Set up Cloudflare Tunnel on hetzner-cc-web

## Steps ### 1. Auth (from laptop SSH session into cc-web) - [ ] SSH into cc-web from laptop: `ssh dev` - [ ] Run `cloudflared tunnel login` — it prints a URL - [ ] Copy the URL and open in laptop browser - [ ] Pick the domain to authorize (e.g. mnxventures.com) - [ ] Token saves to ~/.cloudflared/cert.pem on cc-web automatically ### 2. Create tunnel and routes (Jarvis can do this after auth) - [ ] Create tunnel: `cloudflared tunnel create cc-web` - [ ] Configure routes: - dagu.{domain} → 127.0.0.1:8090 - n8n.{domain} → 127.0.0.1:5678 - [ ] Create config at ~/.cloudflared/config.yml - [ ] Set up as systemd service for persistence - [ ] Set up CF Access policies (email OTP) on both subdomains - [ ] Test access from laptop