Revert 'Update version to 0.64.5' [nobuild]

Use build-provided base image for netbird-server (multi-arch fix)

.templates/90-dns_set.sh

@@ -9,7 +9,7 @@ set -e
 # Avoid usage of local dns such as adguard home or pihole\n"
 
 if bashio::config.has_value 'DNS_server'; then
-    if  ! bashio::config.is_true "openvpn_enabled" && ! bashio::config.is_true "wireguard_enabled"; then
+    if  ! bashio::config.true "openvpn_enabled" && ! bashio::config.true "wireguard_enabled"; then
         # Define variables
         DNSSERVER=$(bashio::config 'DNS_server')
         DNS=""

README.md

@@ -811,6 +811,7 @@ If you want to do add the repository manually, please follow the procedure highl
 ✓ ![image](https://api.iconify.design/mdi/glasses.svg) [Scrutiny (Full Access)](scrutiny_fa/) : Scrutiny WebUI for smartd S.M.A.R.T monitoring (Full Access)
 
   ![Version](https://img.shields.io/badge/dynamic/yaml?label=Version&query=%24.version&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fscrutiny_fa%2Fconfig.yaml)
+![Update](https://img.shields.io/badge/dynamic/json?label=Updated&query=%24.last_update&url=https%3A%2F%2Fraw.githubusercontent.com%2Falexbelgium%2Fhassio-addons%2Fmaster%2Fscrutiny_fa%2Fupdater.json)
 ![aarch64][aarch64-badge]
 ![amd64][amd64-badge]
 ![ingress][ingress-badge]

netbird-server/DOCS.md

@@ -1,35 +1,36 @@
-# NetBird Server (monolithic)
+# NetBird Server (quickstart)
 
-This add-on runs the NetBird self-hosted server stack in a single container (Management + Signal + Dashboard + Coturn). It does **not** use Home Assistant ingress. Access the Dashboard directly via the configured port.
+This add-on runs the NetBird self-hosted server stack in a single container (Management + Signal + Relay/STUN + Dashboard) and ships a built-in Caddy reverse proxy, matching the official NetBird self-hosted quickstart flow. It does **not** use Home Assistant ingress.
 
-NetBird relies on gRPC. If you place the Management/Signal endpoints behind a reverse proxy, it **must** support HTTP/2 + gRPC proxying. See the NetBird reverse-proxy guide for supported configurations: <https://docs.netbird.io/selfhosted/reverse-proxy>.
-
-The NetBird self-hosted guide includes up-to-date port requirements and legacy port notes: <https://docs.netbird.io/selfhosted/selfhosted-guide>.
-
-The Dashboard container requires the `NETBIRD_MGMT_API_ENDPOINT` environment variable (the add-on injects this automatically) as described in the NetBird dashboard README: <https://github.com/netbirdio/dashboard#readme>.
+NetBird relies on gRPC. The built-in Caddy configuration is pre-wired to proxy both HTTP and gRPC endpoints as recommended in the quickstart guide: <https://docs.netbird.io/selfhosted/selfhosted-quickstart>.
 
 ## Quick start
 
 1. Install the add-on.
-2. Start the add-on and verify all services are running in the log output.
-3. Stop the add-on, edit the generated `management.json` to configure your Identity Provider (IdP).
-4. Update `/config/netbird/dashboard/env` with the `NETBIRD_MGMT_API_ENDPOINT` and `AUTH_*` values for the dashboard.
-5. Start the add-on again and access the dashboard at `http://<HA_HOST>:8080`.
+2. Set the `domain` option to your public NetBird domain (e.g., `netbird.example.com`).
+3. Start the add-on and verify all services are running in the log output.
+4. Access the dashboard at `https://<your-domain>` and complete the onboarding flow.
 
 ## Configuration
 
-This add-on starts with zero configuration options. It writes default configs into `/config/netbird` and runs on the standard NetBird ports.
+This add-on generates the standard quickstart configuration files in `/config/netbird` and reuses them on subsequent starts.
+
+### Required options
+- `domain`: Public domain that resolves to your Home Assistant host (e.g., `netbird.example.com`).
 
 ### Dashboard environment overrides
 Edit `/config/netbird/dashboard/env` to configure the dashboard UI:
 
 - `NETBIRD_MGMT_API_ENDPOINT`: Public URL of the management API (for example, `https://netbird.example.com`).
-- `AUTH_AUTHORITY`, `AUTH_CLIENT_ID`, `AUTH_CLIENT_SECRET`, `AUTH_AUDIENCE`, `AUTH_SUPPORTED_SCOPES`, `USE_AUTH0`: OIDC settings for the dashboard UI.
+- `NETBIRD_MGMT_GRPC_API_ENDPOINT`: Public URL for the gRPC API (typically the same as above).
+- `AUTH_*`: OIDC settings for the dashboard UI (pre-filled for the embedded IdP).
 
 ### Generated configuration
 On first start, the add-on creates:
-- `management.json` in `$data_dir/management/`
-- `turnserver.conf` in `$data_dir/turn/`
+- `management.json` in `/config/netbird/management/`
+- `relay.env` in `/config/netbird/relay/`
+- `dashboard.env` in `/config/netbird/dashboard/`
+- `Caddyfile` in `/config/netbird/`
 
 If you need advanced settings, stop the add-on and edit these files. The add-on will keep your edits on restart.
 
@@ -37,14 +38,12 @@ If you need advanced settings, stop the add-on and edit these files. The add-on
 
 Default ports exposed by this add-on:
 
-- `33073/tcp`: Management API (HTTP/gRPC)
-- `10000/tcp`: Signal gRPC
-- `8080/tcp`: Dashboard
-- `3478/udp`: Coturn STUN/TURN
-
-If you have legacy (< v0.29) clients, review the legacy port notes in the NetBird self-hosted guide and ensure your firewall/forwarding rules are compatible.
+- `80/tcp`: Caddy HTTP (ACME HTTP-01)
+- `443/tcp`: Caddy HTTPS (Dashboard + APIs)
+- `443/udp`: Caddy HTTP/3 (optional)
+- `3478/udp`: Relay STUN
 
 ## Notes
 
-- This add-on does **not** handle TLS certificates. Place it behind your existing reverse proxy if you need HTTPS.
-- Coturn requires a UDP relay port range (defaults to `49152-65535`). Ensure this range is allowed in your firewall when using TURN relaying.
+- This add-on uses NetBird's embedded IdP (Dex) and matches the official quickstart layout.
+- If you already run your own reverse proxy, you can disable Caddy by editing the generated `Caddyfile` or by terminating TLS upstream and forwarding requests to port 80.

netbird-server/Dockerfile

@@ -16,13 +16,6 @@
 
 ARG NETBIRD_VERSION=0.64.5
 ARG DASHBOARD_VERSION=2.31.0
-ARG COTURN_VERSION=4.6.2
-
-FROM netbirdio/management:${NETBIRD_VERSION} AS netbird-management
-FROM netbirdio/signal:${NETBIRD_VERSION} AS netbird-signal
-FROM netbirdio/relay:${NETBIRD_VERSION} AS netbird-relay
-FROM netbirdio/dashboard:${DASHBOARD_VERSION} AS netbird-dashboard
-FROM coturn/coturn:${COTURN_VERSION} AS netbird-coturn
 
 #################
 # 2 Base Image  #
@@ -67,7 +60,7 @@ ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templat
 RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh
 
 # Manual apps
-ENV PACKAGES="nginx gettext ca-certificates"
+ENV PACKAGES="nginx gettext ca-certificates caddy openssl"
 
 # Automatic apps & bashio
 ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh"
@@ -77,11 +70,14 @@ RUN chmod 744 /ha_autoapps.sh && /ha_autoapps.sh "$PACKAGES" && rm /ha_autoapps.
 # 5 Copy NetBird components #
 #############################
 
+FROM netbirdio/management:${NETBIRD_VERSION} AS netbird-management
+FROM netbirdio/signal:${NETBIRD_VERSION} AS netbird-signal
+FROM netbirdio/relay:${NETBIRD_VERSION} AS netbird-relay
+FROM netbirdio/dashboard:${DASHBOARD_VERSION} AS netbird-dashboard
+
 COPY --from=netbird-management /go/bin/netbird-mgmt /usr/local/bin/netbird-mgmt
 COPY --from=netbird-signal /go/bin/netbird-signal /usr/local/bin/netbird-signal
 COPY --from=netbird-relay /go/bin/netbird-relay /usr/local/bin/netbird-relay
-COPY --from=netbird-coturn /usr/bin/turnserver /usr/local/bin/turnserver
-
 COPY --from=netbird-dashboard /usr/share/nginx/html /usr/share/nginx/html
 COPY --from=netbird-dashboard /usr/local/init_react_envs.sh /usr/local/bin/init_react_envs.sh
 

netbird-server/config.yaml

@@ -1,25 +1,27 @@
 arch:
   - aarch64
   - amd64
-description: "\U0001F426 NetBird self-hosted server stack (management, signal, dashboard, coturn)"
+description: "\U0001F426 NetBird self-hosted server stack (management, signal, relay, dashboard, Caddy)"
 image: ghcr.io/alexbelgium/netbird-server-{arch}
 init: false
-ingress: false
 map:
   - addon_config:rw
 name: NetBird Server
-options: {}
-schema: {}
+options:
+  domain: netbird.example.com
 slug: netbird-server
 ports:
-  33073/tcp: 33073
-  10000/tcp: 10000
-  8080/tcp: 8080
+  80/tcp: 80
+  443/tcp: 443
+  443/udp: 443
   3478/udp: 3478
 ports_description:
-  33073/tcp: Management API (HTTP/gRPC)
-  10000/tcp: Signal gRPC
-  8080/tcp: NetBird Dashboard (HTTP)
-  3478/udp: Coturn STUN/TURN
-url: https://github.com/alexbelgium/hassio-addons
-version: 0.64.5-1
+  80/tcp: Caddy HTTP (ACME HTTP-01)
+  443/tcp: Caddy HTTPS (dashboard + APIs)
+  443/udp: Caddy HTTP/3 (optional)
+  3478/udp: NetBird Relay STUN
+schema:
+  domain: str
+url: https://github.com/alexbelgium/hassio-addons/tree/master/netbird-server
+version: 0.64.5-2
+webui: "[PROTO:ssl]://[HOST]:[PORT:443]"

netbird-server/rootfs/etc/cont-init.d/00-config.sh

@@ -4,107 +4,53 @@ set -euo pipefail
 
 # ==============================================================================
 # Home Assistant Add-on: NetBird Server
-# Configures NetBird services
+# Configures NetBird services (quickstart layout)
 # ==============================================================================
 
 create_or_load_secret() {
   local secret_file="$1"
-  local provided_value="$2"
+  local generator="$2"
   local generated=""
 
-  if [[ -n "$provided_value" ]]; then
-    echo "$provided_value"
-    return
-  fi
-
   if [[ -f "$secret_file" ]]; then
     cat "$secret_file"
     return
   fi
 
-  generated=$(LC_ALL=C tr -dc 'A-Za-z0-9' </dev/urandom | head -c 32)
+  generated=$(eval "$generator")
   echo "$generated" > "$secret_file"
   chmod 600 "$secret_file"
   echo "$generated"
 }
 
-extract_port() {
-  local address="$1"
-  echo "${address##*:}"
-}
-
 DATA_DIR="/config/netbird"
-DOMAIN="localhost"
-MANAGEMENT_LISTEN="0.0.0.0:33073"
-SIGNAL_LISTEN="0.0.0.0:10000"
-DASHBOARD_LISTEN="0.0.0.0:8080"
-TURN_LISTEN_PORT=3478
-TURN_REALM="netbird"
-TURN_EXTERNAL_IP=""
-TURN_MIN_PORT=49152
-TURN_MAX_PORT=65535
-TURN_USER="netbird"
-TURN_PASSWORD=""
-IDP_MANAGER_TYPE="none"
-AUTH_AUTHORITY=""
-AUTH_AUDIENCE=""
-AUTH_JWT_CERTS=""
-AUTH_USER_ID_CLAIM="sub"
-AUTH_OIDC_CONFIGURATION_ENDPOINT=""
-AUTH_TOKEN_ENDPOINT=""
-IDP_CLIENT_ID=""
-IDP_CLIENT_SECRET=""
-DISABLE_DEFAULT_POLICY=false
-DISABLE_DASHBOARD=false
-ENABLE_RELAY=false
-RELAY_EXPOSED_ADDRESS=""
-RELAY_AUTH_SECRET=""
+DOMAIN="$(bashio::config 'domain')"
+NETBIRD_STUN_PORT=3478
+MANAGEMENT_PORT=8081
+DASHBOARD_PORT=8080
+SIGNAL_PORT=8083
+SIGNAL_GRPC_PORT=10000
+RELAY_PORT=8084
 
-MANAGEMENT_PORT=$(extract_port "$MANAGEMENT_LISTEN")
-SIGNAL_PORT=$(extract_port "$SIGNAL_LISTEN")
-DASHBOARD_PORT=$(extract_port "$DASHBOARD_LISTEN")
-
-if [[ -z "$AUTH_AUTHORITY" || -z "$AUTH_AUDIENCE" || -z "$AUTH_JWT_CERTS" ]]; then
-  bashio::log.warning "OIDC configuration is incomplete. Edit ${DATA_DIR}/management/management.json to finish setup."
+if [[ -z "$DOMAIN" || "$DOMAIN" == "netbird.example.com" ]]; then
+  bashio::log.error "Set a valid domain in the add-on configuration (domain cannot be empty or netbird.example.com)."
+  bashio::exit.nok
 fi
 
+NETBIRD_PORT=443
+NETBIRD_HTTP_PROTOCOL="https"
+NETBIRD_RELAY_PROTO="rels"
+CADDY_SECURE_DOMAIN=", ${DOMAIN}:${NETBIRD_PORT}"
+
 mkdir -p "$DATA_DIR" \
   "$DATA_DIR/management" \
-  "$DATA_DIR/turn" \
   "$DATA_DIR/secrets" \
   "$DATA_DIR/dashboard" \
-  "$DATA_DIR/relay"
+  "$DATA_DIR/relay" \
+  "$DATA_DIR/caddy"
 
-TURN_PASSWORD=$(create_or_load_secret "$DATA_DIR/secrets/turn_password" "$TURN_PASSWORD")
-TURN_SECRET=$(create_or_load_secret "$DATA_DIR/secrets/turn_secret" "")
-DATASTORE_ENC_KEY=$(create_or_load_secret "$DATA_DIR/secrets/management_datastore_key" "")
-
-if [[ "$ENABLE_RELAY" == "true" ]]; then
-  if [[ -z "$RELAY_EXPOSED_ADDRESS" || -z "$RELAY_AUTH_SECRET" ]]; then
-    bashio::log.error "Relay is enabled, but relay_exposed_address or relay_auth_secret is missing."
-    bashio::exit.nok
-  fi
-  rm -f /etc/services.d/relay/down
-  RELAY_JSON=$(cat <<RELAY
-{
-  "Addresses": ["${RELAY_EXPOSED_ADDRESS}"],
-  "CredentialsTTL": "24h",
-  "Secret": "${RELAY_AUTH_SECRET}"
-}
-RELAY
-)
-else
-  bashio::log.info "Relay service disabled."
-  touch /etc/services.d/relay/down
-  RELAY_JSON="null"
-fi
-
-if [[ "$DISABLE_DASHBOARD" == "true" ]]; then
-  bashio::log.info "Dashboard service disabled."
-  touch /etc/services.d/dashboard/down
-else
-  rm -f /etc/services.d/dashboard/down
-fi
+DATASTORE_ENC_KEY=$(create_or_load_secret "$DATA_DIR/secrets/management_datastore_key" "openssl rand -base64 32")
+RELAY_AUTH_SECRET=$(create_or_load_secret "$DATA_DIR/secrets/relay_auth_secret" "openssl rand -base64 32 | sed 's/=//g'")
 
 # Generate management config if missing
 MANAGEMENT_CONFIG="$DATA_DIR/management/management.json"
@@ -115,65 +61,27 @@ if [[ ! -f "$MANAGEMENT_CONFIG" ]]; then
   "Stuns": [
     {
       "Proto": "udp",
-      "URI": "stun:${DOMAIN}:${TURN_LISTEN_PORT}",
-      "Username": "",
-      "Password": null
+      "URI": "stun:${DOMAIN}:${NETBIRD_STUN_PORT}"
     }
   ],
-  "TURNConfig": {
-    "Turns": [
-      {
-        "Proto": "udp",
-        "URI": "turn:${DOMAIN}:${TURN_LISTEN_PORT}",
-        "Username": "${TURN_USER}",
-        "Password": "${TURN_PASSWORD}"
-      }
-    ],
-    "CredentialsTTL": "12h",
-    "Secret": "${TURN_SECRET}",
-    "TimeBasedCredentials": false
+  "Relay": {
+    "Addresses": ["${NETBIRD_RELAY_PROTO}://${DOMAIN}:${NETBIRD_PORT}"],
+    "CredentialsTTL": "24h",
+    "Secret": "${RELAY_AUTH_SECRET}"
   },
-  "Relay": ${RELAY_JSON},
   "Signal": {
-    "Proto": "http",
-    "URI": "${DOMAIN}:${SIGNAL_PORT}",
-    "Username": "",
-    "Password": null
+    "Proto": "${NETBIRD_HTTP_PROTOCOL}",
+    "URI": "${DOMAIN}:${NETBIRD_PORT}"
   },
-  "ReverseProxy": {
-    "TrustedHTTPProxies": [],
-    "TrustedHTTPProxiesCount": 0,
-    "TrustedPeers": [
-      "0.0.0.0/0"
-    ]
-  },
-  "DisableDefaultPolicy": ${DISABLE_DEFAULT_POLICY},
   "Datadir": "${DATA_DIR}/management",
   "DataStoreEncryptionKey": "${DATASTORE_ENC_KEY}",
-  "StoreConfig": {
-    "Engine": "sqlite"
-  },
-  "HttpConfig": {
-    "Address": "${MANAGEMENT_LISTEN}",
-    "AuthIssuer": "${AUTH_AUTHORITY}",
-    "AuthAudience": "${AUTH_AUDIENCE}",
-    "AuthKeysLocation": "${AUTH_JWT_CERTS}",
-    "AuthUserIDClaim": "${AUTH_USER_ID_CLAIM}",
-    "CertFile": "",
-    "CertKey": "",
-    "IdpSignKeyRefreshEnabled": false,
-    "OIDCConfigEndpoint": "${AUTH_OIDC_CONFIGURATION_ENDPOINT}"
-  },
-  "IdpManagerConfig": {
-    "ManagerType": "${IDP_MANAGER_TYPE}",
-    "ClientConfig": {
-      "Issuer": "${AUTH_AUTHORITY}",
-      "TokenEndpoint": "${AUTH_TOKEN_ENDPOINT}",
-      "ClientID": "${IDP_CLIENT_ID}",
-      "ClientSecret": "${IDP_CLIENT_SECRET}",
-      "GrantType": "client_credentials"
-    },
-    "ExtraConfig": {}
+  "EmbeddedIdP": {
+    "Enabled": true,
+    "Issuer": "${NETBIRD_HTTP_PROTOCOL}://${DOMAIN}/oauth2",
+    "DashboardRedirectURIs": [
+      "${NETBIRD_HTTP_PROTOCOL}://${DOMAIN}/nb-auth",
+      "${NETBIRD_HTTP_PROTOCOL}://${DOMAIN}/nb-silent-auth"
+    ]
   }
 }
 CONFIG
@@ -181,50 +89,87 @@ else
   bashio::log.info "Using existing management config at ${MANAGEMENT_CONFIG}."
 fi
 
-# Generate Coturn config if missing
-TURN_CONFIG="$DATA_DIR/turn/turnserver.conf"
-if [[ ! -f "$TURN_CONFIG" ]]; then
-  TURN_EXTERNAL_IP_LINE=""
-  if [[ -n "$TURN_EXTERNAL_IP" ]]; then
-    TURN_EXTERNAL_IP_LINE="external-ip=${TURN_EXTERNAL_IP}"
-  fi
-
-  cat <<CONFIG > "$TURN_CONFIG"
-listening-port=${TURN_LISTEN_PORT}
-realm=${TURN_REALM}
-fingerprint
-lt-cred-mech
-user=${TURN_USER}:${TURN_PASSWORD}
-${TURN_EXTERNAL_IP_LINE}
-min-port=${TURN_MIN_PORT}
-max-port=${TURN_MAX_PORT}
+# Generate relay env file if missing
+RELAY_ENV_FILE="$DATA_DIR/relay/relay.env"
+if [[ ! -f "$RELAY_ENV_FILE" ]]; then
+  bashio::log.info "Generating relay env file at ${RELAY_ENV_FILE}."
+  cat <<CONFIG > "$RELAY_ENV_FILE"
+NB_LOG_LEVEL=info
+NB_LISTEN_ADDRESS=:${RELAY_PORT}
+NB_EXPOSED_ADDRESS=${NETBIRD_RELAY_PROTO}://${DOMAIN}:${NETBIRD_PORT}
+NB_AUTH_SECRET=${RELAY_AUTH_SECRET}
+NB_ENABLE_STUN=true
+NB_STUN_LOG_LEVEL=info
+NB_STUN_PORTS=${NETBIRD_STUN_PORT}
 CONFIG
-else
-  bashio::log.info "Using existing Coturn config at ${TURN_CONFIG}."
 fi
 
-# Generate dashboard nginx config
-sed "s/__DASHBOARD_PORT__/${DASHBOARD_PORT}/g" \
-  /usr/local/share/netbird-dashboard/default.conf.tmpl \
-  > /etc/nginx/http.d/default.conf
-
-mkdir -p /run/nginx
-chmod +x /usr/local/bin/init_react_envs.sh
-
 # Generate dashboard env file if missing
 DASHBOARD_ENV_FILE="$DATA_DIR/dashboard/env"
 if [[ ! -f "$DASHBOARD_ENV_FILE" ]]; then
   bashio::log.info "Generating dashboard env file at ${DASHBOARD_ENV_FILE}."
-  cat <<'ENV' > "$DASHBOARD_ENV_FILE"
-# NetBird dashboard environment overrides.
-# Example: NETBIRD_MGMT_API_ENDPOINT="https://netbird.example.com"
-NETBIRD_MGMT_API_ENDPOINT=""
-AUTH_AUTHORITY=""
-AUTH_CLIENT_ID=""
-AUTH_CLIENT_SECRET=""
-AUTH_AUDIENCE=""
-AUTH_SUPPORTED_SCOPES="openid profile email api offline_access email_verified"
-USE_AUTH0="false"
-ENV
+  cat <<CONFIG > "$DASHBOARD_ENV_FILE"
+# Endpoints
+NETBIRD_MGMT_API_ENDPOINT=${NETBIRD_HTTP_PROTOCOL}://${DOMAIN}
+NETBIRD_MGMT_GRPC_API_ENDPOINT=${NETBIRD_HTTP_PROTOCOL}://${DOMAIN}
+# OIDC - using embedded IdP
+AUTH_AUDIENCE=netbird-dashboard
+AUTH_CLIENT_ID=netbird-dashboard
+AUTH_CLIENT_SECRET=
+AUTH_AUTHORITY=${NETBIRD_HTTP_PROTOCOL}://${DOMAIN}/oauth2
+USE_AUTH0=false
+AUTH_SUPPORTED_SCOPES=openid profile email groups
+AUTH_REDIRECT_URI=/nb-auth
+AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
+# SSL
+NGINX_SSL_PORT=443
+# Letsencrypt
+LETSENCRYPT_DOMAIN=none
+CONFIG
   chmod 600 "$DASHBOARD_ENV_FILE"
 fi
+
+# Generate Caddyfile if missing
+CADDYFILE="$DATA_DIR/Caddyfile"
+if [[ ! -f "$CADDYFILE" ]]; then
+  bashio::log.info "Generating Caddyfile at ${CADDYFILE}."
+  cat <<CONFIG > "$CADDYFILE"
+{
+  servers {
+    protocols h1 h2 h2c
+  }
+}
+
+(security_headers) {
+  header * {
+    Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
+    X-Content-Type-Options "nosniff"
+    X-Frame-Options "SAMEORIGIN"
+    X-XSS-Protection "1; mode=block"
+    -Server
+    Referrer-Policy strict-origin-when-cross-origin
+  }
+}
+
+:80${CADDY_SECURE_DOMAIN} {
+  import security_headers
+  # relay
+  reverse_proxy /relay* 127.0.0.1:${RELAY_PORT}
+  # Signal
+  reverse_proxy /ws-proxy/signal* 127.0.0.1:${SIGNAL_PORT}
+  reverse_proxy /signalexchange.SignalExchange/* h2c://127.0.0.1:${SIGNAL_GRPC_PORT}
+  # Management
+  reverse_proxy /api/* 127.0.0.1:${MANAGEMENT_PORT}
+  reverse_proxy /ws-proxy/management* 127.0.0.1:${MANAGEMENT_PORT}
+  reverse_proxy /management.ManagementService/* h2c://127.0.0.1:${MANAGEMENT_PORT}
+  reverse_proxy /oauth2/* 127.0.0.1:${MANAGEMENT_PORT}
+  # Dashboard
+  reverse_proxy /* 127.0.0.1:${DASHBOARD_PORT}
+}
+CONFIG
+else
+  bashio::log.info "Using existing Caddyfile at ${CADDYFILE}."
+fi
+
+mkdir -p /run/nginx
+chmod +x /usr/local/bin/init_react_envs.sh

netbird-server/rootfs/etc/nginx/http.d/default.conf

@@ -0,0 +1,11 @@
+server {
+  listen 8080;
+  server_name _;
+
+  root /usr/share/nginx/html;
+  index index.html;
+
+  location / {
+    try_files $uri /index.html;
+  }
+}

netbird-server/rootfs/etc/services.d/caddy/run

@@ -0,0 +1,24 @@
+#!/usr/bin/with-contenv bashio
+# shellcheck shell=bash
+set -euo pipefail
+
+# ==============================================================================
+# Home Assistant Add-on: NetBird Server
+# Runs Caddy reverse proxy
+# ==============================================================================
+
+DATA_DIR="/config/netbird"
+CADDYFILE="${DATA_DIR}/Caddyfile"
+
+if [[ ! -f "$CADDYFILE" ]]; then
+  bashio::log.error "Missing Caddyfile at ${CADDYFILE}."
+  bashio::exit.nok
+fi
+
+export XDG_DATA_HOME="${DATA_DIR}/caddy/data"
+export XDG_CONFIG_HOME="${DATA_DIR}/caddy/config"
+
+mkdir -p "$XDG_DATA_HOME" "$XDG_CONFIG_HOME"
+
+bashio::log.info "Starting Caddy..."
+exec caddy run --config "$CADDYFILE" --adapter caddyfile

netbird-server/rootfs/etc/services.d/coturn/run

@@ -1,19 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# shellcheck shell=bash
-set -euo pipefail
-
-# ==============================================================================
-# Home Assistant Add-on: NetBird Server
-# Runs Coturn
-# ==============================================================================
-
-DATA_DIR="/config/netbird"
-TURN_CONFIG="$DATA_DIR/turn/turnserver.conf"
-
-if [[ ! -f "$TURN_CONFIG" ]]; then
-  bashio::log.error "Missing Coturn configuration at ${TURN_CONFIG}."
-  bashio::exit.nok
-fi
-
-bashio::log.info "Starting Coturn..."
-exec /usr/local/bin/turnserver -c "$TURN_CONFIG" --log-file stdout

netbird-server/rootfs/etc/services.d/dashboard/run

@@ -7,46 +7,17 @@ set -euo pipefail
 # Runs the NetBird Dashboard
 # ==============================================================================
 
-DOMAIN="localhost"
-EXTERNAL_BASE_URL=""
-MANAGEMENT_LISTEN="0.0.0.0:33073"
-AUTH_AUTHORITY=""
-AUTH_CLIENT_ID=""
-AUTH_CLIENT_SECRET=""
-AUTH_AUDIENCE=""
-AUTH_SUPPORTED_SCOPES="openid profile email api offline_access email_verified"
-USE_AUTH0="false"
-NETBIRD_MGMT_API_ENDPOINT=""
-
-MANAGEMENT_PORT="${MANAGEMENT_LISTEN##*:}"
-
 ENV_FILE="/config/netbird/dashboard/env"
 if [[ -f "$ENV_FILE" ]]; then
   set -a
   # shellcheck disable=SC1090
   . "$ENV_FILE"
   set +a
-fi
-
-if [[ -n "$NETBIRD_MGMT_API_ENDPOINT" ]]; then
-  NETBIRD_MGMT_API_ENDPOINT="$NETBIRD_MGMT_API_ENDPOINT"
-elif [[ -n "$EXTERNAL_BASE_URL" ]]; then
-  NETBIRD_MGMT_API_ENDPOINT="$EXTERNAL_BASE_URL"
-elif [[ -n "$DOMAIN" ]]; then
-  NETBIRD_MGMT_API_ENDPOINT="http://${DOMAIN}:${MANAGEMENT_PORT}"
 else
-  bashio::log.warning "external_base_url and domain are empty; defaulting NETBIRD_MGMT_API_ENDPOINT to localhost."
-  NETBIRD_MGMT_API_ENDPOINT="http://127.0.0.1:${MANAGEMENT_PORT}"
+  bashio::log.error "Missing dashboard env file at ${ENV_FILE}."
+  bashio::exit.nok
 fi
 
-export AUTH_AUTHORITY
-export AUTH_CLIENT_ID
-export AUTH_CLIENT_SECRET
-export AUTH_AUDIENCE
-export AUTH_SUPPORTED_SCOPES
-export USE_AUTH0
-export NETBIRD_MGMT_API_ENDPOINT
-
 bashio::log.info "Preparing NetBird Dashboard assets..."
 /usr/local/bin/init_react_envs.sh
 

netbird-server/rootfs/etc/services.d/management/run

@@ -10,6 +10,7 @@ set -euo pipefail
 DATA_DIR="/config/netbird"
 LOG_LEVEL="info"
 MANAGEMENT_CONFIG="$DATA_DIR/management/management.json"
+MANAGEMENT_PORT=8081
 
 if [[ ! -f "$MANAGEMENT_CONFIG" ]]; then
   bashio::log.error "Missing management configuration at ${MANAGEMENT_CONFIG}."
@@ -19,5 +20,10 @@ fi
 bashio::log.info "Starting NetBird Management..."
 exec /usr/local/bin/netbird-mgmt management \
   --config "$MANAGEMENT_CONFIG" \
+  --port "$MANAGEMENT_PORT" \
   --log-level "$LOG_LEVEL" \
-  --log-file console
+  --log-file console \
+  --disable-anonymous-metrics=false \
+  --single-account-mode-domain=netbird.selfhosted \
+  --dns-domain=netbird.selfhosted \
+  --idp-sign-key-refresh-enabled

netbird-server/rootfs/etc/services.d/relay/run

@@ -4,17 +4,20 @@ set -euo pipefail
 
 # ==============================================================================
 # Home Assistant Add-on: NetBird Server
-# Runs the NetBird Relay (optional)
+# Runs the NetBird Relay (includes embedded STUN)
 # ==============================================================================
 
-LOG_LEVEL="info"
-RELAY_EXPOSED_ADDRESS=""
-RELAY_AUTH_SECRET=""
+RELAY_ENV_FILE="/config/netbird/relay/relay.env"
+
+if [[ -f "$RELAY_ENV_FILE" ]]; then
+  set -a
+  # shellcheck disable=SC1090
+  . "$RELAY_ENV_FILE"
+  set +a
+else
+  bashio::log.error "Missing relay env file at ${RELAY_ENV_FILE}."
+  bashio::exit.nok
+fi
 
 bashio::log.info "Starting NetBird Relay..."
-exec /usr/local/bin/netbird-relay \
-  --listen-address ":33080" \
-  --exposed-address "$RELAY_EXPOSED_ADDRESS" \
-  --auth-secret "$RELAY_AUTH_SECRET" \
-  --log-level "$LOG_LEVEL" \
-  --log-file console
+exec /usr/local/bin/netbird-relay

netbird-server/rootfs/etc/services.d/signal/run

@@ -7,9 +7,8 @@ set -euo pipefail
 # Runs the NetBird Signal service
 # ==============================================================================
 
-SIGNAL_LISTEN="0.0.0.0:10000"
+SIGNAL_PORT=8083
 LOG_LEVEL="info"
-SIGNAL_PORT="${SIGNAL_LISTEN##*:}"
 
 bashio::log.info "Starting NetBird Signal on port ${SIGNAL_PORT}..."
 exec /usr/local/bin/netbird-signal run \

qbittorrent/CHANGELOG.md

@@ -1,7 +1,12 @@
-## 5.1.4-11 (05-02-2026)
-- Minor bugs fixed
-## 5.1.4-10 (05-02-2026)
-- Minor bugs fixed
+## 5.1.4-15 (08-02-2026)
+- Support preshared keys (airvpn for example)
+- Support multiple address fields
+
+## 5.1.4-12 (08-02-2026)
+- Prefer ipv4 to resolve over ipv6
+- Fix ipv6 resolve address on some wireguard configurations
+- Fix issues with interfaces names longer than 15 characters
+
 ## 5.1.4-9 (05-02-2026)
 - Move OpenVPN/WireGuard config filename validation from schema to runtime scripts
 - Validate config name only when the related VPN mode is enabled

qbittorrent/config.yaml

@@ -142,4 +142,4 @@ schema:
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "5.1.4-11"
+version: "5.1.4-15"

qbittorrent/rootfs/usr/local/sbin/vpn

@@ -26,7 +26,15 @@ _parse_config() {
         if [[ "$line" =~ ^[[:space:]]*([^=[:space:]]+)[=[:space:]]+(.*)[[:space:]]* ]]; then
             local key="${BASH_REMATCH[1]}"
             local value="${BASH_REMATCH[2]}"
-            config_ref["$key"]="$value"
+            if [[ "$key" == "Address" ]]; then
+                if [[ -n "${config_ref["Address"]:-}" ]]; then
+                    config_ref["Address"]+=",${value}"
+                else
+                    config_ref["Address"]="${value}"
+                fi
+            else
+                config_ref["$key"]="$value"
+            fi
         fi
     done < "$config_file"
 }
@@ -117,26 +125,26 @@ _resolvconf() {
 
 _resolve_hostname() {
     local hostname=$1
-    local -a ips=""
+    local -a ips=()
     local -a ipv4_candidates=()
     local -a ipv6_candidates=()
 
-    # Resolve hostname to IPv6
-    mapfile -t ipv6_candidates < <(getent ahostsv6 "${hostname}" | awk '{print $1}' | uniq)
-
     # Resolve hostname to IPv4
     mapfile -t ipv4_candidates < <(getent ahostsv4 "${hostname}" | awk '{print $1}' | uniq)
 
-    if [ ${#ipv6_candidates[@]} -gt 0 ]; then
-        bashio::log.debug "Resolved ${hostname} to ${ipv6_candidates[@]}"
-        ips+=("${ipv6_candidates[@]}")
-    fi
+    # Resolve hostname to IPv6
+    mapfile -t ipv6_candidates < <(getent ahostsv6 "${hostname}" | awk '{print $1}' | uniq)
 
     if [ ${#ipv4_candidates[@]} -gt 0 ]; then
         bashio::log.debug "Resolved ${hostname} to ${ipv4_candidates[@]}"
         ips+=("${ipv4_candidates[@]}")
     fi
 
+    if [ ${#ipv6_candidates[@]} -gt 0 ]; then
+        bashio::log.debug "Resolved ${hostname} to ${ipv6_candidates[@]}"
+        ips+=("${ipv6_candidates[@]}")
+    fi
+
     echo "${ips[@]}"
 }
 
@@ -193,6 +201,29 @@ _routing_del() {
 
 # --- WireGuard Specific Logic ---
 
+_wg_wait_handshake() {
+    local timeout="${1:-20}"
+    local iface="${config["Interface"]}"
+    local peer_pk="${config["PublicKey"]}"
+    local deadline ts
+
+    deadline=$(( $(date +%s) + timeout ))
+
+    while [ "$(date +%s)" -lt "${deadline}" ]; do
+        ping -I "${iface}" -c1 -W1 1.1.1.1 >/dev/null 2>&1 || true
+
+        ts="$(wg show "${iface}" latest-handshakes 2>/dev/null | awk -v pk="${peer_pk}" '$1==pk{print $2; exit}')"
+        if [ -n "${ts}" ] && [ "${ts}" -gt 0 ] 2>/dev/null; then
+            return 0
+        fi
+        sleep 1
+    done
+
+    bashio::log.error "WireGuard handshake not established after ${timeout}s (latest-handshake=${ts:-0})."
+    wg show "${iface}" 2>&1 | while IFS= read -r l; do bashio::log.error "${l}"; done
+    return 1
+}
+
 _wireguard_up() {
     bashio::log.warning "This script force Wireguard to ignore any routes and DNS settings."
     bashio::log.warning "Default route will be inserted into custom routing table: ${config["Table"]}"
@@ -230,11 +261,18 @@ _wireguard_up() {
     fi
 
     _cmd "wg set ${config["Interface"]} listen-port ${config["ListenPort"]} private-key ${config["PrivateKey"]}" || return 1
-    if [ -v config["PersistentKeepalive"] ] && [ -n "${config["PersistentKeepalive"]}" ]; then
-        _cmd "wg set ${config["Interface"]} peer ${config["PublicKey"]} endpoint ${config["EndpointIP"]}:${config["EndpointPort"]} allowed-ips ${allowed_ips} persistent-keepalive ${config["PersistentKeepalive"]}" || return 1
-    else
-        _cmd "wg set ${config["Interface"]} peer ${config["PublicKey"]} endpoint ${config["EndpointIP"]}:${config["EndpointPort"]} allowed-ips ${allowed_ips}" || return 1
+    local endpoint="${config["EndpointIP"]}:${config["EndpointPort"]}"
+    if [[ "${config["EndpointIP"]}" == *:* ]]; then
+      endpoint="[${config["EndpointIP"]}]:${config["EndpointPort"]}"
     fi
+    local peer_cmd="wg set ${config["Interface"]} peer ${config["PublicKey"]} endpoint ${endpoint} allowed-ips ${allowed_ips}"
+    if [ -n "${config["PresharedKey"]:-}" ]; then
+      peer_cmd="${peer_cmd} preshared-key ${config["PresharedKey"]}"
+    fi
+    if [ -n "${config["PersistentKeepalive"]:-}" ]; then
+      peer_cmd="${peer_cmd} persistent-keepalive ${config["PersistentKeepalive"]}"
+    fi
+    _cmd "${peer_cmd}" || return 1
 
     if [ -v config["MTU"] ] && [ -n "${config["MTU"]}" ]; then
         _cmd "ip link set ${config["Interface"]} mtu ${config["MTU"]}" || return 1
@@ -242,6 +280,7 @@ _wireguard_up() {
 
     _cmd "ip link set ${config["Interface"]} up" || return 1
     _routing_add
+    _wg_wait_handshake 10 || return 1
 }
 
 _wireguard_down() {
@@ -286,13 +325,20 @@ wireguard() {
         bashio::log.debug "${key}: ${config[$key]}"
     done
 
-    echo ${config["PrivateKey"]} > ${WIREGUARD_STATE_DIR}/privatekey
+    printf '%s\n' "${config["PrivateKey"]}" > "${WIREGUARD_STATE_DIR}/privatekey"
+    chmod 600 "${WIREGUARD_STATE_DIR}/privatekey" || true
     config["PrivateKey"]="${WIREGUARD_STATE_DIR}/privatekey"
+    
+    if [ -n "${config["PresharedKey"]:-}" ]; then
+      printf '%s\n' "${config["PresharedKey"]}" > "${WIREGUARD_STATE_DIR}/presharedkey"
+      chmod 600 "${WIREGUARD_STATE_DIR}/presharedkey" || true
+      config["PresharedKey"]="${WIREGUARD_STATE_DIR}/presharedkey"
+    fi
 
     if [ "${mode}" = "up" ]; then
         bashio::log.info "Starting WireGuard on interface ${config["Interface"]}..."
         local result=0
-        _check_host ${config["EndpointHost"]} || result=$?
+        _check_host "${config["EndpointHost"]}" || result=$?
         if [ "${result}" -eq 0 ]; then
             bashio::log.error "WireGuard endpoint ${config["EndpointHost"]} is neither a valid IP address nor a resolvable hostname."
             bashio::exit.nok 'WireGuard start failed.'

scrutiny/CHANGELOG.md

@@ -1,5 +1,9 @@
+## v1.23.2-2 (08-02-2026)
 - Added support for configuring extra environment variables via the `env_vars` add-on option alongside config.yaml. See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details.
 
+## v1.23.2 (2026-02-08)
+- Switch upstream to https://github.com/Starosdev/scrutiny
+
 ## v0.8.1-12 (2025-08-16)
 - Replace s6-based shutdown with standard command to avoid s6-svwait error
 

scrutiny/build.json

@@ -1,6 +1,6 @@
 {
   "build_from": {
-    "aarch64": "ghcr.io/analogj/scrutiny:master-omnibus",
-    "amd64": "ghcr.io/analogj/scrutiny:master-omnibus"
+    "aarch64": "ghcr.io/starosdev/scrutiny:latest-omnibus",
+    "amd64": "ghcr.io/starosdev/scrutiny:latest-omnibus"
   }
 }

scrutiny/config.yaml

@@ -112,5 +112,5 @@ schema:
   expose_collector: bool?
 slug: scrutiny
 udev: true
-url: https://github.com/AnalogJ/scrutiny
-version: v0.8.1-12
+url: https://github.com/Starosdev/scrutiny
+version: "v1.23.2-2"

scrutiny/updater.json

@@ -1,10 +1,10 @@
 {
   "github_fulltag": "true",
-  "last_update": "13-04-2024",
+  "last_update": "08-02-2026",
   "paused": false,
   "repository": "alexbelgium/hassio-addons",
   "slug": "scrutiny",
   "source": "github",
-  "upstream_repo": "analogj/scrutiny",
-  "upstream_version": "v0.8.1"
+  "upstream_repo": "Starosdev/scrutiny",
+  "upstream_version": "v1.23.2"
 }

scrutiny_fa/CHANGELOG.md

@@ -1 +0,0 @@
-../scrutiny/CHANGELOG.md

scrutiny_fa/CHANGELOG.md

@@ -0,0 +1,122 @@
+## v1.23.2-3 (08-02-2026)
+- Minor bugs fixed
+## v1.23.2-2 (08-02-2026)
+- Added support for configuring extra environment variables via the `env_vars` add-on option alongside config.yaml. See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details.
+
+## v1.23.2 (2026-02-08)
+- Switch upstream to https://github.com/Starosdev/scrutiny
+
+## v0.8.1-12 (2025-08-16)
+- Replace s6-based shutdown with standard command to avoid s6-svwait error
+
+## v0.8.1-11 (2025-08-15)
+- Minor bugs fixed
+## v0.8.1-10 (2025-08-13)
+- Disable port by default for security purposes; it can be readded from the addon options. Ingress access is not affected @soosp
+- Document internal domain name for accessing the REST API without exposing the port.
+
+## v0.8.1-9 (2024-11-14)
+- Align behavior with other addons : map /addons_config/xxx-scrutiny to enable env injection or custom scripts
+
+## v0.8.1-8 (2024-11-13)
+- Minor bugs fixed
+## v0.8.1-7 (2024-11-13)
+- New feature : if you select "Custom" as "Updates" variable, you can define specific updates in natural language in the "Updates_custom_time" field. Example : select "Custom" as "Updates", then type a custom intervals like "5m", "2h", "1w", or "2mo" to have an update every 5 minutes, or every 2 hours, or evey week, or every 2 months
+
+## v0.8.1-6 (2024-11-02)
+- Minor bugs fixed
+## v0.8.1-5 (2024-08-22)
+- Minor bugs fixed
+## v0.8.1-4 (2024-07-30)
+- Minor bugs fixed
+## v0.8.1-3 (2024-06-11)
+- Minor bugs fixed
+## v0.8.1-2 (2024-04-13)
+- Minor bugs fixed
+
+## v0.8.1 (2024-04-13)
+- Update to latest version from analogj/scrutiny (changelog : https://github.com/analogj/scrutiny/releases)
+## v0.8.0-3 (2024-03-18)
+-Avoid overriding the smartctl command https://github.com/alexbelgium/hassio-addons/issues/1308
+
+## v0.8.0-2 (2024-03-17)
+- Minor bugs fixed
+
+## v0.8.0 (2024-03-16)
+- Update to latest version from analogj/scrutiny
+
+## v0.7.3 (2024-03-02)
+
+- Update to latest version from analogj/scrutiny
+
+## v0.7.2 (2023-10-20)
+
+- Update to latest version from analogj/scrutiny
+
+## v0.7.1 (2023-04-15)
+
+- Update to latest version from analogj/scrutiny
+
+## v0.7.0 (2023-04-08)
+
+- Update to latest version from analogj/scrutiny
+- Implemented healthcheck
+
+## v0.6.0 (2023-01-14)
+
+- Update to latest version from analogj/scrutiny
+- WARNING : update to supervisor 2022.11 before installing
+- New options SMARTCTL_COMMAND_DEVICE_TYPE & SMARTCTL_MEGARAID_DISK_NUM (@scavara)
+- New option, define COLLECTOR_API_ENDPOINT when in Collector mode
+- New option "Mode" : Collector+WebUI or Collector only
+
+## v0.5.0 (2022-08-26)
+
+- Update to latest version from analogj/scrutiny
+
+- BACKUP BEFORE UPDATE : major version change
+- PUID/PGID, ssl values deprecated
+
+## 2ab714f5-ls35 (2022-05-11)
+
+- Update to latest version from linuxserver/scrutiny
+
+## version-c397a323 (2022-05-10)
+
+- Update to latest version from linuxserver/scrutiny
+
+## 8e34ef8d-ls35 (2022-05-05)
+
+- Update to latest version from linuxserver/scrutiny
+- Add codenotary sign
+- New standardized logic for Dockerfile build and packages installation
+- Added : "/dev/nvme0"
+
+## 0.3.13 (2021-10-26)
+
+- Update to latest version from analogj/scrutiny
+- Allow mounting of devices up to sdg2
+
+## 0.3.12 (2021-09-29)
+
+- Update to latest version from AnalogJ/scrutiny
+- Aligned with AnalogJ namings
+
+## fd4f0429
+
+- New ingress icon, thanks to @ElVit
+- New features, selecting of update rate with addon option
+- Add banner in log
+- Align to upstream
+
+## 27b923b5-ls12
+
+- Removed full access flag
+- Improved code for local devices scanning after first installation
+- Solved an issue that made a blank screen on mobile devices
+- Implementation of Ingress with/without ssl
+
+## 27b923b5-ls11
+
+- Enables PUID/PGID options
+- Daily update of values

scrutiny_fa/Dockerfile

@@ -48,7 +48,10 @@ ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templat
 RUN chmod 744 /ha_automodules.sh && /ha_automodules.sh "$MODULES" && rm /ha_automodules.sh
 
 # Manual apps
-ENV PACKAGES="jq curl cifs-utils nginx"
+ENV PACKAGES="jq \
+    curl \
+    cifs-utils \
+    nginx"
 
 # Automatic apps & bashio
 ADD "https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_autoapps.sh" "/ha_autoapps.sh"
@@ -69,6 +72,9 @@ RUN chmod 0755 /usr/local/lib/bashio-standalone.sh
 
 RUN sed -i "1a if ! bashio::require.unprotected; then bashio::addon.stop; fi" /etc/cont-init.d/90-run.sh
 
+ENTRYPOINT [ "/usr/bin/env" ]
+CMD [ "/ha_entrypoint.sh" ]
+
 ############
 # 5 Labels #
 ############

scrutiny_fa/README.md

@@ -43,23 +43,46 @@ Features :
 
 ## Configuration
 
-Use the add-on `env_vars` option to pass extra environment variables (uppercase or lowercase names). See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details.
-
----
-
-Webui can be found at <http://homeassistant:8080>, or through Ingress.
+Webui can be found at <http://homeassistant:8080> or through the sidebar using Ingress.
+Configurations can be done through the app webUI, except for the following options.
 It automatically mounts all local drives.
 
-Enable full access only if you are encountering issues. SMART access should work without full access in all other scenarios.
+**Note**: Enable full access only if encountering issues. SMART access should work without full access in all scenarios.
+
+### Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `Updates` | list | `Hourly` | Update schedule (Quarterly/Hourly/Daily/Weekly/Custom) |
+| `Updates_custom_time` | str | | Custom update interval (e.g., "5m", "2h", "1w", "2mo") |
+| `TZ` | str | | Timezone (e.g., `Europe/London`) |
+| `Mode` | list | | Operating mode (Collector+WebUI or Collector only) |
+| `COLLECTOR_API_ENDPOINT` | str | | Collector API endpoint URL |
+| `COLLECTOR_HOST_ID` | str | | Host identifier for collector |
+| `SMARTCTL_COMMAND_DEVICE_TYPE` | list | | Device type for SMARTCTL commands |
+| `SMARTCTL_MEGARAID_DISK_NUM` | int | | MegaRAID disk number |
+| `expose_collector` | bool | | Expose collector port externally |
+
+### Example Configuration
 
 ```yaml
-env_vars: [] # Required field, leave empty if unused
-Updates: Hourly, Daily, Weekly
-Updates_custom_time : if you select "Custom" as "Updates" variable, you can define specific updates in natural language in the "Updates_custom_time" field. Example : select "Custom" as "Updates", then type a custom intervals like "5m", "2h", "1w", or "2mo" to have an update every 5 minutes, or every 2 hours, or evey week, or every 2 months
-TZ: timezone
-Mode: Collector+WebUI or Collector only
+Updates: "Daily"
+Updates_custom_time: "12h"
+TZ: "Europe/London"
+Mode: "Collector+WebUI"
+COLLECTOR_API_ENDPOINT: "http://localhost:8080"
+COLLECTOR_HOST_ID: "home_assistant"
+SMARTCTL_COMMAND_DEVICE_TYPE: "auto"
+expose_collector: false
 ```
 
+### Custom Scripts and Environment Variables
+
+This addon supports custom scripts and environment variables:
+
+- **Custom scripts**: See [Running Custom Scripts in Addons](https://github.com/alexbelgium/hassio-addons/wiki/Running-custom-scripts-in-Addons)
+- **env_vars option**: Use the add-on `env_vars` option to pass extra environment variables (uppercase or lowercase names). See https://github.com/alexbelgium/hassio-addons/wiki/Add-Environment-variables-to-your-Addon-2 for details.
+
 ## Installation
 
 ---
@@ -80,12 +103,15 @@ The installation of this add-on is pretty straightforward and not different in c
 
 Integration with HA can be done with the [rest platform](https://www.home-assistant.io/integrations/rest) in configuration.yaml.
 
-Two types of api endpoints are available:
+The API is available on Home Assistant's internal network even when the port is not exposed. Use the add-on's internal
+domain name (`http://db21ed7f-scrutiny:8080`) to query it from Home Assistant or other add-ons. If you need to reach the API from your local network, expose the port in the add-on options and replace the domain with your Home Assistant IP address.
 
-- Summary data : http://YOURIP:ADDONPORT/api/summary
-- Detailed data : http://YOURIP:ADDONPORT/api/device/WWN/details
+Two types of API endpoints are available:
 
-For the detailed data, wmn can be found for each hdd within the scrutiny app. For example: http://192.168.178.23:8086/api/device/0x50014ee606c14537/details
+- Summary data: <http://db21ed7f-scrutiny-fa:8080/api/summary>
+- Detailed data: <http://db21ed7f-scrutiny-fa:8080/api/device/WWN/details>
+
+For the detailed data, wwn can be found for each HDD within the Scrutiny app. For example: <http://db21ed7f-scrutiny-fa:8080/api/device/0x50014ee606c14537/details>
 
 Example to get data from the first hdd.
 
@@ -93,7 +119,7 @@ Example to get data from the first hdd.
 rest:
   - verify_ssl: false
     scan_interval: 60
-    resource: http://192.168.178.4:8086/api/device/0x57c35481f82a7a9c/details
+    resource: http://db21ed7f-scrutiny-fa:8080/api/device/0x57c35481f82a7a9c/details
     sensor:
       - name: "HDD - WWN"
         value_template: "{{ value_json.data.smart_results[0].device_wwn }}"
@@ -135,8 +161,6 @@ rest:
 
 Create an issue on github, or ask on the [home assistant thread](https://community.home-assistant.io/t/home-assistant-addon-scrutiny-smart-dashboard/295747)
 
-https://github.com/alexbelgium/hassio-addons
+<https://github.com/alexbelgium/hassio-addons>
 
 [repository]: https://github.com/alexbelgium/hassio-addons
-
-

scrutiny_fa/config.yaml

@@ -36,7 +36,7 @@ schema:
   COLLECTOR_API_ENDPOINT: str?
   COLLECTOR_HOST_ID: str?
   Mode: list(Collector+WebUI|Collector)?
-  SMARTCTL_COMMAND_DEVICE_TYPE: list(auto|ata|scsi|sat|usbcypress|usbjmicron|usbsunplus|marvell|megaraid|sntasmedia)?
+  SMARTCTL_COMMAND_DEVICE_TYPE: list(auto|ata|scsi|sat|usbcypress|usbjmicron|usbsunplus|sntasmedia|sntjmicron|sntrealtek|marvell|megaraid)?
   SMARTCTL_MEGARAID_DISK_NUM: int?
   TZ: str?
   Updates: list(Quarterly|Hourly|Daily|Weekly|Custom)
@@ -44,5 +44,5 @@ schema:
   expose_collector: bool?
 slug: scrutiny_fa
 udev: true
-url: https://github.com/AnalogJ/scrutiny
-version: v0.8.1-9
+url: https://github.com/Starosdev/scrutiny
+version: "v1.23.2-3"

scrutiny_fa/updater.json

@@ -1 +0,0 @@
-../scrutiny/updater.json

scrutiny_fa/updater.json

@@ -0,0 +1,10 @@
+{
+  "github_fulltag": "true",
+  "last_update": "08-02-2026",
+  "paused": false,
+  "repository": "alexbelgium/hassio-addons",
+  "slug": "scrutiny_fa",
+  "source": "github",
+  "upstream_repo": "Starosdev/scrutiny",
+  "upstream_version": "v1.23.2"
+}

signalk/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 2.20.3-2 (08-02-2026)
+- Bindings of npm dependencies need to be rebuilt for the system updates @eburi
+- Add I2C device mappings @eburi
 
 ## 2.20.3 (2026-02-01)
 - Update to latest version from SignalK/signalk-server (changelog : https://github.com/SignalK/signalk-server/releases)

signalk/config.yaml

@@ -57,5 +57,5 @@ uart: true
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
 usb: true
-version: "2.20.3"
+version: "2.20.3-2"
 webui: http://[HOST]:[PORT:3000]

signalk/rootfs/etc/cont-init.d/99-run.sh

@@ -27,5 +27,19 @@ for file in ssl-key.pem ssl-cert.pem security.json; do
     fi
 done
 
+# Rebuild npm dependency bindings on version change
+current_version="$(bashio::addon.version)"
+if [[ ! -f /data/version || "$current_version" != "$(cat /data/version)" ]]; then
+    if [[ -f /config/package.json ]]; then
+        bashio::log.info "Update detected, rebuilding native node deps"
+        cd /config
+        npm rebuild
+        echo "$current_version" > /data/version
+    else
+        bashio::log.warning "Update detected, but /config/package.json is missing; skipping npm rebuild"
+    fi
+fi
+
+
 bashio::log.info "Starting application"
 sudo -u "$USER" -s /bin/sh -c "/home/node/signalk/startup.sh"