docs(dns): explain Cloudflare deployment

cloudflare/README.md

@@ -1,13 +1,23 @@
 # README
+Cloudflare infrastructure to (safely) expose the homelab services to the outside internet via [Cloudflare Zero Trust Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/).
+
+## Initial Setup
+0. (pre-req) Cloudflare account and a domain name
+1. Transfer domain from registrar to Cloudflare by creating the NS records
+    - `NS lloyd.ns.cloudflare.com`
+    - `NS meadow.ns.cloudflare.com`
+2. Create an [API token](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/) with the following access rules
+    - DNS:Edit
+    - Cloudflare Tunnel:Edit
+    - Zero Trust:Edit
+    - Access: Apps and Policies:Edit
+
+## Usage
+To add a new app/service and expose it:
+0. (pre-req) have a `cloudflared` authorized and running
+1. deploy the app
+2. describe it in the [services](https://git.madunde.ad/madundead/homelab/src/branch/master/cloudflare/services/services.tf)
+3. `tofu apply`
 
 ## TODO
-- don't forget to mention namecheap -> cloudflare NS
+- [ ] Automate token creation and/or deployment of `cloudflared`.
-NS lloyd.ns.cloudflare.com
-NS meadow.ns.cloudflare.com
-
-Create token
-https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/
-
-Token access
-Kostiantyn Bukliei - Cloudflare Tunnel:Edit, Zero Trust:Edit, Access: Apps and Policies:Edit
-    madunde.ad - DNS:Edit