refactor: Add AcmetoolDeployer

- This splits the existing deploy_acmetool() routine into methods for
  the install, configure, and activate stages.

cmdeploy/src/cmdeploy/__init__.py

@@ -19,7 +19,7 @@ from pyinfra.facts.server import Sysctl
 from pyinfra.facts.systemd import SystemdEnabled
 from pyinfra.operations import apt, files, pip, server, systemd
 
-from .acmetool import deploy_acmetool
+from .acmetool import AcmetoolDeployer
 from .deployer import Deployer
 from .www import build_webpages, find_merge_conflict, get_paths
 
@@ -913,8 +913,14 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
             line="nameserver 9.9.9.9",
         )
 
+    tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
+
     unbound_deployer = UnboundDeployer()
     iroh_deployer = IrohDeployer(enable_iroh_relay=config.enable_iroh_relay)
+
+    # Deploy acmetool to have TLS certificates.
+    acmetool_deployer = AcmetoolDeployer(email=config.acme_email, domains=tls_domains)
+
     opendkim_deployer = OpendkimDeployer(mail_domain=mail_domain)
 
     # Dovecot should be started before Postfix
@@ -929,6 +935,7 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     all_deployers = [
         unbound_deployer,
         iroh_deployer,
+        acmetool_deployer,
         opendkim_deployer,
         dovecot_deployer,
         postfix_deployer,
@@ -1013,12 +1020,9 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     iroh_deployer.configure()
     iroh_deployer.activate()
 
-    # Deploy acmetool to have TLS certificates.
+    acmetool_deployer.install()
-    tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
+    acmetool_deployer.configure()
-    deploy_acmetool(
+    acmetool_deployer.activate()
-        email=config.acme_email,
-        domains=tls_domains,
-    )
 
     apt.packages(
         # required for setfacl for echobot

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -2,14 +2,24 @@ import importlib.resources
 
 from pyinfra.operations import apt, files, server, systemd
 
+from ..deployer import Deployer
 
-def deploy_acmetool(email="", domains=[]):
+
-    """Deploy acmetool."""
+class AcmetoolDeployer(Deployer):
+    def __init__(self, *, email, domains, **kwargs):
+        super().__init__(**kwargs)
+        self.domains = domains
+        self.email = email
+        self.need_restart = False
+
+    @staticmethod
+    def install_impl():
         apt.packages(
             name="Install acmetool",
             packages=["acmetool"],
         )
 
+    def configure_impl(self):
         files.put(
             src=importlib.resources.files(__package__).joinpath("acmetool.cron").open("rb"),
             dest="/etc/cron.d/acmetool",
@@ -32,7 +42,7 @@ def deploy_acmetool(email="", domains=[]):
             user="root",
             group="root",
             mode="644",
-        email=email,
+            email=self.email,
         )
 
         files.template(
@@ -52,16 +62,19 @@ def deploy_acmetool(email="", domains=[]):
             group="root",
             mode="644",
         )
+        self.need_restart = service_file.changed
 
+    def activate_impl(self):
         systemd.service(
             name="Setup acmetool-redirector service",
             service="acmetool-redirector.service",
             running=True,
             enabled=True,
-        restarted=service_file.changed,
+            restarted=self.need_restart,
         )
+        self.need_restart = False
 
         server.shell(
-        name=f"Request certificate for: {', '.join(domains)}",
+            name=f"Request certificate for: {', '.join(self.domains)}",
-        commands=[f"acmetool want --xlog.severity=debug {' '.join(domains)}"],
+            commands=[f"acmetool want --xlog.severity=debug {' '.join(self.domains)}"],
         )