ansible/roles/unbound_exporter/templates/stunnel.conf.j2

setuid = _unboundexporter
setgid = _unboundexporter

sslVersionMin = TLSv1.3
ciphersuites = TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
curves = X25519:prime256v1:secp384r1

key = {{ tls_private }}/{{ inventory_hostname }}.key
cert = {{ tls_certs }}/{{ inventory_hostname }}.crt

verify = 2
CAfile = {{ tls_certs }}/ca.crt

syslog = yes

[unbound_exporter]
{% for ip in ansible_all_ipv4_addresses %}
accept = {{ ip }}:9167
{% endfor %}
connect = 127.0.0.1:9167
{% for host in groups['prometheus'] %}
checkHost = {{ host }}
{% endfor %}