---
- block:
    - name: Create pki folder structure
      file:
        path: "{{ item }}"
        state: directory
        recurse: True
      loop:
        - /etc/pki/tls/certs
        - /etc/pki/tls/private

    - name: Copy certs and private key
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        mode: "{{ item.mode }}"
      loop:
        - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" }
        - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" }
      loop_control:
        label: "{{ item.dest }}"
      register: __pve_tls_copy

    - name: Copy cert/key to pve filesystem
      command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
      changed_when: item[0].changed
      loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
      loop_control:
        label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
      notify: __pveproxy_restart
  become: True
  become_user: root