Make mail stack optional for Infinito.Nexus deployments without Mailu (e.g. Raspberry Pi / robots)

Refactored mail-related roles to support running Infinito.Nexus on nodes without a dedicated mail server:
- Introduced sys-svc-mail as central mail orchestration role.
- Split msmtp handling into sys-svc-mail-msmtp.
- Added sys-svc-mail-smtp to provide a localhost-only Postfix relay when Mailu is not present.
- Updated alert/health roles to use the new mail orchestration.
- Avoid installing postfix inside containers via IS_CONTAINER guard.
- Adjusted WordPress role to use the new msmtp template path.

This allows lightweight deployments (e.g. Raspberry Pi, robots, edge nodes) to send mail via localhost without requiring a full Mailu stack.

ChatGPT discussion: https://chatgpt.com/share/6931edf1-cb98-800f-9e3c-a62d69ccb223

roles/sys-svc-mail-smtp/README.md

@@ -0,0 +1,67 @@
+# sys-svc-mail-smtp 📮
+
+## Description
+
+The `sys-svc-mail-smtp` role configures a **local SMTP relay** using [Postfix](https://www.postfix.org/), listening exclusively on `localhost`.  
+It is designed to be used as a fallback when no central Mailu instance is available, enabling applications and system services to send email via `localhost:25` without additional configuration.
+
+For general background on SMTP, see [SMTP on Wikipedia](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol).  
+For details about Postfix itself, see [Postfix on Wikipedia](https://en.wikipedia.org/wiki/Postfix_(software)).
+
+## Overview
+
+This role:
+
+- Installs Postfix via `pacman` on Arch Linux.
+- Configures it as a **loopback-only relay**, so it:
+  - only listens on `127.0.0.1`,
+  - does not perform local mailbox delivery,
+  - and is safe to use as a simple outbound relay for the local host.
+- Integrates seamlessly with the `sys-svc-mail` and `sys-svc-mail-msmtp` roles in the Infinito.Nexus stack.
+
+Typically, `sys-svc-mail` decides whether to:
+
+- Use Mailu (via `sys-svc-mail-msmtp`), **or**
+- Fall back to this role (`sys-svc-mail-smtp`) and send via `localhost`.
+
+## Purpose
+
+The main goals of this role are:
+
+- Provide a **minimal, secure SMTP relay** for hosts that do not run a full mail stack.
+- Enable `msmtp` (and any other sendmail-compatible client) to send mail by talking to `localhost:25`.
+- Avoid the complexity of a full MTA configuration while still supporting basic outbound notifications.
+
+This is particularly useful for:
+
+- Monitoring nodes,
+- Utility hosts,
+- Development or test environments without Mailu.
+
+## Features
+
+- 💾 **Postfix Installation on Arch Linux**  
+  - Uses `community.general.pacman` to install the `postfix` package.
+
+- 🔒 **Loopback-Only Configuration**  
+  - Configures `inet_interfaces = loopback-only` to restrict the SMTP daemon to `127.0.0.1`.  
+  - Defines `mynetworks = 127.0.0.0/8` for safe local relaying.
+
+- 🚫 **No Local Mailbox Delivery**  
+  - Sets `local_transport = error: local delivery disabled` to avoid storing mail locally.  
+  - Focus is purely on **relaying** from localhost rather than full MTA behavior.
+
+- 🧩 **Integration with Infinito.Nexus**  
+  - Meant to be driven by `sys-svc-mail`, which decides when to enable this relay.  
+  - Works hand in hand with `sys-svc-mail-msmtp`, which configures msmtp to talk to `localhost:25` when Mailu is not present.
+
+## Further Resources
+
+- SMTP & Mail Transfer:
+  - SMTP (Wikipedia): <https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol>
+- Postfix:
+  - Official site: <https://www.postfix.org/>
+  - Postfix on Wikipedia: <https://en.wikipedia.org/wiki/Postfix_(software)>
+- Related Infinito.Nexus roles:
+  - `sys-svc-mail`: central mail orchestration  
+  - `sys-svc-mail-msmtp`: msmtp client and sendmail replacement

roles/sys-svc-mail-smtp/meta/main.yml

@@ -0,0 +1,30 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Configures a local SMTP relay using Postfix, listening only on localhost for secure, lightweight mail delivery."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: | 
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - email
+    - smtp
+    - postfix
+    - relay
+    - monitoring
+    - automation
+    - archlinux
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://docs.infinito.nexus"
+  logo:
+    class: ""
+  run_after: []
+dependencies: []

roles/sys-svc-mail-smtp/tasks/01_core.yml

@@ -0,0 +1,26 @@
+- include_tasks: utils/once/flag.yml
+
+- name: "Ensure msmtp-mta is absent (conflicts with postfix smtp-forwarder)"
+  community.general.pacman:
+    name:
+      - msmtp-mta
+    state: absent
+
+- name: "Install local SMTP relay (Postfix)"
+  community.general.pacman:
+    name:
+      - postfix
+    state: present
+
+- name: "Configure Postfix as localhost-only relay"
+  ansible.builtin.template:
+    src: "postfix-main.cf.j2"
+    dest: "/etc/postfix/main.cf"
+    mode: "0644"
+
+- name: "Ensure postfix is enabled and running"
+  ansible.builtin.systemd:
+    name: postfix
+    enabled: true
+    state: started
+  when: not( IS_CONTAINER | bool ) 

roles/sys-svc-mail-smtp/tasks/main.yml

@@ -0,0 +1,3 @@
+- name: "Load SMTP (once)"
+  include_tasks: 01_core.yml
+  when: not (run_once_sys_svc_mail_smtp | default(false) | bool)

roles/sys-svc-mail-smtp/templates/postfix-main.cf.j2

@@ -0,0 +1,8 @@
+# roles/sys-svc-msmtp/templates/postfix-main.cf.j2
+myhostname = {{ inventory_hostname }}
+inet_interfaces = loopback-only
+mydestination =
+relayhost =
+mynetworks = 127.0.0.0/8
+local_transport = error: local delivery disabled
+default_transport = smtp