---
tls_server_config:
  key_file: {{ tls_private }}/{{ inventory_hostname }}.key
  cert_file: {{ tls_certs }}/{{ inventory_hostname }}.crt
  client_ca_file: {{ tls_certs }}/ca.crt
  client_auth_type: RequireAndVerifyClientCert
  client_allowed_sans:
{% for host in groups['prometheus'] %}
    - {{ host }}
{% endfor %}
  min_version: TLS13