apply cmdeploy fmt linting, no content changes

cmdeploy/src/cmdeploy/cmdeploy.py

@@ -93,7 +93,9 @@ def run_cmd(args, out):
     strict_tls = args.config.tls_cert_mode == "acme"
     if not args.dns_check_disabled:
         remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
-        if not dns.check_initial_remote_data(remote_data, strict_tls=strict_tls, print=out.red):
+        if not dns.check_initial_remote_data(
+            remote_data, strict_tls=strict_tls, print=out.red
+        ):
             return 1
 
     env = os.environ.copy()
@@ -116,7 +118,11 @@ def run_cmd(args, out):
         out.check_call(cmd, env=env)
         if args.website_only:
             out.green("Website deployment completed.")
-        elif not args.dns_check_disabled and strict_tls and not remote_data["acme_account_url"]:
+        elif (
+            not args.dns_check_disabled
+            and strict_tls
+            and not remote_data["acme_account_url"]
+        ):
             out.red("Deploy completed but letsencrypt not configured")
             out.red("Run 'cmdeploy run' again")
         else:

cmdeploy/src/cmdeploy/deployers.py

@@ -591,11 +591,17 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -
         return
 
     # Check if mtail_address interface is available (if configured)
-    if config.mtail_address and config.mtail_address not in ('127.0.0.1', '::1', 'localhost'):
+    if config.mtail_address and config.mtail_address not in (
+        "127.0.0.1",
+        "::1",
+        "localhost",
+    ):
         ipv4_addrs = host.get_fact(hardware.Ipv4Addrs)
         all_addresses = [addr for addrs in ipv4_addrs.values() for addr in addrs]
         if config.mtail_address not in all_addresses:
-            Out().red(f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n")
+            Out().red(
+                f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n"
+            )
             exit(1)
 
     if not is_in_container():

cmdeploy/src/cmdeploy/dovecot/deployer.py

@@ -20,12 +20,30 @@ DOVECOT_ARCHIVE_VERSION = "2.3.21+dfsg1-3"
 DOVECOT_PACKAGE_VERSION = f"1:{DOVECOT_ARCHIVE_VERSION}"
 
 DOVECOT_SHA256 = {
-    ("core", "amd64"): "dd060706f52a306fa863d874717210b9fe10536c824afe1790eec247ded5b27d",
+    (
-    ("core", "arm64"): "e7548e8a82929722e973629ecc40fcfa886894cef3db88f23535149e7f730dc9",
+        "core",
-    ("imapd", "amd64"): "8d8dc6fc00bbb6cdb25d345844f41ce2f1c53f764b79a838eb2a03103eebfa86",
+        "amd64",
-    ("imapd", "arm64"): "178fa877ddd5df9930e8308b518f4b07df10e759050725f8217a0c1fb3fd707f",
+    ): "dd060706f52a306fa863d874717210b9fe10536c824afe1790eec247ded5b27d",
-    ("lmtpd", "amd64"): "2f69ba5e35363de50962d42cccbfe4ed8495265044e244007d7ccddad77513ab",
+    (
-    ("lmtpd", "arm64"): "89f52fb36524f5877a177dff4a713ba771fd3f91f22ed0af7238d495e143b38f",
+        "core",
+        "arm64",
+    ): "e7548e8a82929722e973629ecc40fcfa886894cef3db88f23535149e7f730dc9",
+    (
+        "imapd",
+        "amd64",
+    ): "8d8dc6fc00bbb6cdb25d345844f41ce2f1c53f764b79a838eb2a03103eebfa86",
+    (
+        "imapd",
+        "arm64",
+    ): "178fa877ddd5df9930e8308b518f4b07df10e759050725f8217a0c1fb3fd707f",
+    (
+        "lmtpd",
+        "amd64",
+    ): "2f69ba5e35363de50962d42cccbfe4ed8495265044e244007d7ccddad77513ab",
+    (
+        "lmtpd",
+        "arm64",
+    ): "89f52fb36524f5877a177dff4a713ba771fd3f91f22ed0af7238d495e143b38f",
 }
 
 
@@ -61,11 +79,7 @@ class DovecotDeployer(Deployer):
                 self.need_restart = True
         files.put(
             name="Pin dovecot packages to block Debian dist-upgrades",
-            src=io.StringIO(
+            src=io.StringIO("Package: dovecot-*\nPin: version *\nPin-Priority: -1\n"),
-                "Package: dovecot-*\n"
-                "Pin: version *\n"
-                "Pin-Priority: -1\n"
-            ),
             dest="/etc/apt/preferences.d/pin-dovecot",
             user="root",
             group="root",
@@ -84,7 +98,7 @@ class DovecotDeployer(Deployer):
         if not self.disable_mail and not self.need_restart:
             stale = host.get_fact(
                 Command,
-                'pid=$(systemctl show -p MainPID --value dovecot.service 2>/dev/null);'
+                "pid=$(systemctl show -p MainPID --value dovecot.service 2>/dev/null);"
                 ' [ "${pid:-0}" != "0" ] && readlink "/proc/$pid/exe" 2>/dev/null | grep -q "(deleted)"'
                 " && echo STALE || true",
             )

cmdeploy/src/cmdeploy/selfsigned/deployer.py

@@ -12,15 +12,27 @@ def openssl_selfsigned_args(domain, cert_path, key_path, days=36500):
     ``www.<domain>`` and ``mta-sts.<domain>``.
     """
     return [
-        "openssl", "req", "-x509",
+        "openssl",
-        "-newkey", "ec", "-pkeyopt", "ec_paramgen_curve:P-256",
+        "req",
-        "-noenc", "-days", str(days),
+        "-x509",
-        "-keyout", str(key_path),
+        "-newkey",
-        "-out", str(cert_path),
+        "ec",
-        "-subj", f"/CN={domain}",
+        "-pkeyopt",
+        "ec_paramgen_curve:P-256",
+        "-noenc",
+        "-days",
+        str(days),
+        "-keyout",
+        str(key_path),
+        "-out",
+        str(cert_path),
+        "-subj",
+        f"/CN={domain}",
         # Mark as end-entity cert so it cannot be used as a CA to sign others.
-        "-addext", "basicConstraints=critical,CA:FALSE",
+        "-addext",
-        "-addext", "extendedKeyUsage=serverAuth,clientAuth",
+        "basicConstraints=critical,CA:FALSE",
+        "-addext",
+        "extendedKeyUsage=serverAuth,clientAuth",
         "-addext",
         f"subjectAltName=DNS:{domain},DNS:www.{domain},DNS:mta-sts.{domain}",
     ]
@@ -42,7 +54,9 @@ class SelfSignedTlsDeployer(Deployer):
 
     def configure(self):
         args = openssl_selfsigned_args(
-            self.mail_domain, self.cert_path, self.key_path,
+            self.mail_domain,
+            self.cert_path,
+            self.key_path,
         )
         cmd = shlex.join(args)
         server.shell(

cmdeploy/src/cmdeploy/tests/online/test_0_qr.py

@@ -30,12 +30,15 @@ def test_newemail_configure(maildomain, rpc, chatmail_config):
             # set_config_from_qr, so fetch credentials via requests instead
             res = requests.post(f"https://{maildomain}/new", verify=False)
             data = res.json()
-            rpc.add_or_update_transport(account_id, {
+            rpc.add_or_update_transport(
-                "addr": data["email"],
+                account_id,
-                "password": data["password"],
+                {
-                "imapServer": maildomain,
+                    "addr": data["email"],
-                "smtpServer": maildomain,
+                    "password": data["password"],
-                "certificateChecks": "acceptInvalidCertificates",
+                    "imapServer": maildomain,
-            })
+                    "smtpServer": maildomain,
+                    "certificateChecks": "acceptInvalidCertificates",
+                },
+            )
         else:
             rpc.add_transport_from_qr(account_id, url)

cmdeploy/src/cmdeploy/tests/plugin.py

@@ -417,9 +417,12 @@ class Remote:
         getjournal = "journalctl -f" if not logcmd else logcmd
         print(self.sshdomain)
         match self.sshdomain:
-            case "@local": command = []
+            case "@local":
-            case "localhost": command = []
+                command = []
-            case _: command = ["ssh", f"root@{self.sshdomain}"]
+            case "localhost":
+                command = []
+            case _:
+                command = ["ssh", f"root@{self.sshdomain}"]
         [command.append(arg) for arg in getjournal.split()]
         popen = subprocess.Popen(
             command,

cmdeploy/src/cmdeploy/tests/test_dovecot_deployer.py

@@ -23,8 +23,7 @@ def make_host(*fact_pairs):
         if cls not in facts:
             registered = ", ".join(c.__name__ for c in facts)
             raise LookupError(
-                f"unexpected get_fact({cls.__name__}); "
+                f"unexpected get_fact({cls.__name__}); only registered: {registered}"
-                f"only registered: {registered}"
             )
         return facts[cls]