How to Use This Wiki
Read top to bottom — each section builds on the one before it.
Sequence matters
Each numbered step depends on the one before it — Workspace and domain first, then GitHub, then Cloudflare.
Nothing goes public yet
Everything in Part One creates a private staging environment. Nothing here touches your live domain.
Shared alias, not a person
Use the accounts@cloudberrie.com alias for every new signup unless a step says otherwise — keeps ownership with the business.
Prerequisites
Three things need to already exist before any new account gets created.
Google Workspace
A working Workspace account with alias addresses already configured, all routing to one shared inbox at admin@cloudberrie.com.
cloudberrie.com
The domain is owned and its DNS is currently tied to Workspace email. Nothing in Part One changes that.
Cloudberrie Studio
The registered legal entity. Its full name belongs on invoices, contracts, and legal pages — not shorthand.
Workspace Alias Roster
Every alias routing into admin@cloudberrie.com, and what it's for.
| Alias | Purpose |
|---|---|
| admin@ | Primary inbox — everything else routes here |
| hello@ / info@ | General / public contact |
| support@ | Client support |
| social@ | Social platform management |
| accounts@ | Third-party service signups — GitHub, Cloudflare, etc. |
| compliance@ | LLP / regulatory correspondence (MCA, GST, filings) |
| privacy@ | Data-request contact referenced in Privacy Policy pages |
| security@ | Vulnerability / security reports |
| postmaster@ | Reserved word — Google handles this automatically, no alias needed |
Send Mail As — Alias Reply Setup
So a reply from hello@ actually looks like it came from hello@ — not admin@.
Every alias above correctly routes incoming mail into the admin@ inbox. Without this setting, the outgoing side has a gap: if a client emails hello@cloudberrie.com and you reply from that inbox, Gmail shows the reply as coming from admin@cloudberrie.com by default — an internal address the client never actually emailed.
Setup — for each client-facing alias (hello@, support@, social@ at minimum):
- Gmail → Settings → See all settings → Accounts and Import → "Send mail as"
- Add each alias — since these are genuine Workspace aliases of the same account, Gmail adds them without needing SMTP verification
- Enable "When replying to a message, reply from the same address it was sent to" — this is what makes it automatic, otherwise you'd pick the From address manually every time
What We're Setting Up
One shared login feeds three new accounts — each with a distinct job.
✉ accounts@cloudberrie.com
Organization + private repo
Holds the Studio Board source code and version history.
Pages + Access
Hosting for the staging site, plus Access to keep the staging URL private.
Firestore + Auth
Already in use. Security rules deploy here — separately from Cloudflare.
Create the GitHub Account
- Go to github.com/signup
- Email: accounts@cloudberrie.com
- Username: cb-engops — not cloudberrie-studio, that name is reserved for the org
- Verify the email when it arrives
- Immediately turn on 2FA: Settings → Password and authentication → Enable two-factor authentication
Create a GitHub Organization
- Go to github.com/account/organizations/new
- Choose the Free plan
- Name it cloudberrie-studio (or similar — this becomes part of every repo URL)
- Contact email: accounts@cloudberrie.com
Create the Repository
- github.com/organizations/cloudberrie-studio/repositories/new
- Name: cloudberrie-studio-board
- Visibility: Private
- Leave README, .gitignore, and license unchecked
- Click Create repository
Push the Code
git init
git add .
git commit -m "Initial commit: Cloudberrie Studio Board"
git branch -M main
# swap in your actual org/repo URL
git remote add origin https://github.com/cloudberrie-studio/cloudberrie-studio-board.git
git push -u origin main
Create the Cloudflare Account
- Go to dash.cloudflare.com/sign-up
- Email: accounts@cloudberrie.com
- Verify the email
- Turn on 2FA: My Profile → Authentication → 2FA
Deploy to Cloudflare Pages
- Workers & Pages → Create → Pages → Connect to Git
- Authorize Cloudflare's GitHub App
- Select the organization, then cloudberrie-studio-board
| Build setting | Value |
|---|---|
| Framework preset | None |
| Build command | (leave blank) |
| Output directory | / |
Lock the Staging URL
- Pages project → Settings → General → Access policy (or Zero Trust → Access → Applications)
- Add a rule: only allow emails ending in @cloudberrie.com
- Free for up to 50 users
Deploy the Firestore Rules
- Open Firebase Console → your project → Firestore Database → Rules
- Paste the contents of firestore.rules from the repo
- Publish
Studio Board: Staging Now, Production in ~10 Days
Everything above only creates the staging environment. Nothing here is public.
Staging Environment
- GitHub organization + private repo
- Cloudflare Pages deployment (.pages.dev URL)
- Cloudflare Access — @cloudberrie.com only
- Firestore security rules published
- Full app, real data model, isolated from the public
Production Go-Live
- Bring cloudberrie.com's DNS into Cloudflare (see Part Two — this unlocks subdomains)
- Add board.cloudberrie.com as this project's Custom Domain
- Walk DNS through carefully — Workspace email must not break
- Re-check whether the Access policy stays on for production
Studio Board — Quick Reference Checklist
Tick these off as you go — this list is interactive. The finish line for the one-time setup.
The Multi-Property Roadmap
cloudberrie.com · Studio Board · EventLumi · NeedleNeeds · AIFA · Khushi Marriage Bureau
Where Everything Actually Deploys
One Cloudflare account. One DNS zone per domain. Studio Board is not on the root domain.
🌐 cloudberrie.com
Public marketing site — fully open, no Access gate
🛡 board.cloudberrie.com
Studio Board — gated by Cloudflare Access, @cloudberrie.com only
Same DNS zone · Two Pages projects · Different access posture
The same pattern repeats for every property: one Cloudflare account, one Pages project per site, its own DNS zone once its domain is added.
Properties Register
Every Cloudberrie-owned property, in one place — update this table as things change.
| Property | Domain | Status | Domain Risk |
|---|---|---|---|
| cloudberrie.com | cloudberrie.com | Live, v2.16 | High — live Workspace email |
| Studio Board | board.cloudberrie.com | In progress (this guide) | Depends on cloudberrie.com |
| EventLumi | separate domain | Prototype complete | Unknown — TBD |
| NeedleNeeds | needleneeds.com | Live, mature business | Highest — live email + trademark |
| AIFA | TBD | Early basics | Unknown |
| Khushi Marriage Bureau | khushimarriagebureau.com | Domain only | Low — newly registered |
Deployment Sequence & Dependencies
Priority order — with the one real technical dependency called out.
DNS Migration — Do This Every Time
Before any domain's nameservers move to Cloudflare, in this order.
- Export MX records — email delivery breaks first and silently if missed
- Export SPF, DKIM, DMARC — email authentication; missing these hurts deliverability even if MX is right
- Export every TXT verification record — Search Console, Formspree, other third-party tools
- Export existing A/CNAME records — anything currently pointing subdomains elsewhere
- Only then change nameservers at the registrar
NeedleNeeds — long-standing live email, a trademarked logo, and likely an existing payment/vendor setup. Treat this as the most delicate migration in the whole roadmap.
Khushi Marriage Bureau — newly registered, no email or traffic history yet to protect.
Tech Stack by Property
What's confirmed, and what's still an open question.
| Property | Frontend | Hosting | Backend |
|---|---|---|---|
| Studio Board | Vanilla JS + Tailwind | Cloudflare Pages | Firebase (Firestore + Auth) |
| cloudberrie.com | Static HTML/CSS/JS | Cloudflare Pages | — |
| EventLumi | Next.js | CF Pages + next-on-pages adapter | Firebase |
| AIFA | Next.js | CF Pages + next-on-pages adapter | Firebase |
| NeedleNeeds | OPEN QUESTION | OPEN QUESTION | OPEN QUESTION |
| Khushi Marriage Bureau | Not yet decided | Not yet decided | Not yet decided |
Legal Checklist by Property
Business-perspective items — not exhaustive, but the ones with real exposure if skipped.
- Privacy Policy + Terms of Service
- Domain WHOIS/registrant matches Cloudberrie Studio India LLP
- Cookie/analytics disclosure if tracking is running
- DPDP Act (India) compliance
- Trademark status/class of the logo, and correct ™/® usage on-site
- Refund/cancellation policy + GSTIN display if selling anything
- Existing vendor/payment gateway agreements identified before migration
- Existing legal pages captured, not silently dropped in any rebuild
- Own Privacy Policy — higher bar (names, photos, family, often religion/caste)
- Explicit age verification / minor-protection language
- Photo/image usage rights for user-uploaded content
- AIFA: age-appropriate data handling if under-18 users are in scope
- EventLumi: refund/cancellation policy + gateway agreement if ticketing is ever paid
One Shared Account, One Shared Blast Radius
Whoever controls the Cloudflare account controls DNS for every property in it — not just one.
- cloudberrie.com's DNS
- Studio Board's staging/production access
- EventLumi's DNS, once added
- NeedleNeeds's DNS — a live, revenue-generating business
- Every future property added to this account
Open Decisions & Known Risks
Named on purpose, so nothing here gets assumed later.