---
- block:
  - name: Create pki folder structure
    file:
      path: "{{ item }}"
      state: directory
      recurse: True
    with_items:
      - /etc/pki/tls/certs
      - /etc/pki/tls/private

  - name: Copy certs and private key (file)
    copy:
      src: "{{ item.0.source }}"
      dest: "{{ item.0.path }}/{{ item.0.name }}"
      mode: "{{ item.0.mode }}"
    with_subelements:
      - "{{ __pve_certificates }}"
      - nodes
    loop_control:
      label: "{{ item.0.path }}/{{ item.0.name }}"
    register: __pve_copy_cert_file
    when: pve_tls_source_use_files

  - set_fact:
      __pve_copy_cert: "{{ __pve_copy_cert_file }}"
    when: pve_tls_source_use_files

  - name: Copy certs and private key (content)
    copy:
      content: "{{ item.0.source }}"
      dest: "{{ item.0.path }}/{{ item.0.name }}"
      mode: "{{ item.0.mode }}"
    with_subelements:
      - "{{ __pve_certificates }}"
      - nodes
    loop_control:
      label: "{{ item.0.path }}/{{ item.0.name }}"
    register: __pve_copy_cert_content
    when: pve_tls_source_use_content

  - set_fact:
      __pve_copy_cert: "{{ __pve_copy_cert_content }}"
    when: pve_tls_source_use_content

  - name: Copy cert/key to pve filesystem
    command: "/bin/cp -rf {{ item.dest }} /etc/pve/nodes/{{ item.dest | basename }}"
    when: item.changed
    changed_when: item.changed
    with_items: "{{ __pve_copy_cert.results }}"
    loop_control:
      label: "/etc/pve/nodes/{{ item.dest | basename }}"
    notify: __pveproxy_restart
  become: True
  become_user: root