Added ansible playbook for secondary MX server

ansible/01-initial_setup.yml

@@ -1,5 +1,7 @@
 - name: Initial System Setup
-  hosts: mx1
+  hosts:
+    - mx1
+    - mx2
   remote_user: root
   become: true
   become_method: su

ansible/02-ssl.yml

@@ -1,5 +1,7 @@
 - name: SSL Setup
-  hosts: mx1
+  hosts:
+    - mx1
+    - mx2
   remote_user: root
   vars_files:
     - vars.yml
@@ -9,7 +11,7 @@
         path: "/var/www/vhosts/{{ item }}"
         state: directory
         owner: www
-      with_items: "{{ mx1_domains }}"
+      with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
 
     - name: Install httpd.conf
       template:
@@ -31,7 +33,7 @@
       command: "/usr/sbin/acme-client {{ item }}"
       args:
         creates: "/etc/ssl/{{ item }}.fullchain.pem"
-      with_items: "{{ mx1_domains }}"
+      with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
       notify:
         - reload httpd
 
@@ -41,7 +43,7 @@
         minute: "0"
         job: "sleep $((RANDOM \\% 2048)) && acme-client {{ item }} && rcctl reload httpd"
         user: root
-      with_items: "{{ mx1_domains }}"
+      with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
 
   handlers:
     - name: reload httpd

ansible/03-mail.yml

@@ -1,5 +1,6 @@
 - name: OpenSMTPD Installation and Configuration
-  hosts: mx1
+  hosts:
+    - mx1
   remote_user: root
   vars_files:
     - vars.yml

ansible/04-secondary-mail.yml

@@ -0,0 +1,25 @@
+- name: Secondary MX OpenSMTPD Configuration
+  hosts:
+    - mx2
+  remote_user: root
+  vars_files:
+    - vars.yml
+  tasks:
+    - name: Configure OpenSMTPD smtpd.conf
+      template:
+        src: "templates/secondary-smtpd.conf"
+        dest: /etc/mail/smtpd.conf
+      notify:
+        - reload smtpd
+
+    - name: Enable and start OpenSMTPD service
+      service:
+        name: smtpd
+        enabled: yes
+        state: started
+
+  handlers:
+    - name: reload smtpd
+      service:
+        name: smtpd
+        state: restarted

ansible/templates/acme-client.conf

@@ -3,7 +3,7 @@ authority letsencrypt {
     account key "/etc/acme/letsencrypt-privkey.pem"
 }
 
-{% for domain in mx1_domains %}
+{% for domain in lookup('vars', inventory_hostname + '_domains') %}
 domain "{{ domain }}" {
     domain key "/etc/ssl/private/{{ domain }}.key"
     domain full chain certificate "/etc/ssl/{{ domain }}.fullchain.pem"

ansible/templates/httpd.conf

@@ -9,7 +9,7 @@ server "{{ inventory_hostname }}" {
     }
 }
 
-{% for vhost in mx1_domains %}
+{% for vhost in lookup('vars', inventory_hostname + '_domains') %}
 server "{{ vhost }}" {
     listen on * tls port 443
     tls {

ansible/templates/secondary-smtpd.conf

@@ -0,0 +1,16 @@
+{% set _mx_domain = lookup('vars', inventory_hostname + '_mail_domain') %}
+pki {{ _mx_domain }} cert "/etc/ssl/{{ _mx_domain }}.fullchain.pem"
+pki {{ _mx_domain }} key "/etc/ssl/private/{{ _mx_domain }}.key"
+
+listen on all tls pki {{ _mx_domain }}
+
+table aliases file:/etc/mail/aliases
+
+action "local" mbox alias <aliases>
+action "relay" relay host {{ mx1_mail_domain }}
+
+{% for domain in mail_domains %}
+match from any for domain {{ domain }} action "relay"
+{% endfor %}
+match from local for local action "local"
+match from local for any action "relay"

ansible/templates/smtpd.conf

@@ -21,3 +21,4 @@ match from any for domain {{ domain }} action "local_mail"
 {% endfor %}
 match from local for local action "local_mail"
 match from local for any action "outbound"
+match auth from any for any action "outbound"