From dcb85ef10ab5e2a4d8def5611651dc625cd48bfe Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sun, 1 Aug 2021 21:33:33 +0200
Subject: [PATCH] no longer run as root, support debian stretch

---
 templates/stunnel-client.conf.j2 | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/templates/stunnel-client.conf.j2 b/templates/stunnel-client.conf.j2
index 479a45e..136d397 100644
--- a/templates/stunnel-client.conf.j2
+++ b/templates/stunnel-client.conf.j2
@@ -1,4 +1,14 @@
+{% if ansible_distribution_release  == 'stretch' %}
+sslVersion = TLSv1.2
+{% else %}
 sslVersionMin = TLSv1.2
+{% endif %}
+options = SINGLE_ECDH_USE
+options = SINGLE_DH_USE
+
+setuid = stunnel4
+setgid = stunnel4
+pid = /var/run/stunnel4/prometheus-agent.pid
 
 {% for i in prometheus_agent.scrapers if "nodeexporter" in prometheus_agent.scrapers[i] %}
 ; nodeexporter