get cloudflared client real ip and fix crowdsec mw

iac/cloudflare.tf

@@ -24,7 +24,7 @@ module "cf_r2_arcodange_tf_token" {
       "account:Workers R2 Storage Read",
       "bucket:Workers R2 Storage Bucket Item Write",
     ]
-    account = [ 
+    account = [
       "account:Account Settings Read",
     ]
   }
@@ -68,7 +68,9 @@ module "cf_arcodange_cms_token" {
       "account:Account DNS Settings Write",
       "account:Account Settings Read",
       "zone:Zone Write",
+      "zone:Zone Settings Write",
       "zone:DNS Write",
+      "account:Cloudflare Tunnel Write",
     ]
   }
 }
@@ -86,7 +88,7 @@ resource "gitea_repository_actions_secret" "cf_account_id_cms" {
 }
 
 output "token" {
-  value = module.cf_arcodange_cms_token.token
+  value     = module.cf_arcodange_cms_token.token
   sensitive = true
 }
 
@@ -95,4 +97,4 @@ resource "vault_kv_secret" "cf_arcodange_cms_token" {
   data_json = jsonencode({
     token = module.cf_arcodange_cms_token.token
   })
-}
+}