Request) -> bytes:
        """Return logo from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_logo:
            raise APIError(f"No logo found for add-on {addon.slug}!")
        with addon.path_logo.open("rb") as png:
            return png.read()
    @api_process_raw(CONTENT_TYPE_TEXT)
    async def changelog(self, request: web.Request) -> str:
        """Return changelog from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_changelog:
            raise APIError(f"No changelog found for add-on {addon.slug}!")
        with addon.path_changelog.open("r") as changelog:
            return changelog.read()
    @api_process_raw(CONTENT_TYPE_TEXT)
    async def documentation(self, request: web.Request) -> str:
        """Return documentation from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_documentation:
            raise APIError(f"No documentation found for add-on {addon.slug}!")
        with addon.path_documentation.open("r") as documentation:
            return documentation.read()
    @api_process
    async def stdin(self, request: web.Request) -> None:
        """Write to stdin of add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self._extract_addon(request)
        if not addon.with_stdin:
            raise APIError(f"STDIN not supported the {addon.slug} add-on")
@@ -436,14 +434,6 @@ class APIAddons(CoreSysAttributes):
        await asyncio.shield(addon.write_stdin(data))
-def _pretty_devices(addon: AnyAddon) -> List[str]:
+def _pretty_services(addon: Addon) -> list[str]:
    """Return a simplified device list."""
    dev_list = addon.devices
    if not dev_list:
        return []
    return [row.split(":")[0] for row in dev_list]
 def _pretty_services(addon: AnyAddon) -> List[str]:
    """Return a simplified services role list."""
    return [f"{name}:{access}" for name, access in addon.services_role.items()]
--- a/supervisor/api/audio.py
+++ b/supervisor/api/audio.py
@@ -1,10 +1,11 @@
 """Init file for Supervisor Audio RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 from dataclasses import asdict
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import attr
 import voluptuous as vol
 from ..const import (
@@ -25,20 +26,21 @@ from ..const import (
    ATTR_NETWORK_RX,
    ATTR_NETWORK_TX,
    ATTR_OUTPUT,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_VOLUME,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..host.sound import StreamType
-from ..validate import simple_version
+from ..validate import version_tag
 from .const import CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): simple_version})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 SCHEMA_VOLUME = vol.Schema(
    {
@@ -55,10 +57,10 @@ SCHEMA_MUTE = vol.Schema(
    }
 )
-SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): vol.Coerce(str)})
+SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): str})
 SCHEMA_PROFILE = vol.Schema(
-    {vol.Required(ATTR_CARD): vol.Coerce(str), vol.Required(ATTR_NAME): vol.Coerce(str)}
+    {vol.Required(ATTR_CARD): str, vol.Required(ATTR_NAME): str}
 )
@@ -66,28 +68,25 @@ class APIAudio(CoreSysAttributes):
    """Handle RESTful API for Audio functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return Audio information."""
        return {
            ATTR_VERSION: self.sys_plugins.audio.version,
            ATTR_VERSION_LATEST: self.sys_plugins.audio.latest_version,
            ATTR_UPDATE_AVAILABLE: self.sys_plugins.audio.need_update,
            ATTR_HOST: str(self.sys_docker.network.audio),
            ATTR_AUDIO: {
-                ATTR_CARD: [attr.asdict(card) for card in self.sys_host.sound.cards],
+                ATTR_CARD: [asdict(card) for card in self.sys_host.sound.cards],
-                ATTR_INPUT: [
+                ATTR_INPUT: [asdict(stream) for stream in self.sys_host.sound.inputs],
-                    attr.asdict(stream) for stream in self.sys_host.sound.inputs
+                ATTR_OUTPUT: [asdict(stream) for stream in self.sys_host.sound.outputs],
                ],
                ATTR_OUTPUT: [
                    attr.asdict(stream) for stream in self.sys_host.sound.outputs
                ],
                ATTR_APPLICATION: [
-                    attr.asdict(stream) for stream in self.sys_host.sound.applications
+                    asdict(stream) for stream in self.sys_host.sound.applications
                ],
            },
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.audio.stats()
--- a/supervisor/api/auth.py
+++ b/supervisor/api/auth.py
@@ -1,7 +1,6 @@
 """Init file for Supervisor auth/SSO RESTful API."""
 import asyncio
 import logging
 from typing import Dict
 from aiohttp import BasicAuth, web
 from aiohttp.hdrs import AUTHORIZATION, CONTENT_TYPE, WWW_AUTHENTICATE
@@ -9,26 +8,26 @@ from aiohttp.web_exceptions import HTTPUnauthorized
 import voluptuous as vol
 from ..addons.addon import Addon
-from ..const import (
+from ..const import ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
    ATTR_PASSWORD,
    ATTR_USERNAME,
    CONTENT_TYPE_JSON,
    CONTENT_TYPE_URL,
    REQUEST_FROM,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIForbidden
 from ..utils.json import json_loads
 from .const import CONTENT_TYPE_JSON, CONTENT_TYPE_URL
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_PASSWORD_RESET = vol.Schema(
    {
-        vol.Required(ATTR_USERNAME): vol.Coerce(str),
+        vol.Required(ATTR_USERNAME): str,
-        vol.Required(ATTR_PASSWORD): vol.Coerce(str),
+        vol.Required(ATTR_PASSWORD): str,
    }
 )
 REALM_HEADER: dict[str, str] = {
    WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'
 }
 class APIAuth(CoreSysAttributes):
    """Handle RESTful API for auth functions."""
@@ -42,7 +41,7 @@ class APIAuth(CoreSysAttributes):
        return self.sys_auth.check_login(addon, auth.login, auth.password)
    def _process_dict(
-        self, request: web.Request, addon: Addon, data: Dict[str, str]
+        self, request: web.Request, addon: Addon, data: dict[str, str]
    ) -> bool:
        """Process login with dict data.
@@ -63,11 +62,13 @@ class APIAuth(CoreSysAttributes):
        # BasicAuth
        if AUTHORIZATION in request.headers:
-            return await self._process_basic(request, addon)
+            if not await self._process_basic(request, addon):
                raise HTTPUnauthorized(headers=REALM_HEADER)
            return True
        # Json
        if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
-            data = await request.json()
+            data = await request.json(loads=json_loads)
            return await self._process_dict(request, addon, data)
        # URL encoded
@@ -75,14 +76,17 @@ class APIAuth(CoreSysAttributes):
            data = await request.post()
            return await self._process_dict(request, addon, data)
-        raise HTTPUnauthorized(
+        raise HTTPUnauthorized(headers=REALM_HEADER)
            headers={WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'}
        )
    @api_process
    async def reset(self, request: web.Request) -> None:
        """Process reset password request."""
-        body: Dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
+        body: dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
        await asyncio.shield(
            self.sys_auth.change_password(body[ATTR_USERNAME], body[ATTR_PASSWORD])
        )
    @api_process
    async def cache(self, request: web.Request) -> None:
        """Process cache reset request."""
        self.sys_auth.reset_data()
--- a/supervisor/api/backups.py
+++ b/supervisor/api/backups.py
@@ -0,0 +1,305 @@
 """Backups RESTful API."""
 import asyncio
 import errno
 import logging
 from pathlib import Path
 import re
 from tempfile import TemporaryDirectory
 from typing import Any
 from aiohttp import web
 from aiohttp.hdrs import CONTENT_DISPOSITION
 import voluptuous as vol
 from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT, days_until_stale
 from ..const import (
    ATTR_ADDONS,
    ATTR_BACKUPS,
    ATTR_COMPRESSED,
    ATTR_CONTENT,
    ATTR_DATE,
    ATTR_DAYS_UNTIL_STALE,
    ATTR_FOLDERS,
    ATTR_HOMEASSISTANT,
    ATTR_HOMEASSISTANT_EXCLUDE_DATABASE,
    ATTR_LOCATON,
    ATTR_NAME,
    ATTR_PASSWORD,
    ATTR_PROTECTED,
    ATTR_REPOSITORIES,
    ATTR_SIZE,
    ATTR_SLUG,
    ATTR_SUPERVISOR_VERSION,
    ATTR_TIMEOUT,
    ATTR_TYPE,
    ATTR_VERSION,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..mounts.const import MountUsage
 from ..resolution.const import UnhealthyReason
 from .const import CONTENT_TYPE_TAR
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")
 # Backwards compatible
 # Remove: 2022.08
 _ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
 # pylint: disable=no-value-for-parameter
 SCHEMA_RESTORE_PARTIAL = vol.Schema(
    {
        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
    }
 )
 SCHEMA_RESTORE_FULL = vol.Schema({vol.Optional(ATTR_PASSWORD): vol.Maybe(str)})
 SCHEMA_BACKUP_FULL = vol.Schema(
    {
        vol.Optional(ATTR_NAME): str,
        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
        vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
        vol.Optional(ATTR_LOCATON): vol.Maybe(str),
        vol.Optional(ATTR_HOMEASSISTANT_EXCLUDE_DATABASE): vol.Boolean(),
    }
 )
 SCHEMA_BACKUP_PARTIAL = SCHEMA_BACKUP_FULL.extend(
    {
        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
    }
 )
 SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_DAYS_UNTIL_STALE): days_until_stale,
    }
 )
 SCHEMA_FREEZE = vol.Schema(
    {
        vol.Optional(ATTR_TIMEOUT): vol.All(int, vol.Range(min=1)),
    }
 )
 class APIBackups(CoreSysAttributes):
    """Handle RESTful API for backups functions."""
    def _extract_slug(self, request):
        """Return backup, throw an exception if it doesn't exist."""
        backup = self.sys_backups.get(request.match_info.get("slug"))
        if not backup:
            raise APIError("Backup does not exist")
        return backup
    def _list_backups(self):
        """Return list of backups."""
        return [
            {
                ATTR_SLUG: backup.slug,
                ATTR_NAME: backup.name,
                ATTR_DATE: backup.date,
                ATTR_TYPE: backup.sys_type,
                ATTR_SIZE: backup.size,
                ATTR_LOCATON: backup.location,
                ATTR_PROTECTED: backup.protected,
                ATTR_COMPRESSED: backup.compressed,
                ATTR_CONTENT: {
                    ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
                    ATTR_ADDONS: backup.addon_list,
                    ATTR_FOLDERS: backup.folders,
                },
            }
            for backup in self.sys_backups.list_backups
        ]
    @api_process
    async def list(self, request):
        """Return backup list."""
        data_backups = self._list_backups()
        if request.path == "/snapshots":
            # Kept for backwards compability
            return {"snapshots": data_backups}
        return {ATTR_BACKUPS: data_backups}
    @api_process
    async def info(self, request):
        """Return backup list and manager info."""
        return {
            ATTR_BACKUPS: self._list_backups(),
            ATTR_DAYS_UNTIL_STALE: self.sys_backups.days_until_stale,
        }
    @api_process
    async def options(self, request):
        """Set backup manager options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        if ATTR_DAYS_UNTIL_STALE in body:
            self.sys_backups.days_until_stale = body[ATTR_DAYS_UNTIL_STALE]
        self.sys_backups.save_data()
    @api_process
    async def reload(self, _):
        """Reload backup list."""
        await asyncio.shield(self.sys_backups.reload())
        return True
    @api_process
    async def backup_info(self, request):
        """Return backup info."""
        backup = self._extract_slug(request)
        data_addons = []
        for addon_data in backup.addons:
            data_addons.append(
                {
                    ATTR_SLUG: addon_data[ATTR_SLUG],
                    ATTR_NAME: addon_data[ATTR_NAME],
                    ATTR_VERSION: addon_data[ATTR_VERSION],
                    ATTR_SIZE: addon_data[ATTR_SIZE],
                }
            )
        return {
            ATTR_SLUG: backup.slug,
            ATTR_TYPE: backup.sys_type,
            ATTR_NAME: backup.name,
            ATTR_DATE: backup.date,
            ATTR_SIZE: backup.size,
            ATTR_COMPRESSED: backup.compressed,
            ATTR_PROTECTED: backup.protected,
            ATTR_SUPERVISOR_VERSION: backup.supervisor_version,
            ATTR_HOMEASSISTANT: backup.homeassistant_version,
            ATTR_LOCATON: backup.location,
            ATTR_ADDONS: data_addons,
            ATTR_REPOSITORIES: backup.repositories,
            ATTR_FOLDERS: backup.folders,
            ATTR_HOMEASSISTANT_EXCLUDE_DATABASE: backup.homeassistant_exclude_database,
        }
    def _location_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
        """Change location field to mount if necessary."""
        if not body.get(ATTR_LOCATON):
            return body
        body[ATTR_LOCATON] = self.sys_mounts.get(body[ATTR_LOCATON])
        if body[ATTR_LOCATON].usage != MountUsage.BACKUP:
            raise APIError(
                f"Mount {body[ATTR_LOCATON].name} is not used for backups, cannot backup to there"
            )
        return body
    @api_process
    async def backup_full(self, request):
        """Create full backup."""
        body = await api_validate(SCHEMA_BACKUP_FULL, request)
        backup = await asyncio.shield(
            self.sys_backups.do_backup_full(**self._location_to_mount(body))
        )
        if backup:
            return {ATTR_SLUG: backup.slug}
        return False
    @api_process
    async def backup_partial(self, request):
        """Create a partial backup."""
        body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
        backup = await asyncio.shield(
            self.sys_backups.do_backup_partial(**self._location_to_mount(body))
        )
        if backup:
            return {ATTR_SLUG: backup.slug}
        return False
    @api_process
    async def restore_full(self, request):
        """Full restore of a backup."""
        backup = self._extract_slug(request)
        body = await api_validate(SCHEMA_RESTORE_FULL, request)
        return await asyncio.shield(self.sys_backups.do_restore_full(backup, **body))
    @api_process
    async def restore_partial(self, request):
        """Partial restore a backup."""
        backup = self._extract_slug(request)
        body = await api_validate(SCHEMA_RESTORE_PARTIAL, request)
        return await asyncio.shield(self.sys_backups.do_restore_partial(backup, **body))
    @api_process
    async def freeze(self, request):
        """Initiate manual freeze for external backup."""
        body = await api_validate(SCHEMA_FREEZE, request)
        await asyncio.shield(self.sys_backups.freeze_all(**body))
    @api_process
    async def thaw(self, request):
        """Begin thaw after manual freeze."""
        await self.sys_backups.thaw_all()
    @api_process
    async def remove(self, request):
        """Remove a backup."""
        backup = self._extract_slug(request)
        return self.sys_backups.remove(backup)
    async def download(self, request):
        """Download a backup file."""
        backup = self._extract_slug(request)
        _LOGGER.info("Downloading backup %s", backup.slug)
        response = web.FileResponse(backup.tarfile)
        response.content_type = CONTENT_TYPE_TAR
        response.headers[
            CONTENT_DISPOSITION
        ] = f"attachment; filename={RE_SLUGIFY_NAME.sub('_', backup.name)}.tar"
        return response
    @api_process
    async def upload(self, request):
        """Upload a backup file."""
        with TemporaryDirectory(dir=str(self.sys_config.path_tmp)) as temp_dir:
            tar_file = Path(temp_dir, "backup.tar")
            reader = await request.multipart()
            contents = await reader.next()
            try:
                with tar_file.open("wb") as backup:
                    while True:
                        chunk = await contents.read_chunk()
                        if not chunk:
                            break
                        backup.write(chunk)
            except OSError as err:
                if err.errno == errno.EBADMSG:
                    self.sys_resolution.unhealthy = UnhealthyReason.OSERROR_BAD_MESSAGE
                _LOGGER.error("Can't write new backup file: %s", err)
                return False
            except asyncio.CancelledError:
                return False
            backup = await asyncio.shield(self.sys_backups.import_backup(tar_file))
        if backup:
            return {ATTR_SLUG: backup.slug}
        return False
--- a/supervisor/api/cli.py
+++ b/supervisor/api/cli.py
@@ -1,7 +1,7 @@
 """Init file for Supervisor HA cli RESTful API."""
 import asyncio
 import logging
-from typing import Any, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -15,31 +15,33 @@ from ..const import (
    ATTR_MEMORY_USAGE,
    ATTR_NETWORK_RX,
    ATTR_NETWORK_TX,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
-from ..validate import simple_version
+from ..validate import version_tag
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): simple_version})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 class APICli(CoreSysAttributes):
    """Handle RESTful API for HA Cli functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return HA cli information."""
        return {
            ATTR_VERSION: self.sys_plugins.cli.version,
            ATTR_VERSION_LATEST: self.sys_plugins.cli.latest_version,
            ATTR_UPDATE_AVAILABLE: self.sys_plugins.cli.need_update,
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.cli.stats()
--- a/supervisor/api/const.py
+++ b/supervisor/api/const.py
@@ -0,0 +1,54 @@
 """Const for API."""
 CONTENT_TYPE_BINARY = "application/octet-stream"
 CONTENT_TYPE_JSON = "application/json"
 CONTENT_TYPE_PNG = "image/png"
 CONTENT_TYPE_TAR = "application/tar"
 CONTENT_TYPE_TEXT = "text/plain"
 CONTENT_TYPE_URL = "application/x-www-form-urlencoded"
 COOKIE_INGRESS = "ingress_session"
 ATTR_AGENT_VERSION = "agent_version"
 ATTR_APPARMOR_VERSION = "apparmor_version"
 ATTR_ATTRIBUTES = "attributes"
 ATTR_AVAILABLE_UPDATES = "available_updates"
 ATTR_BOOT_TIMESTAMP = "boot_timestamp"
 ATTR_BOOTS = "boots"
 ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
 ATTR_BROADCAST_MDNS = "broadcast_mdns"
 ATTR_BY_ID = "by_id"
 ATTR_CHILDREN = "children"
 ATTR_CONNECTION_BUS = "connection_bus"
 ATTR_DATA_DISK = "data_disk"
 ATTR_DEVICE = "device"
 ATTR_DEV_PATH = "dev_path"
 ATTR_DISKS = "disks"
 ATTR_DRIVES = "drives"
 ATTR_DT_SYNCHRONIZED = "dt_synchronized"
 ATTR_DT_UTC = "dt_utc"
 ATTR_EJECTABLE = "ejectable"
 ATTR_FALLBACK = "fallback"
 ATTR_FILESYSTEMS = "filesystems"
 ATTR_IDENTIFIERS = "identifiers"
 ATTR_JOBS = "jobs"
 ATTR_LLMNR = "llmnr"
 ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
 ATTR_MDNS = "mdns"
 ATTR_MODEL = "model"
 ATTR_MOUNTS = "mounts"
 ATTR_MOUNT_POINTS = "mount_points"
 ATTR_PANEL_PATH = "panel_path"
 ATTR_REMOVABLE = "removable"
 ATTR_REVISION = "revision"
 ATTR_SEAT = "seat"
 ATTR_SIGNED = "signed"
 ATTR_STARTUP_TIME = "startup_time"
 ATTR_SUBSYSTEM = "subsystem"
 ATTR_SYSFS = "sysfs"
 ATTR_SYSTEM_HEALTH_LED = "system_health_led"
 ATTR_TIME_DETECTED = "time_detected"
 ATTR_UPDATE_TYPE = "update_type"
 ATTR_USE_NTP = "use_ntp"
 ATTR_USAGE = "usage"
 ATTR_VENDOR = "vendor"
--- a/supervisor/api/discovery.py
+++ b/supervisor/api/discovery.py
@@ -1,6 +1,9 @@
 """Init file for Supervisor network RESTful API."""
 import logging
 import voluptuous as vol
 from ..addons.addon import Addon
 from ..const import (
    ATTR_ADDON,
    ATTR_CONFIG,
@@ -9,15 +12,18 @@ from ..const import (
    ATTR_SERVICES,
    ATTR_UUID,
    REQUEST_FROM,
    AddonState,
 )
 from ..coresys import CoreSysAttributes
 from ..discovery.validate import valid_discovery_service
 from ..exceptions import APIError, APIForbidden
-from .utils import api_process, api_validate
+from .utils import api_process, api_validate, require_home_assistant
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_DISCOVERY = vol.Schema(
    {
-        vol.Required(ATTR_SERVICE): valid_discovery_service,
+        vol.Required(ATTR_SERVICE): str,
        vol.Optional(ATTR_CONFIG): vol.Maybe(dict),
    }
 )
@@ -33,27 +39,22 @@ class APIDiscovery(CoreSysAttributes):
            raise APIError("Discovery message not found")
        return message
    def _check_permission_ha(self, request):
        """Check permission for API call / Home Assistant."""
        if request[REQUEST_FROM] != self.sys_homeassistant:
            raise APIForbidden("Only HomeAssistant can use this API!")
    @api_process
    @require_home_assistant
    async def list(self, request):
-        """Show register services."""
+        """Show registered and available services."""
        self._check_permission_ha(request)
        # Get available discovery
-        discovery = []
+        discovery = [
-        for message in self.sys_discovery.list_messages:
+            {
-            discovery.append(
+                ATTR_ADDON: message.addon,
-                {
+                ATTR_SERVICE: message.service,
-                    ATTR_ADDON: message.addon,
+                ATTR_UUID: message.uuid,
-                    ATTR_SERVICE: message.service,
+                ATTR_CONFIG: message.config,
-                    ATTR_UUID: message.uuid,
+            }
-                    ATTR_CONFIG: message.config,
+            for message in self.sys_discovery.list_messages
-                }
+            if (addon := self.sys_addons.get(message.addon, local_only=True))
-            )
+            and addon.state == AddonState.STARTED
        ]
        # Get available services/add-ons
        services = {}
@@ -67,11 +68,28 @@ class APIDiscovery(CoreSysAttributes):
    async def set_discovery(self, request):
        """Write data into a discovery pipeline."""
        body = await api_validate(SCHEMA_DISCOVERY, request)
-        addon = request[REQUEST_FROM]
+        addon: Addon = request[REQUEST_FROM]
        service = body[ATTR_SERVICE]
        try:
            valid_discovery_service(service)
        except vol.Invalid:
            _LOGGER.warning(
                "Received discovery message for unknown service %s from addon %s. Please report this to the maintainer of the add-on",
                service,
                addon.name,
            )
        # Access?
        if body[ATTR_SERVICE] not in addon.discovery:
-            raise APIForbidden("Can't use discovery!")
+            _LOGGER.error(
                "Add-on %s attempted to send discovery for service %s which is not listed in its config. Please report this to the maintainer of the add-on",
                addon.name,
                service,
            )
            raise APIForbidden(
                "Add-ons must list services they provide via discovery in their config!"
            )
        # Process discovery message
        message = self.sys_discovery.send(addon, **body)
@@ -79,13 +97,11 @@ class APIDiscovery(CoreSysAttributes):
        return {ATTR_UUID: message.uuid}
    @api_process
    @require_home_assistant
    async def get_discovery(self, request):
        """Read data into a discovery message."""
        message = self._extract_message(request)
        # HomeAssistant?
        self._check_permission_ha(request)
        return {
            ATTR_ADDON: message.addon,
            ATTR_SERVICE: message.service,
--- a/supervisor/api/dns.py
+++ b/supervisor/api/dns.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor DNS RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -18,50 +19,68 @@ from ..const import (
    ATTR_NETWORK_RX,
    ATTR_NETWORK_TX,
    ATTR_SERVERS,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
-from ..validate import dns_server_list, simple_version
+from ..validate import dns_server_list, version_tag
 from .const import ATTR_FALLBACK, ATTR_LLMNR, ATTR_MDNS, CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 # pylint: disable=no-value-for-parameter
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_SERVERS): dns_server_list})
+SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_SERVERS): dns_server_list,
        vol.Optional(ATTR_FALLBACK): vol.Boolean(),
    }
 )
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): simple_version})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 class APICoreDNS(CoreSysAttributes):
    """Handle RESTful API for DNS functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return DNS information."""
        return {
            ATTR_VERSION: self.sys_plugins.dns.version,
            ATTR_VERSION_LATEST: self.sys_plugins.dns.latest_version,
            ATTR_UPDATE_AVAILABLE: self.sys_plugins.dns.need_update,
            ATTR_HOST: str(self.sys_docker.network.dns),
            ATTR_SERVERS: self.sys_plugins.dns.servers,
-            ATTR_LOCALS: self.sys_host.network.dns_servers,
+            ATTR_LOCALS: self.sys_plugins.dns.locals,
            ATTR_MDNS: self.sys_plugins.dns.mdns,
            ATTR_LLMNR: self.sys_plugins.dns.llmnr,
            ATTR_FALLBACK: self.sys_plugins.dns.fallback,
        }
    @api_process
    async def options(self, request: web.Request) -> None:
        """Set DNS options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        restart_required = False
        if ATTR_SERVERS in body:
            self.sys_plugins.dns.servers = body[ATTR_SERVERS]
            restart_required = True
        if ATTR_FALLBACK in body:
            self.sys_plugins.dns.fallback = body[ATTR_FALLBACK]
            restart_required = True
        if restart_required:
            self.sys_create_task(self.sys_plugins.dns.restart())
        self.sys_plugins.dns.save_data()
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.dns.stats()
--- a/supervisor/api/docker.py
+++ b/supervisor/api/docker.py
@@ -0,0 +1,76 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import logging
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..const import (
    ATTR_HOSTNAME,
    ATTR_LOGGING,
    ATTR_PASSWORD,
    ATTR_REGISTRIES,
    ATTR_STORAGE,
    ATTR_USERNAME,
    ATTR_VERSION,
 )
 from ..coresys import CoreSysAttributes
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_DOCKER_REGISTRY = vol.Schema(
    {
        str: {
            vol.Required(ATTR_USERNAME): str,
            vol.Required(ATTR_PASSWORD): str,
        }
    }
 )
 class APIDocker(CoreSysAttributes):
    """Handle RESTful API for Docker configuration."""
    @api_process
    async def registries(self, request) -> dict[str, Any]:
        """Return the list of registries."""
        data_registries = {}
        for hostname, registry in self.sys_docker.config.registries.items():
            data_registries[hostname] = {
                ATTR_USERNAME: registry[ATTR_USERNAME],
            }
        return {ATTR_REGISTRIES: data_registries}
    @api_process
    async def create_registry(self, request: web.Request):
        """Create a new docker registry."""
        body = await api_validate(SCHEMA_DOCKER_REGISTRY, request)
        for hostname, registry in body.items():
            self.sys_docker.config.registries[hostname] = registry
        self.sys_docker.config.save_data()
    @api_process
    async def remove_registry(self, request: web.Request):
        """Delete a docker registry."""
        hostname = request.match_info.get(ATTR_HOSTNAME)
        del self.sys_docker.config.registries[hostname]
        self.sys_docker.config.save_data()
    @api_process
    async def info(self, request: web.Request):
        """Get docker info."""
        data_registries = {}
        for hostname, registry in self.sys_docker.config.registries.items():
            data_registries[hostname] = {
                ATTR_USERNAME: registry[ATTR_USERNAME],
            }
        return {
            ATTR_VERSION: self.sys_docker.info.version,
            ATTR_STORAGE: self.sys_docker.info.storage,
            ATTR_LOGGING: self.sys_docker.info.logging,
            ATTR_REGISTRIES: data_registries,
        }
--- a/supervisor/api/hardware.py
+++ b/supervisor/api/hardware.py
@@ -1,42 +1,117 @@
 """Init file for Supervisor hardware RESTful API."""
 import asyncio
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 from ..const import (
    ATTR_AUDIO,
-    ATTR_DISK,
+    ATTR_DEVICES,
-    ATTR_GPIO,
+    ATTR_ID,
    ATTR_INPUT,
    ATTR_NAME,
    ATTR_OUTPUT,
    ATTR_SERIAL,
    ATTR_SIZE,
    ATTR_SYSTEM,
 )
 from ..coresys import CoreSysAttributes
 from ..dbus.udisks2 import UDisks2
 from ..dbus.udisks2.block import UDisks2Block
 from ..dbus.udisks2.drive import UDisks2Drive
 from ..hardware.data import Device
 from .const import (
    ATTR_ATTRIBUTES,
    ATTR_BY_ID,
    ATTR_CHILDREN,
    ATTR_CONNECTION_BUS,
    ATTR_DEV_PATH,
    ATTR_DEVICE,
    ATTR_DRIVES,
    ATTR_EJECTABLE,
    ATTR_FILESYSTEMS,
    ATTR_MODEL,
    ATTR_MOUNT_POINTS,
    ATTR_REMOVABLE,
    ATTR_REVISION,
    ATTR_SEAT,
    ATTR_SUBSYSTEM,
    ATTR_SYSFS,
    ATTR_TIME_DETECTED,
    ATTR_VENDOR,
 )
 from .utils import api_process
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 def device_struct(device: Device) -> dict[str, Any]:
    """Return a dict with information of a interface to be used in the API."""
    return {
        ATTR_NAME: device.name,
        ATTR_SYSFS: device.sysfs,
        ATTR_DEV_PATH: device.path,
        ATTR_SUBSYSTEM: device.subsystem,
        ATTR_BY_ID: device.by_id,
        ATTR_ATTRIBUTES: device.attributes,
        ATTR_CHILDREN: device.children,
    }
 def filesystem_struct(fs_block: UDisks2Block) -> dict[str, Any]:
    """Return a dict with information of a filesystem block device to be used in the API."""
    return {
        ATTR_DEVICE: str(fs_block.device),
        ATTR_ID: fs_block.id,
        ATTR_SIZE: fs_block.size,
        ATTR_NAME: fs_block.id_label,
        ATTR_SYSTEM: fs_block.hint_system,
        ATTR_MOUNT_POINTS: [
            str(mount_point) for mount_point in fs_block.filesystem.mount_points
        ],
    }
 def drive_struct(udisks2: UDisks2, drive: UDisks2Drive) -> dict[str, Any]:
    """Return a dict with information of a disk to be used in the API."""
    return {
        ATTR_VENDOR: drive.vendor,
        ATTR_MODEL: drive.model,
        ATTR_REVISION: drive.revision,
        ATTR_SERIAL: drive.serial,
        ATTR_ID: drive.id,
        ATTR_SIZE: drive.size,
        ATTR_TIME_DETECTED: drive.time_detected.isoformat(),
        ATTR_CONNECTION_BUS: drive.connection_bus,
        ATTR_SEAT: drive.seat,
        ATTR_REMOVABLE: drive.removable,
        ATTR_EJECTABLE: drive.ejectable,
        ATTR_FILESYSTEMS: [
            filesystem_struct(block)
            for block in udisks2.block_devices
            if block.filesystem and block.drive == drive.object_path
        ],
    }
 class APIHardware(CoreSysAttributes):
    """Handle RESTful API for hardware functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Show hardware info."""
        return {
-            ATTR_SERIAL: list(
+            ATTR_DEVICES: [
-                self.sys_hardware.serial_devices | self.sys_hardware.serial_by_id
+                device_struct(device) for device in self.sys_hardware.devices
-            ),
+            ],
-            ATTR_INPUT: list(self.sys_hardware.input_devices),
+            ATTR_DRIVES: [
-            ATTR_DISK: list(self.sys_hardware.disk_devices),
+                drive_struct(self.sys_dbus.udisks2, drive)
-            ATTR_GPIO: list(self.sys_hardware.gpio_devices),
+                for drive in self.sys_dbus.udisks2.drives
-            ATTR_AUDIO: self.sys_hardware.audio_devices,
+            ],
        }
    @api_process
-    async def audio(self, request: web.Request) -> Dict[str, Any]:
+    async def audio(self, request: web.Request) -> dict[str, Any]:
        """Show pulse audio profiles."""
        return {
            ATTR_AUDIO: {
@@ -50,8 +125,3 @@ class APIHardware(CoreSysAttributes):
                },
            }
        }
    @api_process
    def trigger(self, request: web.Request) -> Awaitable[None]:
        """Trigger a udev device reload."""
        return asyncio.shield(self.sys_hardware.udev_trigger())
--- a/supervisor/api/homeassistant.py
+++ b/supervisor/api/homeassistant.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -10,6 +11,8 @@ from ..const import (
    ATTR_ARCH,
    ATTR_AUDIO_INPUT,
    ATTR_AUDIO_OUTPUT,
    ATTR_BACKUP,
    ATTR_BACKUPS_EXCLUDE_DATABASE,
    ATTR_BLK_READ,
    ATTR_BLK_WRITE,
    ATTR_BOOT,
@@ -25,15 +28,15 @@ from ..const import (
    ATTR_PORT,
    ATTR_REFRESH_TOKEN,
    ATTR_SSL,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_WAIT_BOOT,
    ATTR_WATCHDOG,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
-from ..validate import complex_version, docker_image, network_port
+from ..validate import docker_image, network_port, version_tag
 from .const import CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -42,29 +45,35 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_BOOT): vol.Boolean(),
-        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_IMAGE): vol.Maybe(docker_image),
        vol.Optional(ATTR_PORT): network_port,
        vol.Optional(ATTR_SSL): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
-        vol.Optional(ATTR_WAIT_BOOT): vol.All(vol.Coerce(int), vol.Range(min=60)),
+        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(str),
-        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_BACKUPS_EXCLUDE_DATABASE): vol.Boolean(),
    }
 )
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): complex_version})
+SCHEMA_UPDATE = vol.Schema(
    {
        vol.Optional(ATTR_VERSION): version_tag,
        vol.Optional(ATTR_BACKUP): bool,
    }
 )
 class APIHomeAssistant(CoreSysAttributes):
    """Handle RESTful API for Home Assistant functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return host information."""
        return {
            ATTR_VERSION: self.sys_homeassistant.version,
            ATTR_VERSION_LATEST: self.sys_homeassistant.latest_version,
            ATTR_UPDATE_AVAILABLE: self.sys_homeassistant.need_update,
            ATTR_MACHINE: self.sys_homeassistant.machine,
            ATTR_IP_ADDRESS: str(self.sys_homeassistant.ip_address),
            ATTR_ARCH: self.sys_homeassistant.arch,
@@ -73,11 +82,9 @@ class APIHomeAssistant(CoreSysAttributes):
            ATTR_PORT: self.sys_homeassistant.api_port,
            ATTR_SSL: self.sys_homeassistant.api_ssl,
            ATTR_WATCHDOG: self.sys_homeassistant.watchdog,
            ATTR_WAIT_BOOT: self.sys_homeassistant.wait_boot,
            ATTR_AUDIO_INPUT: self.sys_homeassistant.audio_input,
            ATTR_AUDIO_OUTPUT: self.sys_homeassistant.audio_output,
-            # Remove end of Q3 2020
+            ATTR_BACKUPS_EXCLUDE_DATABASE: self.sys_homeassistant.backups_exclude_database,
            "last_version": self.sys_homeassistant.latest_version,
        }
    @api_process
@@ -100,9 +107,6 @@ class APIHomeAssistant(CoreSysAttributes):
        if ATTR_WATCHDOG in body:
            self.sys_homeassistant.watchdog = body[ATTR_WATCHDOG]
        if ATTR_WAIT_BOOT in body:
            self.sys_homeassistant.wait_boot = body[ATTR_WAIT_BOOT]
        if ATTR_REFRESH_TOKEN in body:
            self.sys_homeassistant.refresh_token = body[ATTR_REFRESH_TOKEN]
@@ -112,12 +116,17 @@ class APIHomeAssistant(CoreSysAttributes):
        if ATTR_AUDIO_OUTPUT in body:
            self.sys_homeassistant.audio_output = body[ATTR_AUDIO_OUTPUT]
        if ATTR_BACKUPS_EXCLUDE_DATABASE in body:
            self.sys_homeassistant.backups_exclude_database = body[
                ATTR_BACKUPS_EXCLUDE_DATABASE
            ]
        self.sys_homeassistant.save_data()
    @api_process
-    async def stats(self, request: web.Request) -> Dict[Any, str]:
+    async def stats(self, request: web.Request) -> dict[Any, str]:
        """Return resource information."""
-        stats = await self.sys_homeassistant.stats()
+        stats = await self.sys_homeassistant.core.stats()
        if not stats:
            raise APIError("No stats available")
@@ -135,39 +144,43 @@ class APIHomeAssistant(CoreSysAttributes):
    @api_process
    async def update(self, request: web.Request) -> None:
        """Update Home Assistant."""
-        body = await api_validate(SCHEMA_VERSION, request)
+        body = await api_validate(SCHEMA_UPDATE, request)
        version = body.get(ATTR_VERSION, self.sys_homeassistant.latest_version)
-        await asyncio.shield(self.sys_homeassistant.update(version))
+        await asyncio.shield(
            self.sys_homeassistant.core.update(
                version=body.get(ATTR_VERSION, self.sys_homeassistant.latest_version),
                backup=body.get(ATTR_BACKUP),
            )
        )
    @api_process
    def stop(self, request: web.Request) -> Awaitable[None]:
        """Stop Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.stop())
+        return asyncio.shield(self.sys_homeassistant.core.stop())
    @api_process
    def start(self, request: web.Request) -> Awaitable[None]:
        """Start Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.start())
+        return asyncio.shield(self.sys_homeassistant.core.start())
    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.restart())
+        return asyncio.shield(self.sys_homeassistant.core.restart())
    @api_process
    def rebuild(self, request: web.Request) -> Awaitable[None]:
        """Rebuild Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.rebuild())
+        return asyncio.shield(self.sys_homeassistant.core.rebuild())
    @api_process_raw(CONTENT_TYPE_BINARY)
    def logs(self, request: web.Request) -> Awaitable[bytes]:
        """Return Home Assistant Docker logs."""
-        return self.sys_homeassistant.logs()
+        return self.sys_homeassistant.core.logs()
    @api_process
    async def check(self, request: web.Request) -> None:
        """Check configuration of Home Assistant."""
-        result = await self.sys_homeassistant.check_config()
+        result = await self.sys_homeassistant.core.check_config()
        if not result.valid:
            raise APIError(result.log)
--- a/supervisor/api/host.py
+++ b/supervisor/api/host.py
@@ -1,16 +1,22 @@
 """Init file for Supervisor host RESTful API."""
 import asyncio
 from contextlib import suppress
 import logging
 from typing import Awaitable
 from aiohttp import web
 from aiohttp.hdrs import ACCEPT, RANGE
 import voluptuous as vol
 from voluptuous.error import CoerceInvalid
 from ..const import (
    ATTR_CHASSIS,
    ATTR_CPE,
    ATTR_DEPLOYMENT,
    ATTR_DESCRIPTON,
    ATTR_DISK_FREE,
    ATTR_DISK_LIFE_TIME,
    ATTR_DISK_TOTAL,
    ATTR_DISK_USED,
    ATTR_FEATURES,
    ATTR_HOSTNAME,
    ATTR_KERNEL,
@@ -18,16 +24,35 @@ from ..const import (
    ATTR_OPERATING_SYSTEM,
    ATTR_SERVICES,
    ATTR_STATE,
-    CONTENT_TYPE_BINARY,
+    ATTR_TIMEZONE,
 )
 from ..coresys import CoreSysAttributes
-from .utils import api_process, api_process_raw, api_validate
+from ..exceptions import APIError, HostLogError
 from ..host.const import PARAM_BOOT_ID, PARAM_FOLLOW, PARAM_SYSLOG_IDENTIFIER
 from .const import (
    ATTR_AGENT_VERSION,
    ATTR_APPARMOR_VERSION,
    ATTR_BOOT_TIMESTAMP,
    ATTR_BOOTS,
    ATTR_BROADCAST_LLMNR,
    ATTR_BROADCAST_MDNS,
    ATTR_DT_SYNCHRONIZED,
    ATTR_DT_UTC,
    ATTR_IDENTIFIERS,
    ATTR_LLMNR_HOSTNAME,
    ATTR_STARTUP_TIME,
    ATTR_USE_NTP,
    CONTENT_TYPE_TEXT,
 )
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SERVICE = "service"
+IDENTIFIER = "identifier"
 BOOTID = "bootid"
 DEFAULT_RANGE = 100
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): vol.Coerce(str)})
+SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): str})
 class APIHost(CoreSysAttributes):
@@ -37,13 +62,28 @@ class APIHost(CoreSysAttributes):
    async def info(self, request):
        """Return host information."""
        return {
            ATTR_AGENT_VERSION: self.sys_dbus.agent.version,
            ATTR_APPARMOR_VERSION: self.sys_host.apparmor.version,
            ATTR_CHASSIS: self.sys_host.info.chassis,
            ATTR_CPE: self.sys_host.info.cpe,
            ATTR_FEATURES: self.sys_host.supperted_features,
            ATTR_HOSTNAME: self.sys_host.info.hostname,
            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
            ATTR_DEPLOYMENT: self.sys_host.info.deployment,
            ATTR_DISK_FREE: self.sys_host.info.free_space,
            ATTR_DISK_TOTAL: self.sys_host.info.total_space,
            ATTR_DISK_USED: self.sys_host.info.used_space,
            ATTR_DISK_LIFE_TIME: self.sys_host.info.disk_life_time,
            ATTR_FEATURES: self.sys_host.features,
            ATTR_HOSTNAME: self.sys_host.info.hostname,
            ATTR_LLMNR_HOSTNAME: self.sys_host.info.llmnr_hostname,
            ATTR_KERNEL: self.sys_host.info.kernel,
            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
            ATTR_TIMEZONE: self.sys_host.info.timezone,
            ATTR_DT_UTC: self.sys_host.info.dt_utc,
            ATTR_DT_SYNCHRONIZED: self.sys_host.info.dt_synchronized,
            ATTR_USE_NTP: self.sys_host.info.use_ntp,
            ATTR_STARTUP_TIME: self.sys_host.info.startup_time,
            ATTR_BOOT_TIMESTAMP: self.sys_host.info.boot_timestamp,
            ATTR_BROADCAST_LLMNR: self.sys_host.info.broadcast_llmnr,
            ATTR_BROADCAST_MDNS: self.sys_host.info.broadcast_mdns,
        }
    @api_process
@@ -88,30 +128,75 @@ class APIHost(CoreSysAttributes):
        return {ATTR_SERVICES: services}
    @api_process
-    def service_start(self, request):
+    async def list_boots(self, _: web.Request):
-        """Start a service."""
+        """Return a list of boot IDs."""
-        unit = request.match_info.get(SERVICE)
+        boot_ids = await self.sys_host.logs.get_boot_ids()
-        return asyncio.shield(self.sys_host.services.start(unit))
+        return {
            ATTR_BOOTS: {
                str(1 + i - len(boot_ids)): boot_id
                for i, boot_id in enumerate(boot_ids)
            }
        }
    @api_process
-    def service_stop(self, request):
+    async def list_identifiers(self, _: web.Request):
-        """Stop a service."""
+        """Return a list of syslog identifiers."""
-        unit = request.match_info.get(SERVICE)
+        return {ATTR_IDENTIFIERS: await self.sys_host.logs.get_identifiers()}
-        return asyncio.shield(self.sys_host.services.stop(unit))
+
    async def _get_boot_id(self, possible_offset: str) -> str:
        """Convert offset into boot ID if required."""
        with suppress(CoerceInvalid):
            offset = vol.Coerce(int)(possible_offset)
            try:
                return await self.sys_host.logs.get_boot_id(offset)
            except (ValueError, HostLogError) as err:
                raise APIError() from err
        return possible_offset
    @api_process
-    def service_reload(self, request):
+    async def advanced_logs(
-        """Reload a service."""
+        self, request: web.Request, identifier: str | None = None, follow: bool = False
-        unit = request.match_info.get(SERVICE)
+    ) -> web.StreamResponse:
-        return asyncio.shield(self.sys_host.services.reload(unit))
+        """Return systemd-journald logs."""
        params = {}
        if identifier:
            params[PARAM_SYSLOG_IDENTIFIER] = identifier
        elif IDENTIFIER in request.match_info:
            params[PARAM_SYSLOG_IDENTIFIER] = request.match_info.get(IDENTIFIER)
        else:
            params[PARAM_SYSLOG_IDENTIFIER] = self.sys_host.logs.default_identifiers
-    @api_process
+        if BOOTID in request.match_info:
-    def service_restart(self, request):
+            params[PARAM_BOOT_ID] = await self._get_boot_id(
-        """Restart a service."""
+                request.match_info.get(BOOTID)
-        unit = request.match_info.get(SERVICE)
+            )
-        return asyncio.shield(self.sys_host.services.restart(unit))
+        if follow:
            params[PARAM_FOLLOW] = ""
-    @api_process_raw(CONTENT_TYPE_BINARY)
+        if ACCEPT in request.headers and request.headers[ACCEPT] not in [
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
+            CONTENT_TYPE_TEXT,
-        """Return host kernel logs."""
+            "*/*",
-        return self.sys_host.info.get_dmesg()
+        ]:
            raise APIError(
                "Invalid content type requested. Only text/plain supported for now."
            )
        if RANGE in request.headers:
            range_header = request.headers.get(RANGE)
        else:
            range_header = f"entries=:-{DEFAULT_RANGE}:"
        async with self.sys_host.logs.journald_logs(
            params=params, range_header=range_header
        ) as resp:
            try:
                response = web.StreamResponse()
                response.content_type = CONTENT_TYPE_TEXT
                await response.prepare(request)
                async for data in resp.content:
                    await response.write(data)
            except ConnectionResetError as ex:
                raise APIError(
                    "Connection reset when trying to fetch data from systemd-journald."
                ) from ex
            return response
--- a/supervisor/api/info.py
+++ b/supervisor/api/info.py
@@ -1,44 +0,0 @@
 """Init file for Supervisor info RESTful API."""
 import logging
 from typing import Any, Dict
 from aiohttp import web
 from ..const import (
    ATTR_ARCH,
    ATTR_CHANNEL,
    ATTR_DOCKER,
    ATTR_HASSOS,
    ATTR_HOMEASSISTANT,
    ATTR_HOSTNAME,
    ATTR_LOGGING,
    ATTR_MACHINE,
    ATTR_SUPERVISOR,
    ATTR_SUPPORTED_ARCH,
    ATTR_TIMEZONE,
 )
 from ..coresys import CoreSysAttributes
 from .utils import api_process
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 class APIInfo(CoreSysAttributes):
    """Handle RESTful API for info functions."""
    @api_process
    async def info(self, request: web.Request) -> Dict[str, Any]:
        """Show system info."""
        return {
            ATTR_SUPERVISOR: self.sys_supervisor.version,
            ATTR_HOMEASSISTANT: self.sys_homeassistant.version,
            ATTR_HASSOS: self.sys_hassos.version,
            ATTR_DOCKER: self.sys_docker.info.version,
            ATTR_HOSTNAME: self.sys_host.info.hostname,
            ATTR_MACHINE: self.sys_machine,
            ATTR_ARCH: self.sys_arch.default,
            ATTR_SUPPORTED_ARCH: self.sys_arch.supported,
            ATTR_CHANNEL: self.sys_updater.channel,
            ATTR_LOGGING: self.sys_config.logging,
            ATTR_TIMEZONE: self.sys_timezone,
        }
--- a/supervisor/api/ingress.py
+++ b/supervisor/api/ingress.py
@@ -2,16 +2,17 @@
 import asyncio
 from ipaddress import ip_address
 import logging
-from typing import Any, Dict, Union
+from typing import Any
 import aiohttp
-from aiohttp import hdrs, web
+from aiohttp import ClientTimeout, hdrs, web
 from aiohttp.web_exceptions import (
    HTTPBadGateway,
    HTTPServiceUnavailable,
    HTTPUnauthorized,
 )
 from multidict import CIMultiDict, istr
 import voluptuous as vol
 from ..addons.addon import Addon
 from ..const import (
@@ -20,21 +21,65 @@ from ..const import (
    ATTR_ICON,
    ATTR_PANELS,
    ATTR_SESSION,
    ATTR_SESSION_DATA_USER_ID,
    ATTR_TITLE,
-    COOKIE_INGRESS,
+    HEADER_REMOTE_USER_DISPLAY_NAME,
    HEADER_REMOTE_USER_ID,
    HEADER_REMOTE_USER_NAME,
    HEADER_TOKEN,
    HEADER_TOKEN_OLD,
-    REQUEST_FROM,
+    IngressSessionData,
    IngressSessionDataUser,
 )
 from ..coresys import CoreSysAttributes
-from .utils import api_process
+from ..exceptions import HomeAssistantAPIError
 from .const import COOKIE_INGRESS
 from .utils import api_process, api_validate, require_home_assistant
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 VALIDATE_SESSION_DATA = vol.Schema({ATTR_SESSION: str})
 """Expected optional payload of create session request"""
 SCHEMA_INGRESS_CREATE_SESSION_DATA = vol.Schema(
    {
        vol.Optional(ATTR_SESSION_DATA_USER_ID): str,
    }
 )
 # from https://github.com/aio-libs/aiohttp/blob/8ae650bee4add9f131d49b96a0a150311ea58cd1/aiohttp/helpers.py#L1059C1-L1079C1
 def must_be_empty_body(method: str, code: int) -> bool:
    """Check if a request must return an empty body."""
    return (
        status_code_must_be_empty_body(code)
        or method_must_be_empty_body(method)
        or (200 <= code < 300 and method.upper() == hdrs.METH_CONNECT)
    )
 def method_must_be_empty_body(method: str) -> bool:
    """Check if a method must return an empty body."""
    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.1
    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.2
    return method.upper() == hdrs.METH_HEAD
 def status_code_must_be_empty_body(code: int) -> bool:
    """Check if a status code must return an empty body."""
    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.1
    return code in {204, 304} or 100 <= code < 200
 class APIIngress(CoreSysAttributes):
    """Ingress view to handle add-on webui routing."""
    _list_of_users: list[IngressSessionDataUser]
    def __init__(self) -> None:
        """Initialize APIIngress."""
        self._list_of_users = []
    def _extract_addon(self, request: web.Request) -> Addon:
        """Return addon, throw an exception it it doesn't exist."""
        token = request.match_info.get("token")
@@ -47,17 +92,12 @@ class APIIngress(CoreSysAttributes):
        return addon
    def _check_ha_access(self, request: web.Request) -> None:
        if request[REQUEST_FROM] != self.sys_homeassistant:
            _LOGGER.warning("Ingress is only available behind Home Assistant")
            raise HTTPUnauthorized()
    def _create_url(self, addon: Addon, path: str) -> str:
        """Create URL to container."""
        return f"http://{addon.ip_address}:{addon.ingress_port}/{path}"
    @api_process
-    async def panels(self, request: web.Request) -> Dict[str, Any]:
+    async def panels(self, request: web.Request) -> dict[str, Any]:
        """Create a list of panel data."""
        addons = {}
        for addon in self.sys_ingress.addons:
@@ -71,18 +111,39 @@ class APIIngress(CoreSysAttributes):
        return {ATTR_PANELS: addons}
    @api_process
-    async def create_session(self, request: web.Request) -> Dict[str, Any]:
+    @require_home_assistant
    async def create_session(self, request: web.Request) -> dict[str, Any]:
        """Create a new session."""
-        self._check_ha_access(request)
+        schema_ingress_config_session_data = await api_validate(
            SCHEMA_INGRESS_CREATE_SESSION_DATA, request
        )
        data: IngressSessionData | None = None
-        session = self.sys_ingress.create_session()
+        if ATTR_SESSION_DATA_USER_ID in schema_ingress_config_session_data:
            user = await self._find_user_by_id(
                schema_ingress_config_session_data[ATTR_SESSION_DATA_USER_ID]
            )
            if user:
                data = IngressSessionData(user)
        session = self.sys_ingress.create_session(data)
        return {ATTR_SESSION: session}
    @api_process
    @require_home_assistant
    async def validate_session(self, request: web.Request) -> dict[str, Any]:
        """Validate session and extending how long it's valid for."""
        data = await api_validate(VALIDATE_SESSION_DATA, request)
        # Check Ingress Session
        if not self.sys_ingress.validate_session(data[ATTR_SESSION]):
            _LOGGER.warning("No valid ingress session %s", data[ATTR_SESSION])
            raise HTTPUnauthorized()
    async def handler(
        self, request: web.Request
-    ) -> Union[web.Response, web.StreamResponse, web.WebSocketResponse]:
+    ) -> web.Response | web.StreamResponse | web.WebSocketResponse:
        """Route data to Supervisor ingress service."""
        self._check_ha_access(request)
        # Check Ingress Session
        session = request.cookies.get(COOKIE_INGRESS)
@@ -93,21 +154,26 @@ class APIIngress(CoreSysAttributes):
        # Process requests
        addon = self._extract_addon(request)
        path = request.match_info.get("path")
        session_data = self.sys_ingress.get_session_data(session)
        try:
            # Websocket
            if _is_websocket(request):
-                return await self._handle_websocket(request, addon, path)
+                return await self._handle_websocket(request, addon, path, session_data)
            # Request
-            return await self._handle_request(request, addon, path)
+            return await self._handle_request(request, addon, path, session_data)
        except aiohttp.ClientError as err:
            _LOGGER.error("Ingress error: %s", err)
-        raise HTTPBadGateway() from None
+        raise HTTPBadGateway()
    async def _handle_websocket(
-        self, request: web.Request, addon: Addon, path: str
+        self,
        request: web.Request,
        addon: Addon,
        path: str,
        session_data: IngressSessionData | None,
    ) -> web.WebSocketResponse:
        """Ingress route for websocket."""
        if hdrs.SEC_WEBSOCKET_PROTOCOL in request.headers:
@@ -125,7 +191,7 @@ class APIIngress(CoreSysAttributes):
        # Preparing
        url = self._create_url(addon, path)
-        source_header = _init_header(request, addon)
+        source_header = _init_header(request, addon, session_data)
        # Support GET query
        if request.query_string:
@@ -142,8 +208,8 @@ class APIIngress(CoreSysAttributes):
            # Proxy requests
            await asyncio.wait(
                [
-                    _websocket_forward(ws_server, ws_client),
+                    self.sys_create_task(_websocket_forward(ws_server, ws_client)),
-                    _websocket_forward(ws_client, ws_server),
+                    self.sys_create_task(_websocket_forward(ws_client, ws_server)),
                ],
                return_when=asyncio.FIRST_COMPLETED,
            )
@@ -151,12 +217,25 @@ class APIIngress(CoreSysAttributes):
        return ws_server
    async def _handle_request(
-        self, request: web.Request, addon: Addon, path: str
+        self,
-    ) -> Union[web.Response, web.StreamResponse]:
+        request: web.Request,
        addon: Addon,
        path: str,
        session_data: IngressSessionData | None,
    ) -> web.Response | web.StreamResponse:
        """Ingress route for request."""
        url = self._create_url(addon, path)
-        data = await request.read()
+        source_header = _init_header(request, addon, session_data)
-        source_header = _init_header(request, addon)
+
        # Passing the raw stream breaks requests for some webservers
        # since we just need it for POST requests really, for all other methods
        # we read the bytes and pass that to the request to the add-on
        # add-ons needs to add support with that in the configuration
        data = (
            request.content
            if request.method == "POST" and addon.ingress_stream
            else await request.read()
        )
        async with self.sys_websession.request(
            request.method,
@@ -165,12 +244,22 @@ class APIIngress(CoreSysAttributes):
            params=request.query,
            allow_redirects=False,
            data=data,
            timeout=ClientTimeout(total=None),
            skip_auto_headers={hdrs.CONTENT_TYPE},
        ) as result:
            headers = _response_header(result)
-
+            # Avoid parsing content_type in simple cases for better performance
            if maybe_content_type := result.headers.get(hdrs.CONTENT_TYPE):
                content_type = (maybe_content_type.partition(";"))[0].strip()
            else:
                content_type = result.content_type
            # Simple request
            if (
-                hdrs.CONTENT_LENGTH in result.headers
+                # empty body responses should not be streamed,
                # otherwise aiohttp < 3.9.0 may generate
                # an invalid "0\r\n\r\n" chunk instead of an empty response.
                must_be_empty_body(request.method, result.status)
                or hdrs.CONTENT_LENGTH in result.headers
                and int(result.headers.get(hdrs.CONTENT_LENGTH, 0)) < 4_194_000
            ):
                # Return Response
@@ -178,42 +267,72 @@ class APIIngress(CoreSysAttributes):
                return web.Response(
                    headers=headers,
                    status=result.status,
-                    content_type=result.content_type,
+                    content_type=content_type,
                    body=body,
                )
            # Stream response
            response = web.StreamResponse(status=result.status, headers=headers)
-            response.content_type = result.content_type
+            response.content_type = content_type
            try:
                await response.prepare(request)
                async for data in result.content.iter_chunked(4096):
                    await response.write(data)
-            except (aiohttp.ClientError, aiohttp.ClientPayloadError) as err:
+            except (
                aiohttp.ClientError,
                aiohttp.ClientPayloadError,
                ConnectionResetError,
            ) as err:
                _LOGGER.error("Stream error with %s: %s", url, err)
            return response
    async def _find_user_by_id(self, user_id: str) -> IngressSessionDataUser | None:
        """Find user object by the user's ID."""
        try:
            list_of_users = await self.sys_homeassistant.get_users()
        except (HomeAssistantAPIError, TypeError) as err:
            _LOGGER.error(
                "%s error occurred while requesting list of users: %s", type(err), err
            )
            return None
        if list_of_users is not None:
            self._list_of_users = list_of_users
        return next((user for user in self._list_of_users if user.id == user_id), None)
 def _init_header(
-    request: web.Request, addon: str
+    request: web.Request, addon: Addon, session_data: IngressSessionData | None
-) -> Union[CIMultiDict, Dict[str, str]]:
+) -> CIMultiDict | dict[str, str]:
    """Create initial header."""
    headers = {}
    if session_data is not None:
        headers[HEADER_REMOTE_USER_ID] = session_data.user.id
        if session_data.user.username is not None:
            headers[HEADER_REMOTE_USER_NAME] = session_data.user.username
        if session_data.user.display_name is not None:
            headers[HEADER_REMOTE_USER_DISPLAY_NAME] = session_data.user.display_name
    # filter flags
    for name, value in request.headers.items():
        if name in (
            hdrs.CONTENT_LENGTH,
            hdrs.CONTENT_ENCODING,
            hdrs.TRANSFER_ENCODING,
            hdrs.SEC_WEBSOCKET_EXTENSIONS,
            hdrs.SEC_WEBSOCKET_PROTOCOL,
            hdrs.SEC_WEBSOCKET_VERSION,
            hdrs.SEC_WEBSOCKET_KEY,
            istr(HEADER_TOKEN),
            istr(HEADER_TOKEN_OLD),
            istr(HEADER_REMOTE_USER_ID),
            istr(HEADER_REMOTE_USER_NAME),
            istr(HEADER_REMOTE_USER_DISPLAY_NAME),
        ):
            continue
        headers[name] = value
@@ -226,7 +345,7 @@ def _init_header(
    return headers
-def _response_header(response: aiohttp.ClientResponse) -> Dict[str, str]:
+def _response_header(response: aiohttp.ClientResponse) -> dict[str, str]:
    """Create response header."""
    headers = {}
--- a/supervisor/api/jobs.py
+++ b/supervisor/api/jobs.py
@@ -0,0 +1,80 @@
 """Init file for Supervisor Jobs RESTful API."""
 import logging
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..coresys import CoreSysAttributes
 from ..jobs import SupervisorJob
 from ..jobs.const import ATTR_IGNORE_CONDITIONS, JobCondition
 from .const import ATTR_JOBS
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_OPTIONS = vol.Schema(
    {vol.Optional(ATTR_IGNORE_CONDITIONS): [vol.Coerce(JobCondition)]}
 )
 class APIJobs(CoreSysAttributes):
    """Handle RESTful API for OS functions."""
    def _list_jobs(self) -> list[dict[str, Any]]:
        """Return current job tree."""
        jobs_by_parent: dict[str | None, list[SupervisorJob]] = {}
        for job in self.sys_jobs.jobs:
            if job.internal:
                continue
            if job.parent_id not in jobs_by_parent:
                jobs_by_parent[job.parent_id] = [job]
            else:
                jobs_by_parent[job.parent_id].append(job)
        job_list: list[dict[str, Any]] = []
        queue: list[tuple[list[dict[str, Any]], SupervisorJob]] = [
            (job_list, job) for job in jobs_by_parent.get(None, [])
        ]
        while queue:
            (current_list, current_job) = queue.pop(0)
            child_jobs: list[dict[str, Any]] = []
            # We remove parent_id and instead use that info to represent jobs as a tree
            job_dict = current_job.as_dict() | {"child_jobs": child_jobs}
            job_dict.pop("parent_id")
            current_list.append(job_dict)
            if current_job.uuid in jobs_by_parent:
                queue.extend(
                    [(child_jobs, job) for job in jobs_by_parent.get(current_job.uuid)]
                )
        return job_list
    @api_process
    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return JobManager information."""
        return {
            ATTR_IGNORE_CONDITIONS: self.sys_jobs.ignore_conditions,
            ATTR_JOBS: self._list_jobs(),
        }
    @api_process
    async def options(self, request: web.Request) -> None:
        """Set options for JobManager."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        if ATTR_IGNORE_CONDITIONS in body:
            self.sys_jobs.ignore_conditions = body[ATTR_IGNORE_CONDITIONS]
        self.sys_jobs.save_data()
        await self.sys_resolution.evaluate.evaluate_system()
    @api_process
    async def reset(self, request: web.Request) -> None:
        """Reset options for JobManager."""
        self.sys_jobs.reset_data()
--- a/supervisor/api/middleware/init.py
+++ b/supervisor/api/middleware/init.py
@@ -0,0 +1 @@
 """API middleware for aiohttp."""
--- a/supervisor/api/middleware/security.py
+++ b/supervisor/api/middleware/security.py
@@ -0,0 +1,313 @@
 """Handle security part of this API."""
 import logging
 import re
 from typing import Final
 from urllib.parse import unquote
 from aiohttp.web import Request, RequestHandler, Response, middleware
 from aiohttp.web_exceptions import HTTPBadRequest, HTTPForbidden, HTTPUnauthorized
 from awesomeversion import AwesomeVersion
 from ...addons.const import RE_SLUG
 from ...const import (
    REQUEST_FROM,
    ROLE_ADMIN,
    ROLE_BACKUP,
    ROLE_DEFAULT,
    ROLE_HOMEASSISTANT,
    ROLE_MANAGER,
    CoreState,
 )
 from ...coresys import CoreSys, CoreSysAttributes
 from ...utils import version_is_new_enough
 from ..utils import api_return_error, excract_supervisor_token
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 _CORE_VERSION: Final = AwesomeVersion("2023.3.4")
 # fmt: off
 _CORE_FRONTEND_PATHS: Final = (
    r"|/app/.*\.(?:js|gz|json|map|woff2)"
    r"|/(store/)?addons/" + RE_SLUG + r"/(logo|icon)"
 )
 CORE_FRONTEND: Final = re.compile(
    r"^(?:" + _CORE_FRONTEND_PATHS + r")$"
 )
 # Block Anytime
 BLACKLIST: Final = re.compile(
    r"^(?:"
    r"|/homeassistant/api/hassio/.*"
    r"|/core/api/hassio/.*"
    r")$"
 )
 # Free to call or have own security concepts
 NO_SECURITY_CHECK: Final = re.compile(
    r"^(?:"
    r"|/homeassistant/api/.*"
    r"|/homeassistant/websocket"
    r"|/core/api/.*"
    r"|/core/websocket"
    r"|/supervisor/ping"
    r"|/ingress/[-_A-Za-z0-9]+/.*"
    + _CORE_FRONTEND_PATHS
    + r")$"
 )
 # Observer allow API calls
 OBSERVER_CHECK: Final = re.compile(
    r"^(?:"
    r"|/.+/info"
    r")$"
 )
 # Can called by every add-on
 ADDONS_API_BYPASS: Final = re.compile(
    r"^(?:"
    r"|/addons/self/(?!security|update)[^/]+"
    r"|/addons/self/options/config"
    r"|/info"
    r"|/services.*"
    r"|/discovery.*"
    r"|/auth"
    r")$"
 )
 # Policy role add-on API access
 ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
    ROLE_DEFAULT: re.compile(
        r"^(?:"
        r"|/.+/info"
        r")$"
    ),
    ROLE_HOMEASSISTANT: re.compile(
        r"^(?:"
        r"|/.+/info"
        r"|/core/.+"
        r"|/homeassistant/.+"
        r")$"
    ),
    ROLE_BACKUP: re.compile(
        r"^(?:"
        r"|/.+/info"
        r"|/backups.*"
        r")$"
    ),
    ROLE_MANAGER: re.compile(
        r"^(?:"
        r"|/.+/info"
        r"|/addons(?:/" + RE_SLUG + r"/(?!security).+|/reload)?"
        r"|/audio/.+"
        r"|/auth/cache"
        r"|/cli/.+"
        r"|/core/.+"
        r"|/dns/.+"
        r"|/docker/.+"
        r"|/jobs/.+"
        r"|/hardware/.+"
        r"|/hassos/.+"
        r"|/homeassistant/.+"
        r"|/host/.+"
        r"|/multicast/.+"
        r"|/network/.+"
        r"|/observer/.+"
        r"|/os/.+"
        r"|/resolution/.+"
        r"|/backups.*"
        r"|/snapshots.*"
        r"|/store.*"
        r"|/supervisor/.+"
        r"|/security/.+"
        r")$"
    ),
    ROLE_ADMIN: re.compile(
        r".*"
    ),
 }
 FILTERS: Final = re.compile(
    r"(?:"
    # Common exploits
    r"proc/self/environ"
    r"|(<|%3C).*script.*(>|%3E)"
    # File Injections
    r"|(\.\.//?)+"  # ../../anywhere
    r"|[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"  # .html?v=/.//test
    # SQL Injections
    r"|union.*select.*\("
    r"|union.*all.*select.*"
    r"|concat.*\("
    r")",
    flags=re.IGNORECASE,
 )
 # fmt: on
 class SecurityMiddleware(CoreSysAttributes):
    """Security middleware functions."""
    def __init__(self, coresys: CoreSys):
        """Initialize security middleware."""
        self.coresys: CoreSys = coresys
    def _recursive_unquote(self, value: str) -> str:
        """Handle values that are encoded multiple times."""
        if (unquoted := unquote(value)) != value:
            unquoted = self._recursive_unquote(unquoted)
        return unquoted
    @middleware
    async def block_bad_requests(
        self, request: Request, handler: RequestHandler
    ) -> Response:
        """Process request and tblock commonly known exploit attempts."""
        if FILTERS.search(self._recursive_unquote(request.path)):
            _LOGGER.warning(
                "Filtered a potential harmful request to: %s", request.raw_path
            )
            raise HTTPBadRequest
        if FILTERS.search(self._recursive_unquote(request.query_string)):
            _LOGGER.warning(
                "Filtered a request with a potential harmful query string: %s",
                request.raw_path,
            )
            raise HTTPBadRequest
        return await handler(request)
    @middleware
    async def system_validation(
        self, request: Request, handler: RequestHandler
    ) -> Response:
        """Check if core is ready to response."""
        if self.sys_core.state not in (
            CoreState.STARTUP,
            CoreState.RUNNING,
            CoreState.FREEZE,
        ):
            return api_return_error(
                message=f"System is not ready with state: {self.sys_core.state}"
            )
        return await handler(request)
    @middleware
    async def token_validation(
        self, request: Request, handler: RequestHandler
    ) -> Response:
        """Check security access of this layer."""
        request_from = None
        supervisor_token = excract_supervisor_token(request)
        # Blacklist
        if BLACKLIST.match(request.path):
            _LOGGER.error("%s is blacklisted!", request.path)
            raise HTTPForbidden()
        # Ignore security check
        if NO_SECURITY_CHECK.match(request.path):
            _LOGGER.debug("Passthrough %s", request.path)
            request[REQUEST_FROM] = None
            return await handler(request)
        # Not token
        if not supervisor_token:
            _LOGGER.warning("No API token provided for %s", request.path)
            raise HTTPUnauthorized()
        # Home-Assistant
        if supervisor_token == self.sys_homeassistant.supervisor_token:
            _LOGGER.debug("%s access from Home Assistant", request.path)
            request_from = self.sys_homeassistant
        # Host
        if supervisor_token == self.sys_plugins.cli.supervisor_token:
            _LOGGER.debug("%s access from Host", request.path)
            request_from = self.sys_host
        # Observer
        if supervisor_token == self.sys_plugins.observer.supervisor_token:
            if not OBSERVER_CHECK.match(request.path):
                _LOGGER.warning("%s invalid Observer access", request.path)
                raise HTTPForbidden()
            _LOGGER.debug("%s access from Observer", request.path)
            request_from = self.sys_plugins.observer
        # Add-on
        addon = None
        if supervisor_token and not request_from:
            addon = self.sys_addons.from_token(supervisor_token)
        # Check Add-on API access
        if addon and ADDONS_API_BYPASS.match(request.path):
            _LOGGER.debug("Passthrough %s from %s", request.path, addon.slug)
            request_from = addon
        elif addon and addon.access_hassio_api:
            # Check Role
            if ADDONS_ROLE_ACCESS[addon.hassio_role].match(request.path):
                _LOGGER.info("%s access from %s", request.path, addon.slug)
                request_from = addon
            else:
                _LOGGER.warning("%s no role for %s", request.path, addon.slug)
        elif addon:
            _LOGGER.warning(
                "%s missing API permission for %s", addon.slug, request.path
            )
        if request_from:
            request[REQUEST_FROM] = request_from
            return await handler(request)
        _LOGGER.error("Invalid token for access %s", request.path)
        raise HTTPForbidden()
    @middleware
    async def core_proxy(self, request: Request, handler: RequestHandler) -> Response:
        """Validate user from Core API proxy."""
        if request[REQUEST_FROM] != self.sys_homeassistant or version_is_new_enough(
            self.sys_homeassistant.version, _CORE_VERSION
        ):
            return await handler(request)
        authorization_index: int | None = None
        content_type_index: int | None = None
        user_request: bool = False
        admin_request: bool = False
        ingress_request: bool = False
        for idx, (key, value) in enumerate(request.raw_headers):
            if key in (b"Authorization", b"X-Hassio-Key"):
                authorization_index = idx
            elif key == b"Content-Type":
                content_type_index = idx
            elif key == b"X-Hass-User-ID":
                user_request = True
            elif key == b"X-Hass-Is-Admin":
                admin_request = value == b"1"
            elif key == b"X-Ingress-Path":
                ingress_request = True
        if (user_request or admin_request) and not ingress_request:
            return await handler(request)
        is_proxy_request = (
            authorization_index is not None
            and content_type_index is not None
            and content_type_index - authorization_index == 1
        )
        if (
            not CORE_FRONTEND.match(request.path) and is_proxy_request
        ) or ingress_request:
            raise HTTPBadRequest()
        return await handler(request)
--- a/supervisor/api/mounts.py
+++ b/supervisor/api/mounts.py
@@ -0,0 +1,124 @@
 """Inits file for supervisor mounts REST API."""
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..const import ATTR_NAME, ATTR_STATE
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..mounts.const import ATTR_DEFAULT_BACKUP_MOUNT, MountUsage
 from ..mounts.mount import Mount
 from ..mounts.validate import SCHEMA_MOUNT_CONFIG
 from .const import ATTR_MOUNTS
 from .utils import api_process, api_validate
 SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_DEFAULT_BACKUP_MOUNT): vol.Maybe(str),
    }
 )
 class APIMounts(CoreSysAttributes):
    """Handle REST API for mounting options."""
    @api_process
    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return MountManager info."""
        return {
            ATTR_DEFAULT_BACKUP_MOUNT: self.sys_mounts.default_backup_mount.name
            if self.sys_mounts.default_backup_mount
            else None,
            ATTR_MOUNTS: [
                mount.to_dict() | {ATTR_STATE: mount.state}
                for mount in self.sys_mounts.mounts
            ],
        }
    @api_process
    async def options(self, request: web.Request) -> None:
        """Set Mount Manager options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        if ATTR_DEFAULT_BACKUP_MOUNT in body:
            name: str | None = body[ATTR_DEFAULT_BACKUP_MOUNT]
            if name is None:
                self.sys_mounts.default_backup_mount = None
            elif (mount := self.sys_mounts.get(name)).usage != MountUsage.BACKUP:
                raise APIError(
                    f"Mount {name} is not used for backups, cannot use it as default backup mount"
                )
            else:
                self.sys_mounts.default_backup_mount = mount
        self.sys_mounts.save_data()
    @api_process
    async def create_mount(self, request: web.Request) -> None:
        """Create a new mount in supervisor."""
        body = await api_validate(SCHEMA_MOUNT_CONFIG, request)
        if body[ATTR_NAME] in self.sys_mounts:
            raise APIError(f"A mount already exists with name {body[ATTR_NAME]}")
        mount = Mount.from_dict(self.coresys, body)
        await self.sys_mounts.create_mount(mount)
        # If it's a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
            # If there's no default backup mount, set it to the new mount
            if not self.sys_mounts.default_backup_mount:
                self.sys_mounts.default_backup_mount = mount
        self.sys_mounts.save_data()
    @api_process
    async def update_mount(self, request: web.Request) -> None:
        """Update an existing mount in supervisor."""
        name = request.match_info.get("mount")
        name_schema = vol.Schema(
            {vol.Optional(ATTR_NAME, default=name): name}, extra=vol.ALLOW_EXTRA
        )
        body = await api_validate(vol.All(name_schema, SCHEMA_MOUNT_CONFIG), request)
        if name not in self.sys_mounts:
            raise APIError(f"No mount exists with name {name}")
        mount = Mount.from_dict(self.coresys, body)
        await self.sys_mounts.create_mount(mount)
        # If it's a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
        # If this mount was the default backup mount and isn't for backups any more, remove it
        elif self.sys_mounts.default_backup_mount == mount:
            self.sys_mounts.default_backup_mount = None
        self.sys_mounts.save_data()
    @api_process
    async def delete_mount(self, request: web.Request) -> None:
        """Delete an existing mount in supervisor."""
        name = request.match_info.get("mount")
        mount = await self.sys_mounts.remove_mount(name)
        # If it was a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
        self.sys_mounts.save_data()
    @api_process
    async def reload_mount(self, request: web.Request) -> None:
        """Reload an existing mount in supervisor."""
        name = request.match_info.get("mount")
        await self.sys_mounts.reload_mount(name)
        # If it's a backup mount, reload backups
        if self.sys_mounts.get(name).usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
--- a/supervisor/api/multicast.py
+++ b/supervisor/api/multicast.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Multicast RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -15,33 +16,35 @@ from ..const import (
    ATTR_MEMORY_USAGE,
    ATTR_NETWORK_RX,
    ATTR_NETWORK_TX,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
-from ..validate import simple_version
+from ..validate import version_tag
 from .const import CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): simple_version})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 class APIMulticast(CoreSysAttributes):
    """Handle RESTful API for Multicast functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return Multicast information."""
        return {
            ATTR_VERSION: self.sys_plugins.multicast.version,
            ATTR_VERSION_LATEST: self.sys_plugins.multicast.latest_version,
            ATTR_UPDATE_AVAILABLE: self.sys_plugins.multicast.need_update,
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.multicast.stats()
--- a/supervisor/api/network.py
+++ b/supervisor/api/network.py
@@ -0,0 +1,292 @@
 """REST API for network."""
 import asyncio
 from collections.abc import Awaitable
 from dataclasses import replace
 from ipaddress import ip_address, ip_interface
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..const import (
    ATTR_ACCESSPOINTS,
    ATTR_ADDRESS,
    ATTR_AUTH,
    ATTR_CONNECTED,
    ATTR_DNS,
    ATTR_DOCKER,
    ATTR_ENABLED,
    ATTR_FREQUENCY,
    ATTR_GATEWAY,
    ATTR_HOST_INTERNET,
    ATTR_ID,
    ATTR_INTERFACE,
    ATTR_INTERFACES,
    ATTR_IPV4,
    ATTR_IPV6,
    ATTR_MAC,
    ATTR_METHOD,
    ATTR_MODE,
    ATTR_NAMESERVERS,
    ATTR_PARENT,
    ATTR_PRIMARY,
    ATTR_PSK,
    ATTR_READY,
    ATTR_SIGNAL,
    ATTR_SSID,
    ATTR_SUPERVISOR_INTERNET,
    ATTR_TYPE,
    ATTR_VLAN,
    ATTR_WIFI,
    DOCKER_NETWORK,
    DOCKER_NETWORK_MASK,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError, HostNetworkNotFound
 from ..host.configuration import (
    AccessPoint,
    Interface,
    InterfaceMethod,
    IpConfig,
    VlanConfig,
    WifiConfig,
 )
 from ..host.const import AuthMethod, InterfaceType, WifiMode
 from .utils import api_process, api_validate
 _SCHEMA_IP_CONFIG = vol.Schema(
    {
        vol.Optional(ATTR_ADDRESS): [vol.Coerce(ip_interface)],
        vol.Optional(ATTR_METHOD): vol.Coerce(InterfaceMethod),
        vol.Optional(ATTR_GATEWAY): vol.Coerce(ip_address),
        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(ip_address)],
    }
 )
 _SCHEMA_WIFI_CONFIG = vol.Schema(
    {
        vol.Optional(ATTR_MODE): vol.Coerce(WifiMode),
        vol.Optional(ATTR_AUTH): vol.Coerce(AuthMethod),
        vol.Optional(ATTR_SSID): str,
        vol.Optional(ATTR_PSK): str,
    }
 )
 # pylint: disable=no-value-for-parameter
 SCHEMA_UPDATE = vol.Schema(
    {
        vol.Optional(ATTR_IPV4): _SCHEMA_IP_CONFIG,
        vol.Optional(ATTR_IPV6): _SCHEMA_IP_CONFIG,
        vol.Optional(ATTR_WIFI): _SCHEMA_WIFI_CONFIG,
        vol.Optional(ATTR_ENABLED): vol.Boolean(),
    }
 )
 def ipconfig_struct(config: IpConfig) -> dict[str, Any]:
    """Return a dict with information about ip configuration."""
    return {
        ATTR_METHOD: config.method,
        ATTR_ADDRESS: [address.with_prefixlen for address in config.address],
        ATTR_NAMESERVERS: [str(address) for address in config.nameservers],
        ATTR_GATEWAY: str(config.gateway) if config.gateway else None,
        ATTR_READY: config.ready,
    }
 def wifi_struct(config: WifiConfig) -> dict[str, Any]:
    """Return a dict with information about wifi configuration."""
    return {
        ATTR_MODE: config.mode,
        ATTR_AUTH: config.auth,
        ATTR_SSID: config.ssid,
        ATTR_SIGNAL: config.signal,
    }
 def vlan_struct(config: VlanConfig) -> dict[str, Any]:
    """Return a dict with information about VLAN configuration."""
    return {
        ATTR_ID: config.id,
        ATTR_PARENT: config.interface,
    }
 def interface_struct(interface: Interface) -> dict[str, Any]:
    """Return a dict with information of a interface to be used in th API."""
    return {
        ATTR_INTERFACE: interface.name,
        ATTR_TYPE: interface.type,
        ATTR_ENABLED: interface.enabled,
        ATTR_CONNECTED: interface.connected,
        ATTR_PRIMARY: interface.primary,
        ATTR_MAC: interface.mac,
        ATTR_IPV4: ipconfig_struct(interface.ipv4) if interface.ipv4 else None,
        ATTR_IPV6: ipconfig_struct(interface.ipv6) if interface.ipv6 else None,
        ATTR_WIFI: wifi_struct(interface.wifi) if interface.wifi else None,
        ATTR_VLAN: vlan_struct(interface.vlan) if interface.vlan else None,
    }
 def accesspoint_struct(accesspoint: AccessPoint) -> dict[str, Any]:
    """Return a dict for AccessPoint."""
    return {
        ATTR_MODE: accesspoint.mode,
        ATTR_SSID: accesspoint.ssid,
        ATTR_FREQUENCY: accesspoint.frequency,
        ATTR_SIGNAL: accesspoint.signal,
        ATTR_MAC: accesspoint.mac,
    }
 class APINetwork(CoreSysAttributes):
    """Handle REST API for network."""
    def _get_interface(self, name: str) -> Interface:
        """Get Interface by name or default."""
        if name.lower() == "default":
            for interface in self.sys_host.network.interfaces:
                if not interface.primary:
                    continue
                return interface
        else:
            try:
                return self.sys_host.network.get(name)
            except HostNetworkNotFound:
                pass
        raise APIError(f"Interface {name} does not exist") from None
    @api_process
    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return network information."""
        return {
            ATTR_INTERFACES: [
                interface_struct(interface)
                for interface in self.sys_host.network.interfaces
            ],
            ATTR_DOCKER: {
                ATTR_INTERFACE: DOCKER_NETWORK,
                ATTR_ADDRESS: str(DOCKER_NETWORK_MASK),
                ATTR_GATEWAY: str(self.sys_docker.network.gateway),
                ATTR_DNS: str(self.sys_docker.network.dns),
            },
            ATTR_HOST_INTERNET: self.sys_host.network.connectivity,
            ATTR_SUPERVISOR_INTERNET: self.sys_supervisor.connectivity,
        }
    @api_process
    async def interface_info(self, request: web.Request) -> dict[str, Any]:
        """Return network information for a interface."""
        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
        return interface_struct(interface)
    @api_process
    async def interface_update(self, request: web.Request) -> None:
        """Update the configuration of an interface."""
        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
        # Validate data
        body = await api_validate(SCHEMA_UPDATE, request)
        if not body:
            raise APIError("You need to supply at least one option to update")
        # Apply config
        for key, config in body.items():
            if key == ATTR_IPV4:
                interface.ipv4 = replace(
                    interface.ipv4
                    or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
                    **config,
                )
            elif key == ATTR_IPV6:
                interface.ipv6 = replace(
                    interface.ipv6
                    or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
                    **config,
                )
            elif key == ATTR_WIFI:
                interface.wifi = replace(
                    interface.wifi
                    or WifiConfig(
                        WifiMode.INFRASTRUCTURE, "", AuthMethod.OPEN, None, None
                    ),
                    **config,
                )
            elif key == ATTR_ENABLED:
                interface.enabled = config
        await asyncio.shield(self.sys_host.network.apply_changes(interface))
    @api_process
    def reload(self, request: web.Request) -> Awaitable[None]:
        """Reload network data."""
        return asyncio.shield(
            self.sys_host.network.update(force_connectivity_check=True)
        )
    @api_process
    async def scan_accesspoints(self, request: web.Request) -> dict[str, Any]:
        """Scan and return a list of available networks."""
        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
        # Only wlan is supported
        if interface.type != InterfaceType.WIRELESS:
            raise APIError(f"Interface {interface.name} is not a valid wireless card!")
        ap_list = await self.sys_host.network.scan_wifi(interface)
        return {ATTR_ACCESSPOINTS: [accesspoint_struct(ap) for ap in ap_list]}
    @api_process
    async def create_vlan(self, request: web.Request) -> None:
        """Create a new vlan."""
        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
        vlan = int(request.match_info.get(ATTR_VLAN))
        # Only ethernet is supported
        if interface.type != InterfaceType.ETHERNET:
            raise APIError(
                f"Interface {interface.name} is not a valid ethernet card for vlan!"
            )
        body = await api_validate(SCHEMA_UPDATE, request)
        vlan_config = VlanConfig(vlan, interface.name)
        ipv4_config = None
        if ATTR_IPV4 in body:
            ipv4_config = IpConfig(
                body[ATTR_IPV4].get(ATTR_METHOD, InterfaceMethod.AUTO),
                body[ATTR_IPV4].get(ATTR_ADDRESS, []),
                body[ATTR_IPV4].get(ATTR_GATEWAY, None),
                body[ATTR_IPV4].get(ATTR_NAMESERVERS, []),
                None,
            )
        ipv6_config = None
        if ATTR_IPV6 in body:
            ipv6_config = IpConfig(
                body[ATTR_IPV6].get(ATTR_METHOD, InterfaceMethod.AUTO),
                body[ATTR_IPV6].get(ATTR_ADDRESS, []),
                body[ATTR_IPV6].get(ATTR_GATEWAY, None),
                body[ATTR_IPV6].get(ATTR_NAMESERVERS, []),
                None,
            )
        vlan_interface = Interface(
            "",
            "",
            "",
            True,
            True,
            False,
            InterfaceType.VLAN,
            ipv4_config,
            ipv6_config,
            None,
            vlan_config,
        )
        await asyncio.shield(self.sys_host.network.apply_changes(vlan_interface))
--- a/supervisor/api/observer.py
+++ b/supervisor/api/observer.py
@@ -0,0 +1,67 @@
 """Init file for Supervisor Observer RESTful API."""
 import asyncio
 import logging
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..const import (
    ATTR_BLK_READ,
    ATTR_BLK_WRITE,
    ATTR_CPU_PERCENT,
    ATTR_HOST,
    ATTR_MEMORY_LIMIT,
    ATTR_MEMORY_PERCENT,
    ATTR_MEMORY_USAGE,
    ATTR_NETWORK_RX,
    ATTR_NETWORK_TX,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
 from ..validate import version_tag
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 class APIObserver(CoreSysAttributes):
    """Handle RESTful API for Observer functions."""
    @api_process
    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return HA Observer information."""
        return {
            ATTR_HOST: str(self.sys_docker.network.observer),
            ATTR_VERSION: self.sys_plugins.observer.version,
            ATTR_VERSION_LATEST: self.sys_plugins.observer.latest_version,
            ATTR_UPDATE_AVAILABLE: self.sys_plugins.observer.need_update,
        }
    @api_process
    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.observer.stats()
        return {
            ATTR_CPU_PERCENT: stats.cpu_percent,
            ATTR_MEMORY_USAGE: stats.memory_usage,
            ATTR_MEMORY_LIMIT: stats.memory_limit,
            ATTR_MEMORY_PERCENT: stats.memory_percent,
            ATTR_NETWORK_RX: stats.network_rx,
            ATTR_NETWORK_TX: stats.network_tx,
            ATTR_BLK_READ: stats.blk_read,
            ATTR_BLK_WRITE: stats.blk_write,
        }
    @api_process
    async def update(self, request: web.Request) -> None:
        """Update HA observer."""
        body = await api_validate(SCHEMA_VERSION, request)
        version = body.get(ATTR_VERSION, self.sys_plugins.observer.latest_version)
        await asyncio.shield(self.sys_plugins.observer.update(version))
--- a/supervisor/api/os.py
+++ b/supervisor/api/os.py
@@ -1,43 +1,181 @@
 """Init file for Supervisor HassOS RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
-from ..const import ATTR_BOARD, ATTR_BOOT, ATTR_VERSION, ATTR_VERSION_LATEST
+from ..const import (
    ATTR_ACTIVITY_LED,
    ATTR_BOARD,
    ATTR_BOOT,
    ATTR_DEVICES,
    ATTR_DISK_LED,
    ATTR_HEARTBEAT_LED,
    ATTR_ID,
    ATTR_NAME,
    ATTR_POWER_LED,
    ATTR_SERIAL,
    ATTR_SIZE,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
-from ..validate import complex_version
+from ..exceptions import BoardInvalidError
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..validate import version_tag
 from .const import (
    ATTR_DATA_DISK,
    ATTR_DEV_PATH,
    ATTR_DEVICE,
    ATTR_DISKS,
    ATTR_MODEL,
    ATTR_SYSTEM_HEALTH_LED,
    ATTR_VENDOR,
 )
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): complex_version})
+# pylint: disable=no-value-for-parameter
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): str})
 SCHEMA_YELLOW_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_DISK_LED): vol.Boolean(),
        vol.Optional(ATTR_HEARTBEAT_LED): vol.Boolean(),
        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
    }
 )
 SCHEMA_GREEN_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_ACTIVITY_LED): vol.Boolean(),
        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
        vol.Optional(ATTR_SYSTEM_HEALTH_LED): vol.Boolean(),
    }
 )
 # pylint: enable=no-value-for-parameter
 class APIOS(CoreSysAttributes):
    """Handle RESTful API for OS functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return OS information."""
        return {
-            ATTR_VERSION: self.sys_hassos.version,
+            ATTR_VERSION: self.sys_os.version,
-            ATTR_VERSION_LATEST: self.sys_hassos.latest_version,
+            ATTR_VERSION_LATEST: self.sys_os.latest_version,
-            ATTR_BOARD: self.sys_hassos.board,
+            ATTR_UPDATE_AVAILABLE: self.sys_os.need_update,
            ATTR_BOARD: self.sys_os.board,
            ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
            ATTR_DATA_DISK: self.sys_os.datadisk.disk_used_id,
        }
    @api_process
    async def update(self, request: web.Request) -> None:
        """Update OS."""
        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.sys_hassos.latest_version)
+        version = body.get(ATTR_VERSION, self.sys_os.latest_version)
-        await asyncio.shield(self.sys_hassos.update(version))
+        await asyncio.shield(self.sys_os.update(version))
    @api_process
    def config_sync(self, request: web.Request) -> Awaitable[None]:
        """Trigger config reload on OS."""
-        return asyncio.shield(self.sys_hassos.config_sync())
+        return asyncio.shield(self.sys_os.config_sync())
    @api_process
    async def migrate_data(self, request: web.Request) -> None:
        """Trigger data disk migration on Host."""
        body = await api_validate(SCHEMA_DISK, request)
        await asyncio.shield(self.sys_os.datadisk.migrate_disk(body[ATTR_DEVICE]))
    @api_process
    async def list_data(self, request: web.Request) -> dict[str, Any]:
        """Return possible data targets."""
        return {
            ATTR_DEVICES: [disk.id for disk in self.sys_os.datadisk.available_disks],
            ATTR_DISKS: [
                {
                    ATTR_NAME: disk.name,
                    ATTR_VENDOR: disk.vendor,
                    ATTR_MODEL: disk.model,
                    ATTR_SERIAL: disk.serial,
                    ATTR_SIZE: disk.size,
                    ATTR_ID: disk.id,
                    ATTR_DEV_PATH: disk.device_path.as_posix(),
                }
                for disk in self.sys_os.datadisk.available_disks
            ],
        }
    @api_process
    async def boards_green_info(self, request: web.Request) -> dict[str, Any]:
        """Get green board settings."""
        return {
            ATTR_ACTIVITY_LED: self.sys_dbus.agent.board.green.activity_led,
            ATTR_POWER_LED: self.sys_dbus.agent.board.green.power_led,
            ATTR_SYSTEM_HEALTH_LED: self.sys_dbus.agent.board.green.user_led,
        }
    @api_process
    async def boards_green_options(self, request: web.Request) -> None:
        """Update green board settings."""
        body = await api_validate(SCHEMA_GREEN_OPTIONS, request)
        if ATTR_ACTIVITY_LED in body:
            self.sys_dbus.agent.board.green.activity_led = body[ATTR_ACTIVITY_LED]
        if ATTR_POWER_LED in body:
            self.sys_dbus.agent.board.green.power_led = body[ATTR_POWER_LED]
        if ATTR_SYSTEM_HEALTH_LED in body:
            self.sys_dbus.agent.board.green.user_led = body[ATTR_SYSTEM_HEALTH_LED]
        self.sys_dbus.agent.board.green.save_data()
    @api_process
    async def boards_yellow_info(self, request: web.Request) -> dict[str, Any]:
        """Get yellow board settings."""
        return {
            ATTR_DISK_LED: self.sys_dbus.agent.board.yellow.disk_led,
            ATTR_HEARTBEAT_LED: self.sys_dbus.agent.board.yellow.heartbeat_led,
            ATTR_POWER_LED: self.sys_dbus.agent.board.yellow.power_led,
        }
    @api_process
    async def boards_yellow_options(self, request: web.Request) -> None:
        """Update yellow board settings."""
        body = await api_validate(SCHEMA_YELLOW_OPTIONS, request)
        if ATTR_DISK_LED in body:
            self.sys_dbus.agent.board.yellow.disk_led = body[ATTR_DISK_LED]
        if ATTR_HEARTBEAT_LED in body:
            self.sys_dbus.agent.board.yellow.heartbeat_led = body[ATTR_HEARTBEAT_LED]
        if ATTR_POWER_LED in body:
            self.sys_dbus.agent.board.yellow.power_led = body[ATTR_POWER_LED]
        self.sys_dbus.agent.board.yellow.save_data()
        self.sys_resolution.create_issue(
            IssueType.REBOOT_REQUIRED,
            ContextType.SYSTEM,
            suggestions=[SuggestionType.EXECUTE_REBOOT],
        )
    @api_process
    async def boards_other_info(self, request: web.Request) -> dict[str, Any]:
        """Empty success return if board is in use, error otherwise."""
        if request.match_info["board"] != self.sys_os.board:
            raise BoardInvalidError(
                f"{request.match_info['board']} board is not in use", _LOGGER.error
            )
        return {}
--- a/supervisor/api/panel/entrypoint.js
+++ b/supervisor/api/panel/entrypoint.js
@@ -1,9 +1 @@
-
+!function(){function n(n){var t=document.createElement("script");t.src=n,document.body.appendChild(t)}if(/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent))n("/api/hassio/app/frontend_es5/entrypoint-5yRSddAJzJ4.js");else try{new Function("import('/api/hassio/app/frontend_latest/entrypoint-qzB1D0O4L9U.js')")()}catch(t){n("/api/hassio/app/frontend_es5/entrypoint-5yRSddAJzJ4.js")}}()
 try {
  new Function("import('/api/hassio/app/frontend_latest/entrypoint.js')")();
 } catch (err) {
  var el = document.createElement('script');
  el.src = '/api/hassio/app/frontend_es5/entrypoint.js';
  document.body.appendChild(el);
 }
--- a/supervisor/api/panel/entrypoint.js.gz
+++ b/supervisor/api/panel/entrypoint.js.gz
--- a/supervisor/api/panel/entrypoint.js.map
+++ b/supervisor/api/panel/entrypoint.js.map
--- a/supervisor/api/panel/frontend_es5/1036-G1AUvfK_ULU.js
+++ b/supervisor/api/panel/frontend_es5/1036-G1AUvfK_ULU.js
--- a/supervisor/api/panel/frontend_es5/1036-G1AUvfK_ULU.js.gz
+++ b/supervisor/api/panel/frontend_es5/1036-G1AUvfK_ULU.js.gz
--- a/supervisor/api/panel/frontend_es5/1036-G1AUvfK_ULU.js.map
+++ b/supervisor/api/panel/frontend_es5/1036-G1AUvfK_ULU.js.map
--- a/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js
+++ b/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js
@@ -0,0 +1,2 @@
 "use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[1047],{32594:function(e,t,r){r.d(t,{U:function(){return n}});var n=function(e){return e.stopPropagation()}},75054:function(e,t,r){r.r(t),r.d(t,{HaTimeDuration:function(){return f}});var n,a=r(88962),i=r(33368),o=r(71650),d=r(82390),u=r(69205),l=r(70906),s=r(91808),c=r(68144),v=r(79932),f=(r(47289),(0,s.Z)([(0,v.Mo)("ha-selector-duration")],(function(e,t){var r=function(t){(0,u.Z)(n,t);var r=(0,l.Z)(n);function n(){var t;(0,o.Z)(this,n);for(var a=arguments.length,i=new Array(a),u=0;u<a;u++)i[u]=arguments[u];return t=r.call.apply(r,[this].concat(i)),e((0,d.Z)(t)),t}return(0,i.Z)(n)}(t);return{F:r,d:[{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"hass",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"selector",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"value",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"label",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"helper",value:void 0},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"disabled",value:function(){return!1}},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"required",value:function(){return!0}},{kind:"method",key:"render",value:function(){var e;return(0,c.dy)(n||(n=(0,a.Z)([' <ha-duration-input .label="','" .helper="','" .data="','" .disabled="','" .required="','" ?enableDay="','"></ha-duration-input> '])),this.label,this.helper,this.value,this.disabled,this.required,null===(e=this.selector.duration)||void 0===e?void 0:e.enable_day)}}]}}),c.oi))}}]);
 //# sourceMappingURL=1047-g7fFLS9eP4I.js.map
--- a/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.gz
+++ b/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.gz
--- a/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map
+++ b/supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map
@@ -0,0 +1 @@
 {"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}
--- a/supervisor/api/panel/frontend_es5/1074-djfpWNdWsA8.js
+++ b/supervisor/api/panel/frontend_es5/1074-djfpWNdWsA8.js
--- a/supervisor/api/panel/frontend_es5/1074-djfpWNdWsA8.js.gz
+++ b/supervisor/api/panel/frontend_es5/1074-djfpWNdWsA8.js.gz
--- a/supervisor/api/panel/frontend_es5/1074-djfpWNdWsA8.js.map
+++ b/supervisor/api/panel/frontend_es5/1074-djfpWNdWsA8.js.map
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend\|\|[]).push([[1047],{32594:function(e,t,r){r.d(t,{U:function(){return n}});var n=function(e){return e.stopPropagation()}},75054:function(e,t,r){r.r(t),r.d(t,{HaTimeDuration:function(){return f}});var n,a=r(88962),i=r(33368),o=r(71650),d=r(82390),u=r(69205),l=r(70906),s=r(91808),c=r(68144),v=r(79932),f=(r(47289),(0,s.Z)([(0,v.Mo)("ha-selector-duration")],(function(e,t){var r=function(t){(0,u.Z)(n,t);var r=(0,l.Z)(n);function n(){var t;(0,o.Z)(this,n);for(var a=arguments.length,i=new Array(a),u=0;u<a;u++)i[u]=arguments[u];return t=r.call.apply(r,[this].concat(i)),e((0,d.Z)(t)),t}return(0,i.Z)(n)}(t);return{F:r,d:[{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"hass",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"selector",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"value",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"label",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"helper",value:void 0},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"disabled",value:function(){return!1}},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"required",value:function(){return!0}},{kind:"method",key:"render",value:function(){var e;return(0,c.dy)(n\|\|(n=(0,a.Z)([' <ha-duration-input .label="','" .helper="','" .data="','" .disabled="','" .required="','" ?enableDay="','"></ha-duration-input> '])),this.label,this.helper,this.value,this.disabled,this.required,null===(e=this.selector.duration)\|\|void 0===e?void 0:e.enable_day)}}]}}),c.oi))}}]);
							`//# sourceMappingURL=1047-g7fFLS9eP4I.js.map`
		`@@ -0,0 +1 @@`
							{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}