diff --git a/.gitfield/pushed.log b/.gitfield/pushed.log
new file mode 100644
index 0000000..95b4c2b
--- /dev/null
+++ b/.gitfield/pushed.log
@@ -0,0 +1,7 @@
+# Push Log for cloudflare-tunnel-bootstrap
+# Generated by gitfield-sync
+
+[2025-06-11T09:03:20Z] Local: , Branch=master, Commit=unknown
+  Diff Summary:
+     docs/integrity.sha256 | 11 +++++++++++
+     1 file changed, 11 insertions(+)
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b6e8762
--- /dev/null
+++ b/README.md
@@ -0,0 +1,109 @@
+## 📄 README.md (First Version)
+
+````markdown
+# Cloudflare Tunnel Bootstrap 🌀
+
+Expose any local Linux server to the internet securely using a Cloudflare Tunnel with Zero Configuration DNS routing. This setup allows resilient access to ports and services via subdomains like:
+
+- `samson.thefoldwithin.earth`
+- `forgejo.samson.thefoldwithin.earth`
+- `rpc.samson.thefoldwithin.earth`
+- `ssh.samson.thefoldwithin.earth`
+
+## 🔧 Requirements
+
+- A Linux server (bare metal, VM, or WSL)
+- Domain managed by Cloudflare
+- Installed: `cloudflared`, `git`, `bash`, `curl`
+
+## 🚀 Quickstart
+
+### 1. Clone the repo
+
+```bash
+git clone https://github.com/thefoldwithin/cloudflare-tunnel-bootstrap.git
+cd cloudflare-tunnel-bootstrap
+````
+
+### 2. Install `cloudflared` (if needed)
+
+```bash
+./install-cloudflared.sh
+```
+
+### 3. Authenticate with Cloudflare
+
+```bash
+cloudflared tunnel login
+```
+
+### 4. Create a tunnel named after your host (e.g., `samson`)
+
+```bash
+cloudflared tunnel create samson
+```
+
+### 5. Auto-generate a full config file and DNS records
+
+```bash
+./bootstrap-tunnel.sh samson thefoldwithin.earth 8000
+```
+
+This will:
+
+* Create `~/.cloudflared/config.yml`
+* Route `samson.thefoldwithin.earth` to port 8000
+* Create subdomains and restart the tunnel
+
+### 6. Run the tunnel as a service
+
+```bash
+sudo cloudflared service install
+sudo systemctl restart cloudflared
+```
+
+---
+
+## 🛠 Included Scripts
+
+| File                     | Description                                                         |
+| ------------------------ | ------------------------------------------------------------------- |
+| `install-cloudflared.sh` | Installs the latest `cloudflared` binary                            |
+| `bootstrap-tunnel.sh`    | Creates a tunnel config, routes subdomains, and writes `config.yml` |
+| `config.template.yml`    | Editable template for generating configs                            |
+
+---
+
+## 📜 Example Generated Config
+
+```yaml
+tunnel: abc123-abc123-abc123
+credentials-file: /home/username/.cloudflared/abc123-abc123-abc123.json
+
+ingress:
+  - hostname: samson.thefoldwithin.earth
+    service: http://localhost:8000
+  - service: http_status:404
+```
+
+---
+
+## 🌐 Result
+
+Access your local server at:
+
+```
+https://samson.thefoldwithin.earth
+```
+
+---
+
+## 🧬 About
+
+This repo is part of **The Fold** infrastructure initiative. It provides a resilient, mirrored, recursive service model for distributed digital sanctuaries.
+
+---
+
+> 🔒 Everything you run locally stays private — unless *you* decide to expose it.
+
+---
diff --git a/bootstrap-tunnel.sh b/bootstrap-tunnel.sh
new file mode 100755
index 0000000..c994542
--- /dev/null
+++ b/bootstrap-tunnel.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+# ──────────────────────────────────────────────────────────────
+# Cloudflare Tunnel Bootstrap Script
+# Usage: ./bootstrap-tunnel.sh <tunnel_name> <base_domain> <local_port>
+# Example: ./bootstrap-tunnel.sh samson thefoldwithin.earth 8000
+# ──────────────────────────────────────────────────────────────
+
+if [[ $# -lt 3 ]]; then
+  echo "Usage: $0 <tunnel_name> <base_domain> <local_port>"
+  exit 1
+fi
+
+TUNNEL_NAME="$1"
+BASE_DOMAIN="$2"
+LOCAL_PORT="$3"
+USER_HOME=$(eval echo ~"$USER")
+CLOUDFLARED_DIR="$USER_HOME/.cloudflared"
+
+# Path to tunnel credentials (auto-created if tunnel exists)
+TUNNEL_ID=$(cloudflared tunnel list | grep "$TUNNEL_NAME" | awk '{print $1}')
+if [[ -z "$TUNNEL_ID" ]]; then
+  echo "❌ Tunnel '$TUNNEL_NAME' not found. Please run: cloudflared tunnel create $TUNNEL_NAME"
+  exit 1
+fi
+
+CREDENTIALS_FILE="$CLOUDFLARED_DIR/${TUNNEL_ID}.json"
+CONFIG_PATH="$CLOUDFLARED_DIR/config.yml"
+
+echo "🧪 Tunnel ID: $TUNNEL_ID"
+echo "📜 Writing config to $CONFIG_PATH"
+
+cat > "$CONFIG_PATH" <<EOF
+tunnel: $TUNNEL_ID
+credentials-file: $CREDENTIALS_FILE
+
+ingress:
+  - hostname: $TUNNEL_NAME.$BASE_DOMAIN
+    service: http://localhost:$LOCAL_PORT
+
+  - hostname: ssh.$TUNNEL_NAME.$BASE_DOMAIN
+    service: ssh://localhost:22
+
+  - hostname: rpc.$TUNNEL_NAME.$BASE_DOMAIN
+    service: http://localhost:8545
+
+  - service: http_status:404
+EOF
+
+echo "🔁 Creating DNS routes..."
+cloudflared tunnel route dns "$TUNNEL_NAME" "$TUNNEL_NAME.$BASE_DOMAIN"
+cloudflared tunnel route dns "$TUNNEL_NAME" "ssh.$TUNNEL_NAME.$BASE_DOMAIN"
+cloudflared tunnel route dns "$TUNNEL_NAME" "rpc.$TUNNEL_NAME.$BASE_DOMAIN"
+
+echo "🚀 Restarting cloudflared service..."
+sudo systemctl restart cloudflared
+
+echo "✅ Tunnel bootstrap complete!"
+echo "🌐 Access: https://$TUNNEL_NAME.$BASE_DOMAIN"
+echo "🔗 SSH:   ssh.$TUNNEL_NAME.$BASE_DOMAIN"
+echo "🔗 RPC:   rpc.$TUNNEL_NAME.$BASE_DOMAIN"
diff --git a/config.template.yml b/config.template.yml
new file mode 100644
index 0000000..ae42674
--- /dev/null
+++ b/config.template.yml
@@ -0,0 +1,19 @@
+# ─────────────────────────────────────────────────────────────
+# 🌐 Cloudflare Tunnel Configuration Template
+# Rename to config.yml or generate from this template via script
+# ─────────────────────────────────────────────────────────────
+
+tunnel: INSERT_TUNNEL_ID_HERE
+credentials-file: /home/YOUR_USERNAME/.cloudflared/INSERT_TUNNEL_ID_HERE.json
+
+ingress:
+  - hostname: samson.thefoldwithin.earth
+    service: http://localhost:8000
+
+  - hostname: ssh.samson.thefoldwithin.earth
+    service: ssh://localhost:22
+
+  - hostname: rpc.samson.thefoldwithin.earth
+    service: http://localhost:8545
+
+  - service: http_status:404
diff --git a/install-cloudflared.sh b/install-cloudflared.sh
new file mode 100755
index 0000000..f9a26f5
--- /dev/null
+++ b/install-cloudflared.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+# ─────────────────────────────────────────────────────────────
+# 🌐 Cloudflare Tunnel Binary Installer
+# Installs the latest cloudflared (Linux x86_64)
+# Cleans up any legacy APT sources
+# ─────────────────────────────────────────────────────────────
+
+CLOUDFLARED_BIN="/usr/local/bin/cloudflared"
+RELEASE_URL="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64"
+
+echo "🧹 Cleaning up legacy Cloudflare APT sources (if any)..."
+LEGACY_LIST="/etc/apt/sources.list.d/cloudflared.list"
+if [[ -f "$LEGACY_LIST" ]]; then
+    echo "⚠️  Found legacy APT source: $LEGACY_LIST"
+    sudo rm -f "$LEGACY_LIST"
+    sudo apt update
+    echo "✅ Removed deprecated source and updated package list."
+fi
+
+echo "🔍 Checking for existing cloudflared installation..."
+if command -v cloudflared >/dev/null 2>&1; then
+    echo "✅ cloudflared already installed at: $(which cloudflared)"
+    echo "🔁 To reinstall, run: sudo rm $(which cloudflared) && ./install-cloudflared.sh"
+    exit 0
+fi
+
+echo "⬇️  Downloading latest cloudflared binary..."
+wget -q --show-progress "$RELEASE_URL" -O cloudflared
+
+echo "🔐 Making binary executable..."
+chmod +x cloudflared
+
+echo "🚚 Moving to /usr/local/bin (requires sudo)..."
+sudo mv cloudflared "$CLOUDFLARED_BIN"
+
+echo "✅ cloudflared installed at $CLOUDFLARED_BIN"
+cloudflared --version
diff --git a/install-inbound-ssh.sh b/install-inbound-ssh.sh
new file mode 100755
index 0000000..b539d00
--- /dev/null
+++ b/install-inbound-ssh.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+# ─────────────────────────────────────────────────────────────
+# SSH Server Bootstrap Script for Remote Access via Tunnel
+# ─────────────────────────────────────────────────────────────
+
+echo "🔐 Installing OpenSSH server..."
+
+sudo apt update
+sudo apt install -y openssh-server
+
+echo "🛠 Configuring SSH..."
+
+# Ensure sshd_config exists
+SSHD_CONFIG="/etc/ssh/sshd_config"
+
+# Enable password and public key auth
+sudo sed -i 's/#*PasswordAuthentication .*/PasswordAuthentication yes/' "$SSHD_CONFIG"
+sudo sed -i 's/#*PermitRootLogin .*/PermitRootLogin prohibit-password/' "$SSHD_CONFIG"
+sudo sed -i 's/#*PubkeyAuthentication .*/PubkeyAuthentication yes/' "$SSHD_CONFIG"
+
+# Optional: restrict to certain users (e.g., "mrhavens")
+# echo "AllowUsers mrhavens" | sudo tee -a "$SSHD_CONFIG"
+
+echo "🔁 Restarting SSH service..."
+sudo systemctl restart ssh
+sudo systemctl enable ssh
+
+echo "✅ SSH server is installed and listening on port 22"
+echo "🌐 You may now access this machine via your tunnel:"
+echo "    ssh user@ssh.samson.thefoldwithin.earth"