---
- name: Manage the PKI directory
  tags: [pki, ssl, ca, letsencrypt, tls, tls_certificate]
  block:
    - name: Ensure that the PKI directory exists
      ansible.builtin.file:
        path: "{{ pki_dir }}"
        state: directory
        owner: root
        group: root
        mode: 0755

    - name: Ensure that the PKI subdirectories exist
      ansible.builtin.file:
        path: "{{ pki_dir }}/{{ item }}"
        state: directory
        owner: root
        group: root
        mode: 0755
      loop: "{{ pki_subdirs }}"