Extract playbook actions to roles

ansible/roles/mail-secondary/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+primary_mail_server: mx1.example.com
+server_domain: mx1.example.com
+mail_receive_domains:
+  - example.net
+  - example.com

ansible/roles/mail-secondary/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload smtpd
+  service:
+    name: smtpd
+    state: restarted

ansible/roles/mail-secondary/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: Configure OpenSMTPD smtpd.conf
+  template:
+    src: templates/smtpd.conf
+    dest: /etc/mail/smtpd.conf
+  notify:
+    - reload smtpd
+
+- name: Enable and start OpenSMTPD service
+  service:
+    name: smtpd
+    enabled: yes
+    state: started

ansible/roles/mail-secondary/templates/smtpd.conf

@@ -0,0 +1,16 @@
+# {{ ansible_managed }}
+pki {{ server_domain }} cert "/etc/ssl/{{ server_domain }}.fullchain.pem"
+pki {{ server_domain }} key "/etc/ssl/private/{{ server_domain }}.key"
+
+listen on all tls pki {{ server_domain }}
+
+table aliases file:/etc/mail/aliases
+
+action "local" mbox alias <aliases>
+action "relay" relay host {{ primary_mail_server }}
+
+{% for domain in mail_receive_domains %}
+match from any for domain {{ domain }} action "relay"
+{% endfor %}
+match from local for local action "local"
+match from local for any action "relay"