fix: add back tls cert handling

defaults/main.yml

@@ -2,6 +2,10 @@
 pve_nodes:
   - node1
 
+pve_tls_enabled: False
+pve_tls_cert_source: mycert.pem
+pve_tls_key_source: mykey.pem
+
 pve_pamd_motd_enabled: True
 
 pve_disk_mount: []

handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Restart pveproxy
+  service:
+    state: restarted
+    name: pveproxy
+  listen: __pveproxy_restart
+  become: True
+  become_user: root

tasks/main.yml

@@ -2,3 +2,6 @@
 - ansible.builtin.import_tasks: pve.yml
 - ansible.builtin.import_tasks: pam.yml
 - ansible.builtin.import_tasks: auth.yml
+- ansible.builtin.import_tasks: tls.yml
+  when: pve_tls_enabled | bool
+  tags: tls_renewal

tasks/tls.yml

@@ -0,0 +1,36 @@
+---
+- block:
+    - name: Create pki folder structure
+      file:
+        path: "{{ item }}"
+        state: directory
+        recurse: True
+      loop:
+        - /etc/pki/tls/certs
+        - /etc/pki/tls/private
+
+    - name: Copy certs and private key
+      copy:
+        src: "{{ item.src }}"
+        dest: "{{ item.dest }}"
+        mode: "{{ item.mode }}"
+      loop:
+        - src: "{{ pve_tls_cert_source }}"
+          dest: "/etc/pki/tls/certs/pveproxy-ssl.pem"
+          mode: "0750"
+        - src: "{{ pve_tls_key_source }}"
+          dest: "/etc/pki/tls/private/pveproxy-ssl.key"
+          mode: "0600"
+      loop_control:
+        label: "{{ item.dest }}"
+      register: __pve_tls_copy
+
+    - name: Copy cert/key to pve filesystem
+      command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
+      changed_when: item[0].changed
+      loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
+      loop_control:
+        label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
+      notify: __pveproxy_restart
+  become: True
+  become_user: root