kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-19 10:15:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/sys-dns-cloudflare-records/docs/CLOUDFLARE_API_TOKEN.md
Kevin Veen-Birkenbach 2620ee088e
refactor(dns): unify Cloudflare + Hetzner handling across roles 
- replaced CERTBOT_DNS_API_TOKEN with CLOUDFLARE_API_TOKEN everywhere
- introduced generic sys-dns-cloudflare-records role for managing DNS records
- added sys-dns-hetzner-rdns role with both Cloud (hcloud) and Robot API flavors
- updated Mailu role to:
  - generate DKIM before DNS setup
  - delegate DNS + rDNS records to the new generic roles
- removed legacy per-role Cloudflare vars (MAILU_CLOUDFLARE_API_TOKEN)
- extended group vars with HOSTING_PROVIDER for rDNS flavor decision
- added hetzner.hcloud collection to requirements

This consolidates DNS management into reusable roles,
supports both Cloudflare and Hetzner providers,
and standardizes variable naming across the project.
2025-08-16 21:43:01 +02:00

1.9 KiB
Raw Blame History

Cloudflare API Token for Ansible (CLOUDFLARE_API_TOKEN)

This document explains how to generate and use a Cloudflare API Token for DNS automation and certificate operations in Ansible (e.g., with Certbot).

Purpose

The CLOUDFLARE_API_TOKEN variable must contain a valid Cloudflare API Token.
This token is used for all DNS operations and ACME (SSL/TLS certificate) challenges that require access to your Cloudflare-managed domains.

Never commit your API token to a public repository. Always keep it secure!

How to Create a Cloudflare API Token

1. Log In to Cloudflare

2. Open the API Tokens Page

3. Click Create Token

4. Select Custom Token

  • Give your token a descriptive name (e.g., Ansible Certbot Automation).

5. Set Permissions

Add the following permissions:

Category Permission Access
Zone Zone Read
Zone DNS Edit
Zone Cache Purge Purge
  • These permissions are required for DNS record management, CAA/SPF/DKIM handling, cache purging, and certificate provisioning.

6. Zone Resources

  • Zone Resources: Set to Include → All zones
    (Or restrict to specific zones as needed for your environment.)

7. Create and Save the Token

  • Click Continue to summary and then Create Token.
  • Copy the API Token. It will only be shown once!

Using the Token in Ansible

Set the token in your Ansible inventory or secrets file:

CLOUDFLARE_API_TOKEN: "cf_your_generated_token_here"