-
Notifications
You must be signed in to change notification settings - Fork 9
/
vars.sample.yml
620 lines (598 loc) · 23.2 KB
/
vars.sample.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
---
# Variables needed for this playbook
#
# Following variables have been assigned some random
# values. Change them to suit your needs
#
# User info
#
# You can generate a password hash using "openssl passwd -6 -salt <some-random-salt>"
# Your email address will receive the notifications sent by Postfix, as well as emails
# from LetsEncrypt regarding your SSL certificates
#
user_name: "user"
user_password_hash: "$6$saltgoeshere$OfAtCqYPcNjH3EOBMl4RBTJxMGLvAzjUcUoLDVPE1y5uoymUPt4.coMB/BcicrT9hlviYtKbD/CiUJIHkB.HH/"
user_ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFl6Awy+/8FsDX2VaMK9AahgYyjj7ooJPQel3LRtv/YhzgAijXhvQmAoJhbOHhSnuPQF8Vj/8OdIpsZjCSlliZBwGyGkKvUDK0KKlI8CYWVPRfsWcjyU9B6aLmn8l3MIhjU6Y4egP2qwED7/YOMpuHYOWvKJkpHLqP6rMw/vmTi0GmgQ6GpLkiO6PdiPGdE09yy7tR1zDMbb1qY4176zONp7AxFfC0TVYanJh+zbv6Wq3ue+xa0jEKv2+pkY14zEAbvQEAL3Sruqqqexd9oqLROGz9snrMA8f+KEbKx7DLRW0j3jG2LZzWWAGRIZVaa3VQe8piBxVGtCIEcCVbY5kT user@hostname"
user_email: "[email protected]"
# Hostname info
#
# Your FQDN will be hostname.domain.com
#
host_name: "hostname"
host_domain: "domain.com"
# Timezone
#
# Specify the path to the time zone file under /usr/share/zoneinfo
#
time_zone_file: "Asia/Kolkata"
# SMTP info
#
# This playbook has configured Postfix to use a relay server to
# forward the emails. You'll need to specify the hostname of the
# relay server and the credentials to connect to it.
#
smtp_relay: "smtp.gmail.com:587"
smtp_user: "[email protected]"
smtp_pass: "somerandompassword"
# Rsyslog variables
#
# If you want to remove the rsyslog package and only use systemd-journald for
# logging, set remove_rsyslog to true.
# Setting remove_rsyslog to false or not defining the variable will result in:
# - rsyslog being set as a remote syslog server, provided the rsyslog role is
# part of your playbook
# - if the rsyslog role is not being used, then Ansible will not touch the
# rsyslog configuration files at all.
remove_rsyslog: 'false'
# OpenVPN info
#
# openvpn_port is the port at which the OpenVPN server will be
# listening on
# openvpn_ipv4_network and openvpn_ipv6_network are the subnets
# that will be used by the server and the connecting clients.
#
openvpn_port: "1234"
openvpn_ipv4_network: "10.10.10.0/24"
openvpn_ipv6_network: "2001:db8:abcd:1234::/64"
#
# THE FOLLOWING PART IS OPTIONAL. You can delete the openvpn_ipv4_routes and
# openvpn_ipv6_routes variables if you're not going to use them.
#
# If you want the VPN users to be able to connect to the networks/LANs
# behind certain VPN clients, then add those networks to the openvpn_ipv4_network
# and openvpn_ipv6_network lists. You need to specify those routes and the common
# name of the clients through which you can reach them.
#
# OPTIONAL VARS
openvpn_ipv4_routes:
# - ["route-network/netmask", "client-cert-common-name"]
- ["192.168.100.0/24", "VPN-Client-1"]
openvpn_ipv6_routes:
# - ["route-network/netmask", "client-cert-common-name"]
- ["2001:db8:abcd:2345::/64","VPN-Client-2"]
# END OF OPTIONAL VARS
# Networking info
#
# THE FOLLOWING PART IS OPTIONAL. Add static IPv6 information here.
#
# Since you will be SSHing into your server to run this playbook,
# you already have your networking configuration in place. If you
# want to add extra static IPv6 addresses to your server's interface,
# add them to the static_ipv6 list below.
#
# OPTIONAL VARS
static_ipv6: ["2001:db8::1/64"]
# END OF OPTIONAL VARS
# nft-geo-filter info
#
# THE FOLLOWING PART IS OPTIONAL. Add the arguments to the nft-geo-filter
# script that you can find at github.com/rpthms/nft-geo-filter
#
# The arguments tell the script which countries need to be blocked from accessing
# a server. If you comment out this variable or assign an empty string to the
# variable, then nft-geo-filter won't be set on the server.
#
# OPTIONAL VARS
nft_geo_filter_args: ""
# END OF OPTIONAL VARS
# nginx
#
# Set 'nginx_private' to true if the nginx should only be accessible via a VPN
#
nginx_private: "false"
# Certbot
#
# Create a TLS certificate for a given domain
#
# This role only supports the DNS-01 method of obtaining TLS certificates. You need
# to specify certain arguments that tell certbot which DNS plugin it needs to use and
# how to use it
#
# dns_plugin: Which DNS plugin to use for the domain verification process. The "arg_name"
# key must be one of the DNS plugin arguments that certbot accepts. The DNS
# plugin that you choose must also be installed on the remote system, so you'll
# also need to provide the name of the package containing your chosen DNS
# plugin in the "package" key.
#
# dns_propagation: How long Let's Encrypt must wait to verify the TXT record set by
# certbot. The "arg_name" key of this hash must be the name of the
# "propagation-seconds" certbot argument associated with the DNS plugin
# in use. Specify the number of seconds to wait in the "value" key.
#
# dns_credentials: Specify the credentials certbot will use to create and destroy the
# TXT record. The "arg_name" key of this hash mush be the name of the
# "credentials" certbot argument associated with the DNS plugin in
# use. Store the credentials in "certbot/files/dns-creds".
# Each DNS plugin will have different values specified in the credential
# files. Check the documentation of your DNS plugin on Certbot's website.
#
certbot_dns_plugin:
arg_name: "--dns-cloudflare"
package: "python3-certbot-dns-cloudflare"
certbot_dns_propagation:
arg_name: "--dns-cloudflare-propagation-seconds"
value: "60"
certbot_dns_credentials:
arg_name: "--dns-cloudflare-credentials"
# ZNC Bouncer
#
# The following variables set up a minimal ZNC server. Not all of the ZNC
# variables have been listed in this file. To check all the possible variables
# that can be used by the ZNC role, check roles/znc/defaults/main.yml. You can
# use any of those variables in your vars.yml file.
#
# Special cases for the modules "sasl" and "adminlog":
# - The sasl module helps you to automatically authenticate your user to the IRC
# networks using SASL. If you want Ansible to set up SASL, you'll need to provide:
# * The ZNC user's actual password (not the hash) in the "password" variable under
# the user object
# * The password used to authenticate your account to the IRC network in the
# network_password variable under the network hash.
#
# - The adminlog module lets you log the connections made to the ZNC server. By default,
# these logs will be stored in their own file in the ZNC user's home directory. If you
# want those logs to go to syslog instead, the following conditions needs to be met:
# * Set znc_send_adminlog_to_syslog to true
# * One of the ZNC users must have "is_admin" set to true and "password" set to their
# ZNC account's password (not the hash)
#
# Check roles/znc/defaults/main.yml to see how to specify the passwords.
#
znc_global_load_modules:
- "webadmin"
- "log"
- "lastseen"
znc_listener_allow_web: 'true'
znc_users:
# Since this user's password is not specified, the default value of 'znc-pass' will
# be used. To use a custom password, set the password_hash and password_salt variables
# for the user. Check roles/znc/defaults/main.yml.
- name: 'znc_user_1'
is_admin: 'true'
modules:
- "chansaver"
- "controlpanel"
networks:
- name: "Freenode"
modules:
- "simple_away"
servers:
- "chat.freenode.net +6697"
- "chat.freenode.net +7000"
- "chat.freenode.net +7070"
channels:
- "#freenode"
# WireGuard
#
# Set the following variable to setup a WireGuard VPN Server
#
# wg_ipv4_address: IPv4 address for the WireGuard interface
# wg_ipv6_address: IPv6 address for the WireGuard interface
# wg_private_key: The private key used by the WireGuard VPN Server
# wg_port: The port the server should be listening on
# wg_peers: The peers for this server. Each peer should specify the public key and a comma
# separated list of allowed IP addresses. A preshared key can also be optionally
# specified to provide an additional layer of symmetric-key cryptography. If a
# peer is supposed to be isolated from other peers, set "isolate" to true.
#
wg_ipv4_address: '10.10.100.1/24'
wg_ipv6_address: '2001:db8:abcd:1234::1/64'
wg_private_key: 'priv-key'
wg_port: '2345'
wg_peers:
- wg_public_key: 'pub-key1'
wg_preshared_key: 'preshared-key1'
wg_allowed_ips:
- '192.168.100.0/24'
- '10.10.100.0/24'
- wg_public_key: 'pub-key2'
wg_preshared_key: 'preshared-key2'
wg_allowed_ips:
- '192.168.200.0/24'
isolate: 'true'
# If you want to setup an iperf3 server to test your WireGuard VPN speeds, set
# the port which iperf3 should use in the following variable
wg_iperf3_port: '4567'
# If you have multiple servers running WireGuard and you want to connect those
# servers with WireGuard as well, fill in the following variables. Make sure all
# your WireGuard servers have each other as peers. The current setup will use a
# direct path from one the source server to the destination server. It is not going
# to route the packets via another relay WireGuard server.
wg_peer_server_ipv4_address: '10.10.200.1/24'
wg_peer_server_ipv6_address: '2001:db8:abcd:2345::1/64'
wg_peer_server_private_key: 'priv-key'
wg_peer_server_port: '2346'
wg_peer_server_peers:
- wg_peer_hostname: 'host.domain.com'
wg_peer_port: '3456'
wg_peer_public_key: 'pub-key1'
wg_peer_preshared_key: 'preshared-key1'
wg_peer_allowed_ips:
- '192.168.200.0/24'
- '10.10.200.0/24'
# InfluxDB
#
# Set the following variables to configure an InfluxDB server
#
# influxdb_admin_*: InfluxDB's admin user credentials
#
# influxdb_telegraf_*: User credentials for Telegraf servers. This user will only have
# write access to the database
#
# influxdb_kapacitor_*: User credentials for the Kapacitor server. Certain tasks in the
# Kapacitor server might require access to the InfluxDB server to
# write back data points related to the task.
#
# influxdb_grafana_*: User credentials for the Grafana server. This user will only have
# read access to the database
#
# influxdb_tls_domain: If you want InfluxDB to listen over TLS, then you must set the name
# of the TLS domain in this variable. This variable will pull in the
# nginx role and the certbot role to do the TLS setup, so make sure to
# fill in the certbot variables beforehand.
# In the absence of this variable, InfluxDB will listen on all the
# interfaces of the host via HTTP
#
# kapacitor_subscription_url: If you want InfluxDB to send its data to a Kapacitor server for
# further data processing / alert handling, set the URL of the
# server in this variable.
#
# If you want to restore a backup of your InfluxDB data onto your new server, copy the backed
# up shards into a directory called 'influxdb-backup' in roles/influxdb/files. The directory
# structure should look something like this:
#
# roles/influxdb/files/influxdb-backup
# ├── 20200715T071901Z.manifest
# ├── 20200715T071901Z.meta
# ├── 20200715T071901Z.s17.tar.gz
# ├── 20200715T071901Z.s25.tar.gz
# ├── 20200715T071901Z.s2.tar.gz
# ├── 20200715T071901Z.s33.tar.gz
#
# (It's probably best to ignore the _interal database when performing a backup)
#
# Make sure that the backup contains the admin, grafana and telegraf users with the proper
# privileges applied to them, or that you create those users manually, because this role
# won't create users or assign privileges when a backup is restored.
#
# NOTE: The restore operation can only be run once. IT IS NOT IDEMPOTENT!! If you want to
# run this role again, make sure you delete the backup directory and ensure that the
# credentials and privileges of the users existing on the database match the
# variables given below.
#
influxdb:
admin_username: 'admin'
admin_password: 'password'
telegraf_username: 'username'
telegraf_password: 'password'
kapacitor_username: 'username'
kapacitor_password: 'password'
grafana_username: 'username'
grafana_password: 'password'
tls_domain: 'influxdb.domain.com'
kapacitor_subscription_url: 'http://kapacitor.domain.com:9092'
#
# Kapacitor
#
# Set up a Kapacitor server for data processing and alerting
#
# hostname: The hostname at which the Kapacitor server will be accessible. Make sure
# that this hostname is exactly the same as the hostname provided in the
# 'kapacitor_subscription_url' variable of the influxdb role, as InfluxDB will
# forward all it's data to a Kapacitor server with the given hostname.
#
# smtp.from_email: The "from" email which will be used for the alerts that you'll receive
#
# influxdb: Certain Kapacitor tasks will need access to the InfluxDB server, so that they
# can use the InfluxDBOut Node and write back data points into the InfluxDB
# server. Provide the URL of the InfluxDB server in influxdb.url and the InfluxDB
# credentials in influxdb.username and influxdb.password.
#
# Each template allows you to set default variables that will be used for the tasks created
# out of these templates, in case the task doesn't provide that particular variable.
# - The "default_vars.time_period" and "default_vars.frequency" keys that are used by a few
# templates are properties of the WindowNode of Kapacitor. The points that Kapacitor receives
# within the "default_vars.time_period" will be emitted to the next node in the template. The
# "default_vars.frequency" tells you how often the points collected in the specified time period
# should be emitted. If the frequency is shorter than the time period, then the same data
# points can be emitted multiple times.
# - The "default_vars.threshold" in the Deadman template tells you how many data points Kapacitor
# must receive within the specified time period to consider a host "UP".
#
# use_tls: If Kapacitor is supposed to be accessible via TLS (using the hostname provided
# in the variable above), then set this variable to 'true'
#
# Since Kapacitor doesn't support HTTP basic authentication, we can use nginx's basic_auth
# module instead. Specify the username and password to be used for the authentication in the
# "basic_auth" hash.
# Unfortunately, InfluxDB's open source version doesn't support sending data to a Kapacitor
# subscription endpoint using basic authentication and therefore won't be able to send data
# to Kapacitor without removing the basic auth feature. So, as a compromise, you can also set
# a list of allowed IPs in the "allowed_ips" key, which would tell nginx that the HTTP requests
# coming from the allowed IPs don't need to go through HTTP authentication.
#
# "basic_auth" and "allowed_ips" will only work if "use_tls" is set to true.
#
kapacitor:
hostname: "kapacitor.domain.com"
smtp:
from_email: "[email protected]"
influxdb:
url: "http://influxdb.domain.com:8086"
username: "username"
password: "password"
templates:
- name: "cpu_usage"
default_vars:
info_usage_percent: 25.0
warn_usage_percent: 50.0
crit_usage_percent: 75.0
time_period: "5m"
frequency: "1m"
- name: "disk_usage"
default_vars:
info_usage_percent: 70.0
warn_usage_percent: 80.0
crit_usage_percent: 90.0
- name: "available_memory"
default_vars:
info_usage_percent: 30.0
warn_usage_percent: 20.0
crit_usage_percent: 10.0
time_period: "5m"
frequency: "1m"
- name: "net_usage"
default_vars:
info_speed_mbps: 40.0
warn_speed_mbps: 60.0
crit_speed_mbps: 80.0
time_period: "5m"
frequency: "1m"
- name: "net_speed_test"
default_vars:
info_speed_mbps: 90.0
warn_speed_mbps: 80.0
crit_speed_mbps: 70.0
time_period: "5m"
frequency: "1m"
- name: "service_status"
default_vars: ~
- name: "deadman"
default_vars:
threshold: 4.0
time_period: "1m"
- name: "tls_expiry"
default_vars:
info_expiry_days: 40
warn_expiry_days: 30
crit_expiry_days: 20
- name: "failed_systemd_unit"
default_vars: ~
use_tls: "true"
allowed_ips:
- "10.1.1.1"
- "10.1.1.2"
basic_auth:
username: "username"
password: "password"
#
# Monitor
#
# Setup up data collection using Telegraf and configure alerts on a Kapacitor server
#
# For telegraf, you need to configure the variables under the monitor_telegraf hash. The
# plugins hash contains two keys: "input" and "output". These keys represent the various
# input and output plugins that Telegraf supports. You can only use the "influxdb" output
# plugin currently. For the input plugins, you can also provide options to each plugin.
# All the options that are supported by the various plugins of this Telegraf role are shown
# in the vars.sample.yml file.
#
# For the exec plugin: If you're using a custom script with the exec plugin and you want to
# copy that script on to the remote system, then place your scripts inside the
# telegraf/files/exec-scripts directory. These scripts will be then copied to /usr/local/bin
# on the remote system. Make sure all the custom scripts are prefixed with /usr/local/bin in
# the command list for the exec plugin below.
#
# Each input plugin also accepts the optional "interval" config option which allows you to
# set a different data collection interval than the global interval setting in
# /etc/telegraf.conf.
#
#
# For Kapacitor, each task requires the name of the template in the "template" key and the
# variables for the tasks in the "vars" key. The "host" var doesn't need to be specified in
# the 'vars' list, it will automatically be added by the role. Each variable in the 'vars'
# list is of the format: "[<variable_name>, <variable_type>, <variable_value>]"
#
# If you want to a template more than once with different variables, you need to specify
# a suffix for the task ID in the 'id_suffix' key. The id_suffix MUST START WITH A DOT, else
# the suffix will be joined with the template name with no separation and result in an
# unreadable mess.
#
monitor:
telegraf:
plugins:
input:
cpu:
percpu: "true"
totalcpu: "true"
collect_cpu_time: "false"
report_active: "false"
disk:
mount_points:
- "/srv"
- "/var/www/html"
interval: "15s"
diskio:
devices:
- "sda"
- "sdb"
dns_query:
servers:
- "1.1.1.1"
- "8.8.8.8"
domains:
- "example.com"
timeout: 5
exec:
- commands:
- "/usr/local/bin/random_metric"
timeout: "30s"
interval: "10s"
- commands:
- "/usr/local/bin/second_random_metric"
timeout: "1m"
interval: "5m"
kernel: ~
mem: ~
net:
interfaces:
- "eth0"
- "eth1"
processes: ~
smart:
path: "/bin/smartctl"
timeout: "30s"
interval: "15s"
system:
interval: "15s"
systemd_units:
unittype: "service,socket"
timeout: "2s"
temp: ~
wireguard:
devices:
- "wg0"
x509_cert:
sources:
- "https://abc.example.com:443"
- "https://def.example.com:443"
timeout: "5s"
output:
influxdb:
url: "http://influxdb.domain.com:8086"
username: "username"
password: "password"
kapacitor:
url: "http://kapacitor.domain.com:9092"
username: "username"
password: "password"
tasks:
- template: "cpu_usage"
vars:
- ["info_usage_percent","float",25.0]
- ["warn_usage_percent","float",50.0]
- ["crit_usage_percent","float",75.0]
- ["time_period","duration","5m"]
- ["frequency","duration","1m"]
- template: "disk_usage"
vars:
- ["path","string","/"]
- ["info_usage_percent","float",70.0]
- ["warn_usage_percent","float",80.0]
- ["crit_usage_percent","float",90.0]
- template: "available_memory"
vars:
- ["info_usage_percent","float",30.0]
- ["warn_usage_percent","float",20.0]
- ["crit_usage_percent","float",10.0]
- ["time_period","duration","5m"]
- ["frequency","duration","1m"]
- template: "net_usage"
vars:
- ["interface","string","eth0"]
- ["info_speed_mbps","float",40.0]
- ["warn_speed_mbps","float",60.0]
- ["crit_speed_mbps","float",80.0]
- ["time_period","duration","5m"]
- ["frequency","duration","1m"]
- template: "net_speed_test"
vars:
- ["info_speed_mbps","float",90.0]
- ["warn_speed_mbps","float",80.0]
- ["crit_speed_mbps","float",70.0]
- ["time_period","duration","5m"]
- ["frequency","duration","1m"]
- template: "service_status"
id_suffix: ".nginx"
vars:
- ["service","string","nginx.service"]
- template: "service_status"
id_suffix: ".ssh"
vars:
- ["service","string","ssh.service"]
- template: "deadman"
vars:
- ["threshold","float",4.0]
- ["time_period","duration","1m"]
- template: "tls_expiry"
vars:
- ["info_expiry_days","int",30]
- ["warn_expiry_days","int",20]
- ["crit_expiry_days","int",10]
- template: "failed_systemd_unit"
vars: ~
#
# Grafana
#
# Set up a Grafana server for visualizing the monitoring data
#
# This role only supports adding one data source to Grafana. Enter the details of
# the data source in the grafana.datasource hash and any data source specific keys
# will go in the grafana.datasource.json_data hash
#
# To add a dashboard, you'll need to get an exported JSON version of the dashboard
# from Grafana and put it in the grafana/files/grafana-dashboards directory. The 'uid'
# and the 'title' of the dashboard will be used as is, so if you want to change them,
# do so in the dashboard's JSON file itself
#
# Users created by Grafana will have the 'Viewer' role by default, which means that
# they won't be able to make any changes to the dashboard. To allow a user to make
# changes in the dashboard, set the 'is_editor' key to true.
#
# NOTE: The "secret_key" is used to encrypt the passwords stored by Grafana to access
# the data sources. You have to set it to a random string before running this
# role.
#
grafana:
use_tls: "true"
url: "http://grafana.domain.com:3000"
secret_key: "Qsu9XG08ZjQwaXgvwaYw"
admin_username: "admin"
admin_password: "password"
users:
- username: "user1"
password: "pass1"
is_editor: "true"
- username: "user2"
password: "pass2"
datasource:
name: "My DB"
type: "influxdb"
database_name: "telegraf"
url: "http://influxdb.domain.com:8086"
basic_auth:
username: "db-user"
password: "db-pass"
json_data:
httpMode: "POST"
...