From 11c8da0558158693a347b134bc5435cdda08cd7a Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 10 Feb 2024 18:59:48 +0000
Subject: [PATCH] node_exporter: More restrictive tls configuration

---
 roles/node_exporter/templates/web-config.yml.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/node_exporter/templates/web-config.yml.j2 b/roles/node_exporter/templates/web-config.yml.j2
index 01c911f..edc7ca3 100644
--- a/roles/node_exporter/templates/web-config.yml.j2
+++ b/roles/node_exporter/templates/web-config.yml.j2
@@ -4,3 +4,9 @@ tls_server_config:
   cert_file: {{ tls_certs }}/{{ inventory_hostname }}.crt
   client_ca_file: {{ tls_certs }}/ca.crt
   client_auth_type: RequireAndVerifyClientCert
+  client_allowed_sans:
+    - prometheus01.home.foo.sh
+    - prometheus02.home.foo.sh
+    - prometheus03.home.foo.sh
+    - prometheus04.home.foo.sh
+  min_version: TLS13