feat: use uv for initenv if installed

Docker containers may not expose fs.inotify.* sysctl keys at all,
causing a KeyError before the existing container guard could skip them.

cmdeploy/src/cmdeploy/deployers.py

@@ -150,18 +150,40 @@ class UnboundDeployer(Deployer):
         self.need_restart = False
 
     def install(self):
-        # Run local DNS resolver `unbound`. `resolvconf` takes care of
-        # setting up /etc/resolv.conf to use 127.0.0.1 as the resolver.
-
         # On an IPv4-only system, if unbound is started but not configured,
         # it causes subsequent steps to fail to resolve hosts.
         with blocked_service_startup():
             apt.packages(
                 name="Install unbound",
-                packages=["unbound", "unbound-anchor", "dnsutils", "resolvconf"],
+                packages=["unbound", "unbound-anchor", "dnsutils"],
             )
 
     def configure(self):
+        # Remove dynamic resolver managers that compete for /etc/resolv.conf.
+        apt.packages(
+            name="Purge resolvconf",
+            packages=["resolvconf"],
+            present=False,
+            extra_uninstall_args="--purge",
+        )
+        # systemd-resolved can't be purged due to dependencies; stop and mask.
+        server.shell(
+            name="Stop and mask systemd-resolved",
+            commands=[
+                "systemctl stop systemd-resolved.service || true",
+                "systemctl mask systemd-resolved.service",
+            ],
+        )
+        # Configure unbound resolver with Quad9 fallback and a trailing newline
+        # (SolusVM bug).
+        files.put(
+            name="Write static resolv.conf",
+            src=BytesIO(b"nameserver 127.0.0.1\nnameserver 9.9.9.9\n"),
+            dest="/etc/resolv.conf",
+            user="root",
+            group="root",
+            mode="644",
+        )
         server.shell(
             name="Generate root keys for validating DNSSEC",
             commands=[
@@ -568,14 +590,6 @@ def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -
         Deployment().perform_stages([WebsiteDeployer(config)])
         return
 
-    if host.get_fact(Port, port=53) != "unbound":
-        files.line(
-            name="Add 9.9.9.9 to resolv.conf",
-            path="/etc/resolv.conf",
-            # Guard against resolv.conf missing a trailing newline (SolusVM bug).
-            line="\nnameserver 9.9.9.9",
-        )
-
     # Check if mtail_address interface is available (if configured)
     if config.mtail_address and config.mtail_address not in ('127.0.0.1', '::1', 'localhost'):
         ipv4_addrs = host.get_fact(hardware.Ipv4Addrs)

cmdeploy/src/cmdeploy/dovecot/deployer.py

@@ -186,7 +186,7 @@ def _configure_dovecot(config: Config, debug: bool = False) -> tuple[bool, bool]
     can_modify = not is_in_container()
     for name in ("max_user_instances", "max_user_watches"):
         key = f"fs.inotify.{name}"
-        value = host.get_fact(Sysctl)[key]
+        value = host.get_fact(Sysctl).get(key, 0)
         if value > 65534:
             continue
         if not can_modify:

scripts/initenv.sh

@@ -18,8 +18,15 @@ if command -v lsb_release 2>&1 >/dev/null; then
   esac
 fi
 
-python3 -m venv --upgrade-deps venv
-
-venv/bin/pip install -e chatmaild 
-venv/bin/pip install -e cmdeploy
-venv/bin/pip install sphinx sphinxcontrib-mermaid sphinx-autobuild furo  # for building the docs
+if command -v uv >/dev/null 2>&1; then
+  echo "Using uv for faster environment setup..."
+  uv venv venv
+  uv pip install --python venv/bin/python -e chatmaild
+  uv pip install --python venv/bin/python -e cmdeploy
+  uv pip install --python venv/bin/python sphinx sphinxcontrib-mermaid sphinx-autobuild furo
+else
+  python3 -m venv --upgrade-deps venv
+  venv/bin/pip install -e chatmaild
+  venv/bin/pip install -e cmdeploy
+  venv/bin/pip install sphinx sphinxcontrib-mermaid sphinx-autobuild furo
+fi