riligar-infra-cloudfare
npx machina-cli add skill riligar/agents-kit/riligar-infra-cloudfare --openclawFiles (1)
SKILL.md
8.7 KB
Cloudflare Setup
Automate Cloudflare workflows: DNS setup, email routing, and R2 storage.
Prerequisites
Authentication (Choose One)
Option 1: API Token (Recommended)
# Add to .env.local
CLOUDFLARE_API_TOKEN="your-api-token"
CLOUDFLARE_ACCOUNT_ID="your-account-id"
Create token at: https://dash.cloudflare.com/profile/api-tokens Required permissions:
- Zone:DNS:Edit
- Zone:Zone:Read
- Email Routing Addresses:Edit
- Email Routing Rules:Edit
- Account:R2:Edit (for R2 storage)
Option 2: Wrangler CLI
# Install wrangler
bun add -g wrangler
# Login (opens browser)
wrangler login
# Verify
wrangler whoami
Workflow
When setting up a new domain, follow these steps:
Step 1: Gather Information
Ask the user for:
- Domain name (e.g.,
example.com) - Email addresses to create (e.g.,
contact,support) - Redirect target email (e.g.,
me@gmail.com)
Step 2: Get Zone ID
# If using API token
curl -X GET "https://api.cloudflare.com/client/v4/zones?name=DOMAIN" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" | jq '.result[0].id'
# If using wrangler
wrangler pages project list # Shows associated zones
Step 3: Setup Email Routing
First, enable email routing for the zone (do this in Cloudflare dashboard first time).
Then create routing rules:
# Create destination address (must be verified first)
curl -X POST "https://api.cloudflare.com/client/v4/accounts/ACCOUNT_ID/email/routing/addresses" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"email": "your-main-email@gmail.com"
}'
# Create routing rule for contact@domain.com
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/email/routing/rules" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"name": "Forward contact",
"enabled": true,
"matchers": [{"type": "literal", "field": "to", "value": "contact@DOMAIN"}],
"actions": [{"type": "forward", "value": ["your-main-email@gmail.com"]}]
}'
Required MX records for email routing:
# MX records for Cloudflare Email Routing
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "MX",
"name": "@",
"content": "route1.mx.cloudflare.net",
"priority": 69,
"ttl": 1
}'
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "MX",
"name": "@",
"content": "route2.mx.cloudflare.net",
"priority": 46,
"ttl": 1
}'
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "MX",
"name": "@",
"content": "route3.mx.cloudflare.net",
"priority": 89,
"ttl": 1
}'
# TXT record for SPF
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "TXT",
"name": "@",
"content": "v=spf1 include:_spf.mx.cloudflare.net ~all",
"ttl": 1
}'
Step 4: Verification Checklist
After setup, verify:
# List all DNS records
curl -X GET "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq '.result[] | {type, name, content}'
# Test email routing (send test email to contact@DOMAIN)
Interactive Prompts Template
When running /cloudflare, ask:
What domain are you setting up?
> example.com
What email addresses should I create? (comma-separated)
> contact, support, hello
What email should these redirect to?
> myemail@gmail.com
Common DNS Record Types
| Type | Use Case | Proxied |
|---|---|---|
| A | Root domain to IP | Yes (production) |
| CNAME | Subdomain to hostname | Yes (production) |
| TXT | Verification, SPF | N/A |
| MX | Email routing | N/A |
Troubleshooting
| Issue | Solution |
|---|---|
| Zone not found | Domain must be added to Cloudflare first |
| DNS propagation slow | Wait 5-10 minutes, check with dig |
| Email not forwarding | Verify destination email first |
Useful Commands
# Check DNS propagation
dig DOMAIN +short
dig DOMAIN MX +short
dig DOMAIN TXT +short
# List zones in account
curl -X GET "https://api.cloudflare.com/client/v4/zones" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" | jq '.result[] | {name, id}'
# Delete a DNS record
curl -X DELETE "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records/RECORD_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
R2 Storage Setup
Setup R2 buckets for file storage: user uploads, static assets, backups.
R2 Workflow
Step 1: Determine Use Case
Ask the user:
What do you want to do with R2?
1. Create new bucket (full setup)
2. Configure existing bucket (CORS, public access)
3. Setup custom domain for bucket
Step 2: Gather Bucket Info
Bucket name?
> my-app-uploads
What will this bucket store?
1. User uploads (images, files) - needs CORS + presigned URLs
2. Static assets (public CDN) - needs public access
3. Backups (private) - no public access
> 1
Custom domain? (optional, press enter to skip)
> uploads.myapp.com
Step 3: Create Bucket
# Create bucket via wrangler
wrangler r2 bucket create my-app-uploads
# Or via API
curl -X PUT "https://api.cloudflare.com/client/v4/accounts/{account_id}/r2/buckets" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{"name": "my-app-uploads", "locationHint": "wnam"}'
Step 4: Configure CORS (for user uploads)
Create cors.json:
{
"corsRules": [
{
"allowedOrigins": ["https://myapp.com", "http://localhost:3000"],
"allowedMethods": ["GET", "PUT", "POST", "DELETE", "HEAD"],
"allowedHeaders": ["*"],
"exposeHeaders": ["ETag", "Content-Length"],
"maxAgeSeconds": 3600
}
]
}
Apply CORS:
wrangler r2 bucket cors put my-app-uploads --file=cors.json
Step 5: Setup Public Access (for static assets)
Option A: Enable R2.dev subdomain (via dashboard)
- Go to R2 > Bucket > Settings > Public access
Option B: Custom domain:
# Add CNAME record
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "CNAME",
"name": "uploads",
"content": "{account_id}.r2.cloudflarestorage.com",
"ttl": 1,
"proxied": true
}'
Then enable custom domain in R2 bucket settings.
Step 6: Generate S3 API Credentials (for SDK access)
- Go to R2 > Manage R2 API Tokens
- Create token with Object Read & Write
- Add to
.env.local:
R2_ACCESS_KEY_ID="your-access-key"
R2_SECRET_ACCESS_KEY="your-secret-key"
R2_ENDPOINT="https://{account_id}.r2.cloudflarestorage.com"
R2_BUCKET_NAME="my-app-uploads"
R2 Quick Commands
# List buckets
wrangler r2 bucket list
# Create bucket
wrangler r2 bucket create BUCKET_NAME
# Delete bucket
wrangler r2 bucket delete BUCKET_NAME
# List objects
wrangler r2 object list BUCKET_NAME
# Upload file
wrangler r2 object put BUCKET_NAME/path/file.png --file=./local.png
# View CORS config
wrangler r2 bucket cors get BUCKET_NAME
R2 Use Case Presets
| Use Case | CORS | Public | Custom Domain |
|---|---|---|---|
| User uploads | Yes | No | Optional |
| Static assets/CDN | No | Yes | Recommended |
| Backups | No | No | No |
| Public downloads | No | Yes | Optional |
R2 Troubleshooting
| Issue | Solution |
|---|---|
| CORS error in browser | Add domain to allowedOrigins |
| 403 Forbidden | Check API token has R2:Edit permission |
| Custom domain not working | Ensure CNAME is proxied (orange cloud) |
| Upload fails | Verify Content-Type header matches file |
References
- Cloudflare API Reference: Auth tokens, zone operations, DNS endpoints
- Email Routing: Email forwarding setup and configuration
- R2 Storage: Bucket management, CORS, presigned URLs
Source
git clone https://github.com/riligar/agents-kit/blob/prod/.agent/skills/riligar-infra-cloudfare/SKILL.mdView on GitHub Overview
This skill automates Cloudflare workflows for a new domain, covering DNS setup, email routing, and R2 storage. It guides you from gathering domain details to creating DNS records and forwarding rules, so new domains are configured quickly and correctly.
How This Skill Works
Using an API token or Wrangler CLI, it authenticates to Cloudflare and retrieves the zone ID for the domain. It then creates the necessary DNS records, enables email routing, and defines routing rules that forward mail to a target address.
When to Use It
- Onboarding a new domain into Cloudflare for a project
- Configuring DNS records like MX and SPF for proper email deliverability
- Setting up Cloudflare email routing rules to forward mail
- Verifying DNS and routing configuration after domain provisioning
- Integrating R2 storage with a Cloudflare managed domain
Quick Start
- Step 1: Gather Domain name, emails to create, and the redirect target
- Step 2: Retrieve the zone ID via API token or Wrangler
- Step 3: Create email routing rules and DNS records (MX and SPF) and verify
Best Practices
- Collect domain name, target addresses, and the redirect target before starting
- Use API Token with minimal permissions and include Zone DNS Edit and Email Routing; add Account R2 if using R2
- Verify MX and SPF records after creation and avoid duplicates
- Test routing with a real email and verify forwarding end to end
- Document zone IDs and changes for future audits and migrations
Example Use Cases
- Add example.com, create contact and support addresses, and forward to me@gmail.com
- Configure example.org with MX records route1 and route2 and SPF TXT for Cloudflare Email Routing
- Fetch zone IDs using Wrangler for a domain without an API token
- Add a routing rule forwarding sales@domain to a central mailbox
- Connect an R2 storage bucket to a domain to serve static assets
Frequently Asked Questions
Add this skill to your agents
