Make mail stack optional for Infinito.Nexus deployments without Mailu (e.g. Raspberry Pi / robots)

Refactored mail-related roles to support running Infinito.Nexus on nodes without a dedicated mail server:
- Introduced sys-svc-mail as central mail orchestration role.
- Split msmtp handling into sys-svc-mail-msmtp.
- Added sys-svc-mail-smtp to provide a localhost-only Postfix relay when Mailu is not present.
- Updated alert/health roles to use the new mail orchestration.
- Avoid installing postfix inside containers via IS_CONTAINER guard.
- Adjusted WordPress role to use the new msmtp template path.

This allows lightweight deployments (e.g. Raspberry Pi, robots, edge nodes) to send mail via localhost without requiring a full Mailu stack.

ChatGPT discussion: https://chatgpt.com/share/6931edf1-cb98-800f-9e3c-a62d69ccb223

roles/sys-svc-mail-msmtp/README.md

@@ -0,0 +1,29 @@
+# msmtp 📧
+
+## Description
+
+This Ansible role installs and configures **msmtp** and **msmtp-mta** on Arch Linux systems. It provides a lightweight SMTP client that serves as a drop-in replacement for the traditional sendmail command, enabling reliable email delivery via an external SMTP server. For more background on SMTP, see [SMTP on Wikipedia](https://en.wikipedia.org/wiki/SMTP).
+
+## Overview
+
+Tailored for Arch Linux, this role uses the `pacman` package manager to install **msmtp** and **msmtp-mta**. It then deploys a pre-configured msmtprc file via a Jinja2 template that defines settings for authentication, TLS, and the target SMTP server. This role is ideal for environments where automated email notifications or direct email sending are required.
+
+## Purpose
+
+The purpose of this role is to automate the setup of a lightweight SMTP client that acts as a sendmail replacement. By configuring msmtp, the role facilitates direct email sending using your SMTP server credentials, making it a simple yet effective solution for system notifications and other email-based communications.
+
+## Features
+
+- **Installs msmtp and msmtp-mta:** Uses `pacman` to install the required packages.
+- **Customizable SMTP Configuration:** Deploys a customizable msmtprc configuration file with parameters for TLS, authentication, and server details.
+- **Drop-in sendmail Replacement:** Configures msmtp to serve as the default sendmail command.
+- **Idempotent Setup:** Ensures the tasks run only once with internal flagging.
+- **Integration Ready:** Easily integrates with other system roles within the Infinito.Nexus environment for automated notifications.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [Infinito.Nexus Project](https://s.infinito.nexus/code)  
+License: [Infinito.Nexus NonCommercial License](https://s.infinito.nexus/license)

roles/sys-svc-mail-msmtp/meta/main.yml

@@ -0,0 +1,30 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Installs and configures msmtp as a lightweight SMTP client and sendmail replacement for the Infinito.Nexus ecosystem."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: |
+    Kevin Veen-Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - email
+    - smtp
+    - msmtp
+    - sendmail
+    - automation
+    - monitoring
+    - archlinux
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://docs.infinito.nexus"
+  logo:
+    class: ""
+  run_after: []
+dependencies: []

roles/sys-svc-mail-msmtp/tasks/01_core.yml

@@ -0,0 +1,24 @@
+- include_tasks: utils/once/flag.yml
+
+- name: Install msmtp base package
+  community.general.pacman:
+    name:
+      - msmtp
+    state: present
+
+- name: Install msmtp-mta when Mailu is used (no local postfix relay)
+  community.general.pacman:
+    name: msmtp-mta
+    state: present
+  when: "'web-app-mailu' in group_names"
+
+- name: configure msmtprc.conf.j2
+  template:
+    src: "msmtprc.conf.j2"
+    dest: "/root/.msmtprc"
+    mode: 600
+
+- include_role:
+    name: sys-ctl-hlth-msmtp
+  when: run_once_sys_ctl_hlth_msmtp is not defined
+

roles/sys-svc-mail-msmtp/tasks/main.yml

@@ -0,0 +1,3 @@
+- name: "Load MSMTP (once)"
+  include_tasks: 01_core.yml
+  when: not (run_once_sys_svc_mail_msmtp | default(false) | bool)

roles/sys-svc-mail-msmtp/templates/msmtprc.conf.j2

@@ -0,0 +1,40 @@
+# Set default values for all following accounts.
+defaults
+logfile        ~/.msmtp.log
+
+{% if 'web-app-mailu' in group_names %}
+auth           on
+tls_starttls   {{ 'on' if SYSTEM_EMAIL.START_TLS else 'off' }}
+{% if SYSTEM_EMAIL.TLS %}
+tls            on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+{% else %}
+tls            off
+{% endif %}
+
+{% set no_reply = users.get('no-reply', {}) %}
+{% set no_reply_email = no_reply.get('email', SYSTEM_EMAIL.FROM | default('no-reply@' ~ SYSTEM_EMAIL.HOST)) %}
+{% set no_reply_token = no_reply.get('mailu_token', '') %}
+
+account        system_email_no_reply
+host           {{ SYSTEM_EMAIL.HOST }}
+port           {{ SYSTEM_EMAIL.PORT }}
+from           {{ no_reply_email }}
+user           {{ no_reply_email }}
+password       {{ no_reply_token }}
+
+account default : system_email_no_reply
+
+{% else %}
+# Localhost relay – no auth
+auth           off
+tls_starttls   off
+tls            off
+
+account        local_relay
+host           localhost
+port           25
+from           root@{{ inventory_hostname }}
+
+account default : local_relay
+{% endif %}