cloudflare-coder

# Cloudflare Coder

## Overview

Cloudflare provides CDN, DNS, security, and edge computing services. This skill covers OpenTofu/Terraform patterns for Cloudflare resources.

## Provider Setup

```hcl
terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 4.0"
    }
  }
}

provider "cloudflare" {
  # API Token from environment: CLOUDFLARE_API_TOKEN
  # Or explicitly (not recommended):
  # api_token = var.cloudflare_api_token
}
```

### Authentication

```bash
# Preferred: API Token (scoped permissions)
export CLOUDFLARE_API_TOKEN="your-api-token"

# Or with 1Password
CLOUDFLARE_API_TOKEN=op://Infrastructure/Cloudflare/api_token

# Legacy: Global API Key (full access - avoid if possible)
export CLOUDFLARE_API_KEY="your-global-api-key"
export CLOUDFLARE_EMAIL="your-email@example.com"
```

**API Token Permissions (minimum required):**

| Resource | Permission | Use Case |
|----------|------------|----------|
| Zone | Read | List zones, read settings |
| Zone | Edit | Modify zone settings |
| DNS | Edit | Manage DNS records |
| Firewall | Edit | WAF, firewall rules |
| SSL | Edit | Certificate management |
| Cache | Purge | Cache invalidation |

## Data Sources

### Get Zone by Name

```hcl
data "cloudflare_zone" "main" {
  name = "example.com"
}

# Use in resources
resource "cloudflare_record" "www" {
  zone_id = data.cloudflare_zone.main.id
  # ...
}
```

### Get Account ID

```hcl
data "cloudflare_accounts" "main" {
  name = "My Account"
}

output "account_id" {
  value = data.cloudflare_accounts.main.accounts[0].id
}
```

## DNS Records

### Basic Records

```hcl
# A Record
resource "cloudflare_record" "root" {
  zone_id = data.cloudflare_zone.main.id
  name    = "@"
  type    = "A"
  content = var.server_ip
  ttl     = 1  # 1 = automatic
  proxied = true
}

# CNAME Record
resource "cloudflare_record" "www" {
  zone_id = data.cloudflare_zone.main.id
  name    = "www"
  type    = "CNAME"
  content = "@"
  ttl