cloudflare-manager

# Cloudflare Manager Standardized system for managing Cloudflare infrastructure and local tunnel ingress. ## Prerequisites - **Binary**: `python3` and `cloudflared` must be installed. - **Credentials**: `CLOUDFLARE_API_TOKEN` (minimal Zone permissions) and `CLOUDFLARE_ZONE_ID`. ## Setup 1. Define credentials in the environment or a local `.env` file. 2. Initialize the local environment: `bash scripts/install.sh`. ## Core Workflows ### 1. DNS Management Add, list, or delete DNS records via Cloudflare API. - **List**: `python3 $WORKSPACE/skills/cloudflare-manager/scripts/cf_manager.py list-dns` - **Add**: `python3 $WORKSPACE/skills/cloudflare-manager/scripts/cf_manager.py add-dns --type A --name <subdomain> --content <ip>` ### 2. Tunnel Ingress (Local) Update `/etc/cloudflared/config.yml` and restart the tunnel service. - **Update**: `python3 $WORKSPACE/skills/cloudflare-manager/scripts/cf_manager.py update-ingress --hostname <host> --service <url>` - **Safety**: Use `--dry-run` to preview configuration changes before application. ## Security & Permissions - **Sudo Usage**: The `update-ingress` command requires `sudo` to write to system directories and restart the `cloudflared` service. - **Least Privilege**: Configure restricted sudo access using the pattern in `references/sudoers.example`. - **Token Isolation**: Ensure API tokens are scoped narrowly to specific zones and permissions. ## Reference - **Sudoers Pattern**: See [references/sudoers.example](references/sudoers.example). - **Tunnel Logic**: See [references/tunnel-guide.md](references/tunnel-guide.md).