# README
Cloudflare infrastructure to (safely) expose the homelab services to the outside internet via [Cloudflare Zero Trust Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/).

## Initial Setup
0. (pre-req) Cloudflare account and a domain name
1. Transfer domain from registrar to Cloudflare by creating the NS records
    - `NS lloyd.ns.cloudflare.com`
    - `NS meadow.ns.cloudflare.com`
2. Create an [API token](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/) with the following access rules
    - DNS:Edit
    - Cloudflare Tunnel:Edit
    - Zero Trust:Edit
    - Access: Apps and Policies:Edit

## Usage
To add a new app/service and expose it:

0. (pre-req) have a `cloudflared` authorized and running
1. deploy the app
2. describe it in the [services](https://git.madunde.ad/madundead/homelab/src/branch/master/cloudflare/services/services.tf)
3. `tofu apply`

## TODO
- [ ] Automate token creation and/or deployment of `cloudflared`.