pki: Prevent OpenBSD from changing permissions

roles/pki/tasks/main.yml

@@ -29,6 +29,12 @@
   ansible.builtin.set_fact:
     pki_cacert_hash: "{{ result.stdout }}"
 
+- name: Patch mtree to set correct permissions on /etc/ssl/private
+  ansible.posix.patch:
+    dest: /etc/mtree/4.4BSD.dist
+    src: mtree.patch
+  when: ansible_system == "OpenBSD"
+
 - name: Fix private key directory permissions
   ansible.builtin.file:
     path: "{{ tls_private }}"