From 765c8019fd91e04f9c0df7c83be9b913c7ba779d Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 16:22:22 -0400
Subject: [PATCH 1/8] IaC

---
 README.md                         | 18 +++++++++++
 sld/README.md                     | 27 ++++++++++++++++
 sld/provider.tf                   | 18 +++++++++++
 sld/records.nycmesh.net.tf        |  0
 sld/records.nycmeshconnect.com.tf |  0
 sld/records.nycmeshconnect.net.tf |  0
 sld/records.themesh.foundation.tf |  0
 sld/records.themesh.nyc.tf        |  0
 sld/setup/README.md               | 42 ++++++++++++++++++++++++
 sld/setup/one_time_setup.py       | 54 +++++++++++++++++++++++++++++++
 sld/vars.tf                       | 11 +++++++
 11 files changed, 170 insertions(+)
 create mode 100644 sld/README.md
 create mode 100644 sld/provider.tf
 create mode 100644 sld/records.nycmesh.net.tf
 create mode 100644 sld/records.nycmeshconnect.com.tf
 create mode 100644 sld/records.nycmeshconnect.net.tf
 create mode 100644 sld/records.themesh.foundation.tf
 create mode 100644 sld/records.themesh.nyc.tf
 create mode 100644 sld/setup/README.md
 create mode 100644 sld/setup/one_time_setup.py
 create mode 100644 sld/vars.tf

diff --git a/README.md b/README.md
index 969541e..201748a 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,28 @@
 NYC Mesh DNS
 ---
 
+This repository manages the DNS zones for the various NYC Mesh domains including `nycmesh.net` and `mesh.nycmesh.net` domains.
+
+# mesh.nycmesh.net
+
 Edit the mesh.zone file to add a record, please format appropriately and place under the proper heading. 
 
 Please fork and make a pull request, don't push directly ( unless you have to )
 
+# Second Level Domains - nycmesh.net
+
+Uses [lexfrei/namedotcom](https://registry.terraform.io/providers/lexfrei/namedotcom/latest/docs) to manage the DNS zones for the following domains.
+
+1. [nycmesh.net](./sld/records.nycmesh.net.tf)
+2. [nycmeshconnect.com](./sld/records.nycmeshconnect.com.tf)
+3. [nycmeshconnect.net](./sld/records.nycmeshconnect.net.tf)
+4. [themesh.foundation](./sld/records.themesh.foundation.tf)
+5. [themesh.nyc](./sld/records.themesh.nyc.tf)
+
+# Hosting
+
+The following applies to the `mesh.nycmesh.net` zone, which is hosted inside of the mesh.
+
 ## Requirements
 
 Either:
diff --git a/sld/README.md b/sld/README.md
new file mode 100644
index 0000000..710ac2a
--- /dev/null
+++ b/sld/README.md
@@ -0,0 +1,27 @@
+# NYCMesh Second Level Domains
+
+1. [nycmesh.net](./records.nycmesh.net.tf)
+2. [nycmeshconnect.com](./records.nycmeshconnect.com.tf)
+3. [nycmeshconnect.net](./records.nycmeshconnect.net.tf)
+4. [themesh.foundation](./records.themesh.foundation.tf)
+5. [themesh.nyc](./records.themesh.nyc.tf)
+
+## Add DNS Record(s)
+
+1. Fork the repository if needed.
+2. Create a new branch.
+3. Add a new entry to the corresponding file `records.<DOMAIN>.tf`. Consult the [lexfrei/namedotcom documentation](https://registry.terraform.io/providers/lexfrei/namedotcom/latest/docs) as needed. The example below creates an `A` record pointed at `1.1.1.2`.
+4. Open a [pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) to `master`.
+
+```
+resource "namedotcom_record" "record_test" {
+    domain_name = "nycmesh.net"
+    host = "test"
+    record_type = "A"
+    answer = "1.1.1.2"
+}
+```
+
+## Setup
+
+To use this repository as a template for managing other existing DNS zones hosted by [name.com](https://name.com), see [setup/README.md](./setup/README.md).
diff --git a/sld/provider.tf b/sld/provider.tf
new file mode 100644
index 0000000..c77c42c
--- /dev/null
+++ b/sld/provider.tf
@@ -0,0 +1,18 @@
+terraform {
+  backend "s3" {
+    # Chang to the path to use within your bucket
+    key    = "terraform/state/nycmesh-sld.tfstate"
+    region = "us-east-1"
+  }
+  required_providers {
+    namedotcom = {
+      source  = "lexfrei/namedotcom"
+      version = "1.3.1"
+    }
+  }
+}
+
+provider "namedotcom" {
+  username = var.name_dot_com_user
+  token    = var.name_dot_com_token
+}
diff --git a/sld/records.nycmesh.net.tf b/sld/records.nycmesh.net.tf
new file mode 100644
index 0000000..e69de29
diff --git a/sld/records.nycmeshconnect.com.tf b/sld/records.nycmeshconnect.com.tf
new file mode 100644
index 0000000..e69de29
diff --git a/sld/records.nycmeshconnect.net.tf b/sld/records.nycmeshconnect.net.tf
new file mode 100644
index 0000000..e69de29
diff --git a/sld/records.themesh.foundation.tf b/sld/records.themesh.foundation.tf
new file mode 100644
index 0000000..e69de29
diff --git a/sld/records.themesh.nyc.tf b/sld/records.themesh.nyc.tf
new file mode 100644
index 0000000..e69de29
diff --git a/sld/setup/README.md b/sld/setup/README.md
new file mode 100644
index 0000000..86126de
--- /dev/null
+++ b/sld/setup/README.md
@@ -0,0 +1,42 @@
+# SLD One Time Setup
+
+## GitHub Repository Setup
+
+1. Obtain your [name dot com API key](https://www.name.com/account/settings/api).
+2. Set the secret `TF_VAR_name_dot_com_user` to your name dot com username.
+3. Set the secret `TF_VAR_name_dot_com_token` to your name dot com token.
+4. Setup a s3 bucket (or similar) based on your needs for state storage. For s3, follow the terraform [instructions](https://developer.hashicorp.com/terraform/language/settings/backends/s3#s3-bucket-permissions). Set the secret `BUCKET_TF_STATE` to the bucket name.
+5. Set the secrets `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
+
+## Initial Setup (Existing Domain)
+
+Complete the following from your  local machine. These steps should work on linux with python3 + pip installed.
+
+1. Clone this repository.
+2. Setup a python environment:
+```
+cd setup
+python3 -m venv venv
+source venv/bin/activate
+pip install requests
+```
+3. Obtain your [name dot com API key](https://www.name.com/account/settings/api).
+4. Obtain your `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` (as above).
+5. Update `main.tf` with your bucket information (`backend` configuration).
+6. Execute the one time setup:
+```
+export TF_VAR_name_dot_com_domain="nycmesh.net"
+export TF_VAR_name_dot_com_user="theactualvalue"
+export TF_VAR_name_dot_com_token="theactualvalue"
+export BUCKET_TF_STATE="yourbucketname"
+export AWS_ACCESS_KEY_ID="theactualvalue"
+export AWS_SECRET_ACCESS_KEY="theactualvalue"
+python3 one_time_setup.py
+```
+7. Inspect the generated `../records.${TF_VAR_name_dot_com_domain}.tf`, compare it to your domain in the name dot com UI. Make manual corrections as needed.
+8. Inspect the generated `import.${TF_VAR_name_dot_com_domain}.sh`. Make manual corrections as needed.
+9. Execute `cd ..`
+10. Execute `terraform init -backend-config="bucket=$BUCKET_TF_STATE"`
+11. Execute `bash setup/import.${TF_VAR_name_dot_com_domain}.sh`
+12. Execute `terraform plan`
+13. Execute `terraform apply`
diff --git a/sld/setup/one_time_setup.py b/sld/setup/one_time_setup.py
new file mode 100644
index 0000000..e3a8122
--- /dev/null
+++ b/sld/setup/one_time_setup.py
@@ -0,0 +1,54 @@
+import requests
+import os
+
+DOMAIN = os.environ["TF_VAR_name_dot_com_domain"]
+NAME_DOT_COM_USER = os.environ["TF_VAR_name_dot_com_user"]
+NAME_DOT_COM_TOKEN = os.environ["TF_VAR_name_dot_com_token"]
+
+OUTPUT_TF = f"../records.{DOMAIN}.tf"
+OUTPUT_SH = f"import.{DOMAIN}.sh"
+
+class OneTimeSetup:
+    def get_records(self, domain_name):
+        ret = []
+        per_page = 1000
+        url = f"https://api.name.com/v4/domains/{domain_name}/records?perPage={per_page}"
+        res = requests.get(url, auth=(NAME_DOT_COM_USER, NAME_DOT_COM_TOKEN))
+        ret.extend(res.json()["records"])
+        while res.json().get("nextPage", None) is not None:
+            next_page = res.json()["nextPage"]
+            url = f"https://api.name.com/v4/domains/{domain_name}/records?perPage={per_page}&page={next_page}"
+            res = requests.get(url, auth=(NAME_DOT_COM_USER, NAME_DOT_COM_TOKEN))
+            ret.extend(res.json()["records"])
+        return ret
+
+    def one_time_setup(self):
+        with open(OUTPUT_TF, "w") as fdtf:
+            with open(OUTPUT_SH, "w") as fdsh:
+                for item in self.get_records(DOMAIN):
+                    tf, sh = self.generate_resource(item)
+                    fdtf.write(tf)
+                    fdsh.write(sh)
+
+
+    def generate_resource(self, row):
+        print(row)
+        record_id = row["id"]
+        host = row.get("host", "")
+        record_type = row["type"]
+        answer = row["answer"]
+        resource_name = f"record_{host}_{record_id}"
+        tf = f"""
+resource "namedotcom_record" "{resource_name}" {{
+    domain_name = "{DOMAIN}"
+    host = "{host}"
+    record_type = "{record_type}"
+    answer = "{answer}"
+}}
+"""
+        sh = f"terraform import namedotcom_record.{resource_name} {DOMAIN}:{record_id}\n"
+        return tf, sh
+
+if __name__ == "__main__":
+    ots = OneTimeSetup()
+    ots.one_time_setup()
diff --git a/sld/vars.tf b/sld/vars.tf
new file mode 100644
index 0000000..632d0b3
--- /dev/null
+++ b/sld/vars.tf
@@ -0,0 +1,11 @@
+variable "name_dot_com_user" {
+  type        = string
+  description = "username"
+  sensitive   = true
+}
+
+variable "name_dot_com_token" {
+  type        = string
+  description = "token"
+  sensitive   = true
+}

From a494d84d65f9c9d6e9109c8473b430f140c7af07 Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 17:29:31 -0400
Subject: [PATCH 2/8] add records + ci

---
 .github/workflows/pull_request.yaml  |  30 +++
 .github/workflows/sld_terraform.yaml |  63 +++++
 sld/records.nycmesh.net.tf           | 328 +++++++++++++++++++++++++++
 sld/records.nycmeshconnect.com.tf    |   1 +
 sld/records.nycmeshconnect.net.tf    |  27 +++
 sld/records.themesh.foundation.tf    |  13 ++
 sld/records.themesh.nyc.tf           |  13 ++
 7 files changed, 475 insertions(+)
 create mode 100644 .github/workflows/pull_request.yaml
 create mode 100644 .github/workflows/sld_terraform.yaml

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
new file mode 100644
index 0000000..0c5c775
--- /dev/null
+++ b/.github/workflows/pull_request.yaml
@@ -0,0 +1,30 @@
+
+name: "Pull Request"
+
+on:
+  pull_request:
+    paths:
+      - 'sld/**'
+
+permissions: read-all
+
+defaults:
+  run:
+    working-directory: sld
+
+jobs:
+  terraform:
+    name: "Terraform"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4
+
+      - name: Setup Terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Terraform format
+        id: fmt
+        run: terraform fmt -check
diff --git a/.github/workflows/sld_terraform.yaml b/.github/workflows/sld_terraform.yaml
new file mode 100644
index 0000000..74ef884
--- /dev/null
+++ b/.github/workflows/sld_terraform.yaml
@@ -0,0 +1,63 @@
+
+name: "SLD Terraform"
+
+on:
+  push:
+    branches:
+      - master
+      - james/iac
+  workflow_dispatch:
+    branches:
+      - master
+
+permissions: read-all
+
+defaults:
+  run:
+    working-directory: sld
+
+env:
+  # verbosity setting for Terraform logs
+  #TF_LOG: INFO
+  # Credentials for name dot com
+  TF_VAR_name_dot_com_user: ${{ secrets.TF_VAR_name_dot_com_user }}
+  TF_VAR_name_dot_com_token: ${{ secrets.TF_VAR_name_dot_com_token }}
+  # Credentials for deployment to AWS
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  # S3 bucket for the Terraform state
+  BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE}}
+
+jobs:
+  terraform:
+    name: "Terraform"
+    environment: prod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4
+
+      - name: Setup Terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Terraform init
+        id: init
+        run: terraform init -backend-config="bucket=$BUCKET_TF_STATE"
+
+      - name: Terraform format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform validate
+        id: validate
+        run: terraform validate
+      
+      - name: Terraform plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/master' && github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false
diff --git a/sld/records.nycmesh.net.tf b/sld/records.nycmesh.net.tf
index e69de29..540b55f 100644
--- a/sld/records.nycmesh.net.tf
+++ b/sld/records.nycmesh.net.tf
@@ -0,0 +1,328 @@
+resource "namedotcom_record" "record__983532" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "A"
+  answer      = "104.198.14.52"
+}
+
+resource "namedotcom_record" "record_www_983538" {
+  domain_name = "nycmesh.net"
+  host        = "www"
+  record_type = "CNAME"
+  answer      = "clever-shannon-d43dce.netlify.com"
+}
+
+resource "namedotcom_record" "record__983545" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "TXT"
+  answer      = "v=spf1 include:mailgun.org include:servers.mcsv.net ~all"
+}
+
+resource "namedotcom_record" "record__983546" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "MX"
+  answer      = "mxa.mailgun.org"
+}
+
+resource "namedotcom_record" "record__983547" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "MX"
+  answer      = "mxb.mailgun.org"
+}
+
+resource "namedotcom_record" "record_wiki_1031824" {
+  domain_name = "nycmesh.net"
+  host        = "wiki"
+  record_type = "A"
+  answer      = "104.131.97.63"
+}
+
+resource "namedotcom_record" "record_pic_domainkey_1171425" {
+  domain_name = "nycmesh.net"
+  host        = "pic._domainkey"
+  record_type = "TXT"
+  answer      = "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSJLcgGjVDfFSpXdVnaz0DdvJeRj7yhcuJjXRUV85TeEOCbNgDcVQXrVJeC/J0z8iiwJAl9gDEf8L729r54VJ/y8ml+xxjIp3hDBIm0Pg9TiTVGO9kif9RlW2unIrGKw2CrE7xM7vZcpw2FQt3fJwZtZ8zBOn68sIU9stR9MUG+QIDAQAB"
+}
+
+resource "namedotcom_record" "record_email_1171426" {
+  domain_name = "nycmesh.net"
+  host        = "email"
+  record_type = "CNAME"
+  answer      = "mailgun.org"
+}
+
+resource "namedotcom_record" "record_donate_1186425" {
+  domain_name = "nycmesh.net"
+  host        = "donate"
+  record_type = "A"
+  answer      = "104.131.97.63"
+}
+
+resource "namedotcom_record" "record_375pearl_1367535" {
+  domain_name = "nycmesh.net"
+  host        = "375pearl"
+  record_type = "A"
+  answer      = "206.130.10.151"
+}
+
+resource "namedotcom_record" "record_375pearl_1367537" {
+  domain_name = "nycmesh.net"
+  host        = "375pearl"
+  record_type = "AAAA"
+  answer      = "2001:504:36::c2ab:0:1"
+}
+
+resource "namedotcom_record" "record_matrix_1392093" {
+  domain_name = "nycmesh.net"
+  host        = "matrix"
+  record_type = "A"
+  answer      = "104.131.97.63"
+}
+
+resource "namedotcom_record" "record__2193735" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "TXT"
+  answer      = "google-site-verification=ZqOjueV-PhiukY-NDTf8CbGOPFwzGqeeIwmDQC-ZdRc"
+}
+
+resource "namedotcom_record" "record__now_3070265" {
+  domain_name = "nycmesh.net"
+  host        = "_now"
+  record_type = "TXT"
+  answer      = "f12798020e735de0ae0fac869c386d7e676ac3b828953712b0f28bd718848c14"
+}
+
+resource "namedotcom_record" "record_docs_3526857" {
+  domain_name = "nycmesh.net"
+  host        = "docs"
+  record_type = "CNAME"
+  answer      = "quirky-edison-0960a5.netlify.com"
+}
+
+resource "namedotcom_record" "record_support_3588805" {
+  domain_name = "nycmesh.net"
+  host        = "support"
+  record_type = "A"
+  answer      = "165.227.70.230"
+}
+
+resource "namedotcom_record" "record_support_3588806" {
+  domain_name = "nycmesh.net"
+  host        = "support"
+  record_type = "AAAA"
+  answer      = "2604:a880:800:10::9f0:3001"
+}
+
+resource "namedotcom_record" "record_stats_3588970" {
+  domain_name = "nycmesh.net"
+  host        = "stats"
+  record_type = "A"
+  answer      = "199.167.59.7"
+}
+
+resource "namedotcom_record" "record_ipv4_3588972" {
+  domain_name = "nycmesh.net"
+  host        = "ipv4"
+  record_type = "NS"
+  answer      = "ns-518.awsdns-00.net"
+}
+
+resource "namedotcom_record" "record_ipv4_3588978" {
+  domain_name = "nycmesh.net"
+  host        = "ipv4"
+  record_type = "NS"
+  answer      = "ns-1709.awsdns-21.co.uk"
+}
+
+resource "namedotcom_record" "record_ipv4_3588980" {
+  domain_name = "nycmesh.net"
+  host        = "ipv4"
+  record_type = "NS"
+  answer      = "ns-432.awsdns-54.com"
+}
+
+resource "namedotcom_record" "record_ipv4_3588982" {
+  domain_name = "nycmesh.net"
+  host        = "ipv4"
+  record_type = "NS"
+  answer      = "ns-1346.awsdns-40.org"
+}
+
+resource "namedotcom_record" "record_donate2_3618629" {
+  domain_name = "nycmesh.net"
+  host        = "donate2"
+  record_type = "A"
+  answer      = "165.227.181.4"
+}
+
+resource "namedotcom_record" "record__3686691" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "TXT"
+  answer      = "google-site-verification=bpTWn9VyMNrKSypwCvf-lWaiuO3IuTay6cqvKVud1po"
+}
+
+resource "namedotcom_record" "record_k1_domainkey_3735562" {
+  domain_name = "nycmesh.net"
+  host        = "k1._domainkey"
+  record_type = "CNAME"
+  answer      = "dkim.mcsv.net"
+}
+
+resource "namedotcom_record" "record__dmarc_3745600" {
+  domain_name = "nycmesh.net"
+  host        = "_dmarc"
+  record_type = "TXT"
+  answer      = "v=DMARC1; p=none"
+}
+
+resource "namedotcom_record" "record_unifi_3862748" {
+  domain_name = "nycmesh.net"
+  host        = "unifi"
+  record_type = "A"
+  answer      = "10.70.90.158"
+}
+
+resource "namedotcom_record" "record_devsupport_4727325" {
+  domain_name = "nycmesh.net"
+  host        = "devsupport"
+  record_type = "A"
+  answer      = "157.245.9.130"
+}
+
+resource "namedotcom_record" "record_mesh_5226462" {
+  domain_name = "nycmesh.net"
+  host        = "mesh"
+  record_type = "NS"
+  answer      = "nycmesh-375p-dns1-authoritative.nycmesh.net"
+}
+
+resource "namedotcom_record" "record_nycmesh-375p-dns1-resolver_5233305" {
+  domain_name = "nycmesh.net"
+  host        = "nycmesh-375p-dns1-resolver"
+  record_type = "A"
+  answer      = "199.167.59.10"
+}
+
+resource "namedotcom_record" "record_nycmesh-375p-dns1-authoritative_5233306" {
+  domain_name = "nycmesh.net"
+  host        = "nycmesh-375p-dns1-authoritative"
+  record_type = "A"
+  answer      = "199.167.59.11"
+}
+
+resource "namedotcom_record" "record_slack_5235473" {
+  domain_name = "nycmesh.net"
+  host        = "slack"
+  record_type = "CNAME"
+  answer      = "nycmesh-slack-redirect.netlify.com"
+}
+
+resource "namedotcom_record" "record_configgen_5386032" {
+  domain_name = "nycmesh.net"
+  host        = "configgen"
+  record_type = "CNAME"
+  answer      = "nycmesh-configgen.netlify.com"
+}
+
+resource "namedotcom_record" "record_monitoring_6041298" {
+  domain_name = "nycmesh.net"
+  host        = "monitoring"
+  record_type = "A"
+  answer      = "147.75.67.41"
+}
+
+resource "namedotcom_record" "record_los_6530453" {
+  domain_name = "nycmesh.net"
+  host        = "los"
+  record_type = "CNAME"
+  answer      = "line-of-sight.netlify.com"
+}
+
+resource "namedotcom_record" "record_api_7081451" {
+  domain_name = "nycmesh.net"
+  host        = "api"
+  record_type = "CNAME"
+  answer      = "nycmesh-api.netlify.com"
+}
+
+resource "namedotcom_record" "record_dashboard_7092840" {
+  domain_name = "nycmesh.net"
+  host        = "dashboard"
+  record_type = "CNAME"
+  answer      = "nycmesh-dashboard.netlify.com"
+}
+
+resource "namedotcom_record" "record_meet_9880531" {
+  domain_name = "nycmesh.net"
+  host        = "meet"
+  record_type = "A"
+  answer      = "199.170.132.33"
+}
+
+resource "namedotcom_record" "record_status-dev_189526708" {
+  domain_name = "nycmesh.net"
+  host        = "status-dev"
+  record_type = "A"
+  answer      = "199.170.132.78"
+}
+
+resource "namedotcom_record" "record__github-challenge-nycmeshnet_194338752" {
+  domain_name = "nycmesh.net"
+  host        = "_github-challenge-nycmeshnet"
+  record_type = "TXT"
+  answer      = "91a37d19f2"
+}
+
+resource "namedotcom_record" "record__206768814" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "TXT"
+  answer      = "google-site-verification=-6nHnrb5t1xNkD9zHiJm9hYTlAP7seIk-WLVaB1OveU"
+}
+
+resource "namedotcom_record" "record_mastodon_219371939" {
+  domain_name = "nycmesh.net"
+  host        = "mastodon"
+  record_type = "A"
+  answer      = "199.170.132.101"
+}
+
+resource "namedotcom_record" "record_social_219371944" {
+  domain_name = "nycmesh.net"
+  host        = "social"
+  record_type = "A"
+  answer      = "199.170.132.101"
+}
+
+resource "namedotcom_record" "record_mastadon_219988024" {
+  domain_name = "nycmesh.net"
+  host        = "mastadon"
+  record_type = "A"
+  answer      = "199.170.132.101"
+}
+
+resource "namedotcom_record" "record_stripeportal_222339638" {
+  domain_name = "nycmesh.net"
+  host        = "stripeportal"
+  record_type = "CNAME"
+  answer      = "nycmesh-stripe-redirect.netlify.app"
+}
+
+resource "namedotcom_record" "record_ninja_226273090" {
+  domain_name = "nycmesh.net"
+  host        = "ninja"
+  record_type = "A"
+  answer      = "165.227.70.230"
+}
+
+resource "namedotcom_record" "record_status_238885567" {
+  domain_name = "nycmesh.net"
+  host        = "status"
+  record_type = "A"
+  answer      = "164.92.117.225"
+}
diff --git a/sld/records.nycmeshconnect.com.tf b/sld/records.nycmeshconnect.com.tf
index e69de29..cf73905 100644
--- a/sld/records.nycmeshconnect.com.tf
+++ b/sld/records.nycmeshconnect.com.tf
@@ -0,0 +1 @@
+# No records exist
diff --git a/sld/records.nycmeshconnect.net.tf b/sld/records.nycmeshconnect.net.tf
index e69de29..cf2683f 100644
--- a/sld/records.nycmeshconnect.net.tf
+++ b/sld/records.nycmeshconnect.net.tf
@@ -0,0 +1,27 @@
+resource "namedotcom_record" "record__240356243" {
+  domain_name = "nycmeshconnect.net"
+  host        = ""
+  record_type = "A"
+  answer      = "185.199.108.153"
+}
+
+resource "namedotcom_record" "record__240356247" {
+  domain_name = "nycmeshconnect.net"
+  host        = ""
+  record_type = "A"
+  answer      = "185.199.109.153"
+}
+
+resource "namedotcom_record" "record__240356249" {
+  domain_name = "nycmeshconnect.net"
+  host        = ""
+  record_type = "A"
+  answer      = "185.199.110.153"
+}
+
+resource "namedotcom_record" "record__240356250" {
+  domain_name = "nycmeshconnect.net"
+  host        = ""
+  record_type = "A"
+  answer      = "185.199.111.153"
+}
diff --git a/sld/records.themesh.foundation.tf b/sld/records.themesh.foundation.tf
index e69de29..bd75c2e 100644
--- a/sld/records.themesh.foundation.tf
+++ b/sld/records.themesh.foundation.tf
@@ -0,0 +1,13 @@
+resource "namedotcom_record" "record__4980549" {
+  domain_name = "themesh.foundation"
+  host        = ""
+  record_type = "A"
+  answer      = "75.126.102.240"
+}
+
+resource "namedotcom_record" "record__4980550" {
+  domain_name = "themesh.foundation"
+  host        = "*"
+  record_type = "A"
+  answer      = "75.126.102.240"
+}
diff --git a/sld/records.themesh.nyc.tf b/sld/records.themesh.nyc.tf
index e69de29..ec527e2 100644
--- a/sld/records.themesh.nyc.tf
+++ b/sld/records.themesh.nyc.tf
@@ -0,0 +1,13 @@
+resource "namedotcom_record" "record__3336260" {
+  domain_name = "themesh.nyc"
+  host        = ""
+  record_type = "A"
+  answer      = "192.241.159.206"
+}
+
+resource "namedotcom_record" "record__3336261" {
+  domain_name = "themesh.nyc"
+  host        = "*"
+  record_type = "A"
+  answer      = "192.241.159.206"
+}

From 7d7a8884abc7367f12785993e346a53271d4977b Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 17:39:39 -0400
Subject: [PATCH 3/8] add test record that actually already exists

---
 sld/records.nycmesh.net.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sld/records.nycmesh.net.tf b/sld/records.nycmesh.net.tf
index 540b55f..1e408a9 100644
--- a/sld/records.nycmesh.net.tf
+++ b/sld/records.nycmesh.net.tf
@@ -326,3 +326,10 @@ resource "namedotcom_record" "record_status_238885567" {
   record_type = "A"
   answer      = "164.92.117.225"
 }
+
+resource "namedotcom_record" "record__123" {
+  answer      = "127.0.0.1"
+  domain_name = "nycmesh.net"
+  host        = "jamestest"
+  record_type = "A"
+}

From f05f24cee40fa11bdc6a9f41d39117a3a8533191 Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 17:41:30 -0400
Subject: [PATCH 4/8] plan test

---
 .github/workflows/sld_terraform.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sld_terraform.yaml b/.github/workflows/sld_terraform.yaml
index 74ef884..38dda28 100644
--- a/.github/workflows/sld_terraform.yaml
+++ b/.github/workflows/sld_terraform.yaml
@@ -55,7 +55,7 @@ jobs:
         run: terraform validate
       
       - name: Terraform plan
-        if: github.event_name == 'pull_request'
+        if: github.ref == 'refs/heads/james/iac' && github.event_name == 'push'
         run: terraform plan -no-color -input=false
 
       - name: Terraform Apply

From 94ca3fc85ad6ea55be27d96522917da4270ff7ae Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 17:43:02 -0400
Subject: [PATCH 5/8] info

---
 .github/workflows/sld_terraform.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/sld_terraform.yaml b/.github/workflows/sld_terraform.yaml
index 38dda28..8a2080d 100644
--- a/.github/workflows/sld_terraform.yaml
+++ b/.github/workflows/sld_terraform.yaml
@@ -18,7 +18,7 @@ defaults:
 
 env:
   # verbosity setting for Terraform logs
-  #TF_LOG: INFO
+  TF_LOG: INFO
   # Credentials for name dot com
   TF_VAR_name_dot_com_user: ${{ secrets.TF_VAR_name_dot_com_user }}
   TF_VAR_name_dot_com_token: ${{ secrets.TF_VAR_name_dot_com_token }}

From e786e757f06a5b6ea006a600766cece05970c7cf Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 17:47:05 -0400
Subject: [PATCH 6/8] lol rate limits

---
 .github/workflows/sld_terraform.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/sld_terraform.yaml b/.github/workflows/sld_terraform.yaml
index 8a2080d..b536cc8 100644
--- a/.github/workflows/sld_terraform.yaml
+++ b/.github/workflows/sld_terraform.yaml
@@ -18,7 +18,7 @@ defaults:
 
 env:
   # verbosity setting for Terraform logs
-  TF_LOG: INFO
+  #TF_LOG: INFO
   # Credentials for name dot com
   TF_VAR_name_dot_com_user: ${{ secrets.TF_VAR_name_dot_com_user }}
   TF_VAR_name_dot_com_token: ${{ secrets.TF_VAR_name_dot_com_token }}
@@ -56,8 +56,8 @@ jobs:
       
       - name: Terraform plan
         if: github.ref == 'refs/heads/james/iac' && github.event_name == 'push'
-        run: terraform plan -no-color -input=false
+        run: terraform plan -no-color -input=false -parallelism=1
 
       - name: Terraform Apply
         if: github.ref == 'refs/heads/master' && github.event_name == 'push'
-        run: terraform apply -auto-approve -input=false
+        run: terraform apply -auto-approve -input=false -parallelism=1

From 460128724714dd8400fe5c185ee4897759ed48da Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 21:47:08 -0400
Subject: [PATCH 7/8] finalize

---
 .github/workflows/sld_terraform.yaml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/sld_terraform.yaml b/.github/workflows/sld_terraform.yaml
index b536cc8..caad83a 100644
--- a/.github/workflows/sld_terraform.yaml
+++ b/.github/workflows/sld_terraform.yaml
@@ -5,7 +5,6 @@ on:
   push:
     branches:
       - master
-      - james/iac
   workflow_dispatch:
     branches:
       - master
@@ -17,8 +16,6 @@ defaults:
     working-directory: sld
 
 env:
-  # verbosity setting for Terraform logs
-  #TF_LOG: INFO
   # Credentials for name dot com
   TF_VAR_name_dot_com_user: ${{ secrets.TF_VAR_name_dot_com_user }}
   TF_VAR_name_dot_com_token: ${{ secrets.TF_VAR_name_dot_com_token }}
@@ -55,7 +52,7 @@ jobs:
         run: terraform validate
       
       - name: Terraform plan
-        if: github.ref == 'refs/heads/james/iac' && github.event_name == 'push'
+        if: github.ref == 'refs/heads/master' && github.event_name == 'push'
         run: terraform plan -no-color -input=false -parallelism=1
 
       - name: Terraform Apply

From 06d1375e4f68a62df3b801c301c3cdda676cdb68 Mon Sep 17 00:00:00 2001
From: james-otten <jamesotten1@gmail.com>
Date: Mon, 2 Sep 2024 23:48:33 -0400
Subject: [PATCH 8/8] Descriptions

---
 sld/records.nycmesh.net.tf        | 163 +++++++++++++++++++-----------
 sld/records.nycmeshconnect.net.tf |   3 +
 sld/records.themesh.foundation.tf |   2 +
 3 files changed, 109 insertions(+), 59 deletions(-)

diff --git a/sld/records.nycmesh.net.tf b/sld/records.nycmesh.net.tf
index 1e408a9..3406be4 100644
--- a/sld/records.nycmesh.net.tf
+++ b/sld/records.nycmesh.net.tf
@@ -1,3 +1,4 @@
+# Main website
 resource "namedotcom_record" "record__983532" {
   domain_name = "nycmesh.net"
   host        = ""
@@ -5,6 +6,7 @@ resource "namedotcom_record" "record__983532" {
   answer      = "104.198.14.52"
 }
 
+# Main website
 resource "namedotcom_record" "record_www_983538" {
   domain_name = "nycmesh.net"
   host        = "www"
@@ -12,6 +14,16 @@ resource "namedotcom_record" "record_www_983538" {
   answer      = "clever-shannon-d43dce.netlify.com"
 }
 
+# Future subdomain for the wiki
+# Offline as of 9/2/24
+resource "namedotcom_record" "record_wiki_1031824" {
+  domain_name = "nycmesh.net"
+  host        = "wiki"
+  record_type = "A"
+  answer      = "104.131.97.63"
+}
+
+# SPF (email)
 resource "namedotcom_record" "record__983545" {
   domain_name = "nycmesh.net"
   host        = ""
@@ -19,6 +31,23 @@ resource "namedotcom_record" "record__983545" {
   answer      = "v=spf1 include:mailgun.org include:servers.mcsv.net ~all"
 }
 
+# DMARC (email)
+resource "namedotcom_record" "record__dmarc_3745600" {
+  domain_name = "nycmesh.net"
+  host        = "_dmarc"
+  record_type = "TXT"
+  answer      = "v=DMARC1; p=none"
+}
+
+# DKIM (email)
+resource "namedotcom_record" "record_k1_domainkey_3735562" {
+  domain_name = "nycmesh.net"
+  host        = "k1._domainkey"
+  record_type = "CNAME"
+  answer      = "dkim.mcsv.net"
+}
+
+# MX record for email
 resource "namedotcom_record" "record__983546" {
   domain_name = "nycmesh.net"
   host        = ""
@@ -26,6 +55,7 @@ resource "namedotcom_record" "record__983546" {
   answer      = "mxa.mailgun.org"
 }
 
+# MX record for email
 resource "namedotcom_record" "record__983547" {
   domain_name = "nycmesh.net"
   host        = ""
@@ -33,13 +63,7 @@ resource "namedotcom_record" "record__983547" {
   answer      = "mxb.mailgun.org"
 }
 
-resource "namedotcom_record" "record_wiki_1031824" {
-  domain_name = "nycmesh.net"
-  host        = "wiki"
-  record_type = "A"
-  answer      = "104.131.97.63"
-}
-
+# Site verification for mailgun. Only modify if you know what you're doing.
 resource "namedotcom_record" "record_pic_domainkey_1171425" {
   domain_name = "nycmesh.net"
   host        = "pic._domainkey"
@@ -47,6 +71,7 @@ resource "namedotcom_record" "record_pic_domainkey_1171425" {
   answer      = "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSJLcgGjVDfFSpXdVnaz0DdvJeRj7yhcuJjXRUV85TeEOCbNgDcVQXrVJeC/J0z8iiwJAl9gDEf8L729r54VJ/y8ml+xxjIp3hDBIm0Pg9TiTVGO9kif9RlW2unIrGKw2CrE7xM7vZcpw2FQt3fJwZtZ8zBOn68sIU9stR9MUG+QIDAQAB"
 }
 
+# Email subdomain
 resource "namedotcom_record" "record_email_1171426" {
   domain_name = "nycmesh.net"
   host        = "email"
@@ -54,13 +79,6 @@ resource "namedotcom_record" "record_email_1171426" {
   answer      = "mailgun.org"
 }
 
-resource "namedotcom_record" "record_donate_1186425" {
-  domain_name = "nycmesh.net"
-  host        = "donate"
-  record_type = "A"
-  answer      = "104.131.97.63"
-}
-
 resource "namedotcom_record" "record_375pearl_1367535" {
   domain_name = "nycmesh.net"
   host        = "375pearl"
@@ -75,6 +93,7 @@ resource "namedotcom_record" "record_375pearl_1367537" {
   answer      = "2001:504:36::c2ab:0:1"
 }
 
+# Offline as of 9/2/24
 resource "namedotcom_record" "record_matrix_1392093" {
   domain_name = "nycmesh.net"
   host        = "matrix"
@@ -82,13 +101,6 @@ resource "namedotcom_record" "record_matrix_1392093" {
   answer      = "104.131.97.63"
 }
 
-resource "namedotcom_record" "record__2193735" {
-  domain_name = "nycmesh.net"
-  host        = ""
-  record_type = "TXT"
-  answer      = "google-site-verification=ZqOjueV-PhiukY-NDTf8CbGOPFwzGqeeIwmDQC-ZdRc"
-}
-
 resource "namedotcom_record" "record__now_3070265" {
   domain_name = "nycmesh.net"
   host        = "_now"
@@ -96,6 +108,7 @@ resource "namedotcom_record" "record__now_3070265" {
   answer      = "f12798020e735de0ae0fac869c386d7e676ac3b828953712b0f28bd718848c14"
 }
 
+# Docs site
 resource "namedotcom_record" "record_docs_3526857" {
   domain_name = "nycmesh.net"
   host        = "docs"
@@ -103,6 +116,7 @@ resource "namedotcom_record" "record_docs_3526857" {
   answer      = "quirky-edison-0960a5.netlify.com"
 }
 
+# OS Ticket (IPv4)
 resource "namedotcom_record" "record_support_3588805" {
   domain_name = "nycmesh.net"
   host        = "support"
@@ -110,6 +124,7 @@ resource "namedotcom_record" "record_support_3588805" {
   answer      = "165.227.70.230"
 }
 
+# OS Ticket (IPv6)
 resource "namedotcom_record" "record_support_3588806" {
   domain_name = "nycmesh.net"
   host        = "support"
@@ -117,6 +132,15 @@ resource "namedotcom_record" "record_support_3588806" {
   answer      = "2604:a880:800:10::9f0:3001"
 }
 
+# Dev OS Ticket
+resource "namedotcom_record" "record_devsupport_4727325" {
+  domain_name = "nycmesh.net"
+  host        = "devsupport"
+  record_type = "A"
+  answer      = "157.245.9.130"
+}
+
+# Grafana at SN1
 resource "namedotcom_record" "record_stats_3588970" {
   domain_name = "nycmesh.net"
   host        = "stats"
@@ -124,6 +148,7 @@ resource "namedotcom_record" "record_stats_3588970" {
   answer      = "199.167.59.7"
 }
 
+# rDNS
 resource "namedotcom_record" "record_ipv4_3588972" {
   domain_name = "nycmesh.net"
   host        = "ipv4"
@@ -131,6 +156,7 @@ resource "namedotcom_record" "record_ipv4_3588972" {
   answer      = "ns-518.awsdns-00.net"
 }
 
+# rDNS
 resource "namedotcom_record" "record_ipv4_3588978" {
   domain_name = "nycmesh.net"
   host        = "ipv4"
@@ -138,6 +164,7 @@ resource "namedotcom_record" "record_ipv4_3588978" {
   answer      = "ns-1709.awsdns-21.co.uk"
 }
 
+# rDNS
 resource "namedotcom_record" "record_ipv4_3588980" {
   domain_name = "nycmesh.net"
   host        = "ipv4"
@@ -145,6 +172,7 @@ resource "namedotcom_record" "record_ipv4_3588980" {
   answer      = "ns-432.awsdns-54.com"
 }
 
+# rDNS
 resource "namedotcom_record" "record_ipv4_3588982" {
   domain_name = "nycmesh.net"
   host        = "ipv4"
@@ -152,32 +180,19 @@ resource "namedotcom_record" "record_ipv4_3588982" {
   answer      = "ns-1346.awsdns-40.org"
 }
 
-resource "namedotcom_record" "record_donate2_3618629" {
+# Offline as of 9/2/24
+resource "namedotcom_record" "record_donate_1186425" {
   domain_name = "nycmesh.net"
-  host        = "donate2"
+  host        = "donate"
   record_type = "A"
-  answer      = "165.227.181.4"
-}
-
-resource "namedotcom_record" "record__3686691" {
-  domain_name = "nycmesh.net"
-  host        = ""
-  record_type = "TXT"
-  answer      = "google-site-verification=bpTWn9VyMNrKSypwCvf-lWaiuO3IuTay6cqvKVud1po"
-}
-
-resource "namedotcom_record" "record_k1_domainkey_3735562" {
-  domain_name = "nycmesh.net"
-  host        = "k1._domainkey"
-  record_type = "CNAME"
-  answer      = "dkim.mcsv.net"
+  answer      = "104.131.97.63"
 }
 
-resource "namedotcom_record" "record__dmarc_3745600" {
+resource "namedotcom_record" "record_donate2_3618629" {
   domain_name = "nycmesh.net"
-  host        = "_dmarc"
-  record_type = "TXT"
-  answer      = "v=DMARC1; p=none"
+  host        = "donate2"
+  record_type = "A"
+  answer      = "165.227.181.4"
 }
 
 resource "namedotcom_record" "record_unifi_3862748" {
@@ -187,13 +202,15 @@ resource "namedotcom_record" "record_unifi_3862748" {
   answer      = "10.70.90.158"
 }
 
-resource "namedotcom_record" "record_devsupport_4727325" {
+# Private recursive resolver at SN1
+resource "namedotcom_record" "record_nycmesh-375p-dns1-resolver_5233305" {
   domain_name = "nycmesh.net"
-  host        = "devsupport"
+  host        = "nycmesh-375p-dns1-resolver"
   record_type = "A"
-  answer      = "157.245.9.130"
+  answer      = "199.167.59.10"
 }
 
+# NS record for the mesh.nycmesh.net zone
 resource "namedotcom_record" "record_mesh_5226462" {
   domain_name = "nycmesh.net"
   host        = "mesh"
@@ -201,13 +218,7 @@ resource "namedotcom_record" "record_mesh_5226462" {
   answer      = "nycmesh-375p-dns1-authoritative.nycmesh.net"
 }
 
-resource "namedotcom_record" "record_nycmesh-375p-dns1-resolver_5233305" {
-  domain_name = "nycmesh.net"
-  host        = "nycmesh-375p-dns1-resolver"
-  record_type = "A"
-  answer      = "199.167.59.10"
-}
-
+# Authoritative DNS server for the mesh.nycmesh.net zone at SN1
 resource "namedotcom_record" "record_nycmesh-375p-dns1-authoritative_5233306" {
   domain_name = "nycmesh.net"
   host        = "nycmesh-375p-dns1-authoritative"
@@ -215,6 +226,7 @@ resource "namedotcom_record" "record_nycmesh-375p-dns1-authoritative_5233306" {
   answer      = "199.167.59.11"
 }
 
+# Slack redirect
 resource "namedotcom_record" "record_slack_5235473" {
   domain_name = "nycmesh.net"
   host        = "slack"
@@ -222,6 +234,7 @@ resource "namedotcom_record" "record_slack_5235473" {
   answer      = "nycmesh-slack-redirect.netlify.com"
 }
 
+# https://configgen.nycmesh.net
 resource "namedotcom_record" "record_configgen_5386032" {
   domain_name = "nycmesh.net"
   host        = "configgen"
@@ -229,6 +242,7 @@ resource "namedotcom_record" "record_configgen_5386032" {
   answer      = "nycmesh-configgen.netlify.com"
 }
 
+# Offline as of 9/2/24
 resource "namedotcom_record" "record_monitoring_6041298" {
   domain_name = "nycmesh.net"
   host        = "monitoring"
@@ -236,6 +250,7 @@ resource "namedotcom_record" "record_monitoring_6041298" {
   answer      = "147.75.67.41"
 }
 
+# Line of Sight tool (DigitalOcean)
 resource "namedotcom_record" "record_los_6530453" {
   domain_name = "nycmesh.net"
   host        = "los"
@@ -243,6 +258,7 @@ resource "namedotcom_record" "record_los_6530453" {
   answer      = "line-of-sight.netlify.com"
 }
 
+# Redirects to https://github.com/meshcenter/mesh-api
 resource "namedotcom_record" "record_api_7081451" {
   domain_name = "nycmesh.net"
   host        = "api"
@@ -250,6 +266,7 @@ resource "namedotcom_record" "record_api_7081451" {
   answer      = "nycmesh-api.netlify.com"
 }
 
+# Dashboard service (DigitalOcean)
 resource "namedotcom_record" "record_dashboard_7092840" {
   domain_name = "nycmesh.net"
   host        = "dashboard"
@@ -257,6 +274,7 @@ resource "namedotcom_record" "record_dashboard_7092840" {
   answer      = "nycmesh-dashboard.netlify.com"
 }
 
+# Offline as of 9/2/24
 resource "namedotcom_record" "record_meet_9880531" {
   domain_name = "nycmesh.net"
   host        = "meet"
@@ -264,13 +282,7 @@ resource "namedotcom_record" "record_meet_9880531" {
   answer      = "199.170.132.33"
 }
 
-resource "namedotcom_record" "record_status-dev_189526708" {
-  domain_name = "nycmesh.net"
-  host        = "status-dev"
-  record_type = "A"
-  answer      = "199.170.132.78"
-}
-
+# Site verification for github. Only modify if you know what you're doing.
 resource "namedotcom_record" "record__github-challenge-nycmeshnet_194338752" {
   domain_name = "nycmesh.net"
   host        = "_github-challenge-nycmeshnet"
@@ -278,6 +290,23 @@ resource "namedotcom_record" "record__github-challenge-nycmeshnet_194338752" {
   answer      = "91a37d19f2"
 }
 
+# Site verification for google. Only modify if you know what you're doing.
+resource "namedotcom_record" "record__2193735" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "TXT"
+  answer      = "google-site-verification=ZqOjueV-PhiukY-NDTf8CbGOPFwzGqeeIwmDQC-ZdRc"
+}
+
+# Site verification for google. Only modify if you know what you're doing.
+resource "namedotcom_record" "record__3686691" {
+  domain_name = "nycmesh.net"
+  host        = ""
+  record_type = "TXT"
+  answer      = "google-site-verification=bpTWn9VyMNrKSypwCvf-lWaiuO3IuTay6cqvKVud1po"
+}
+
+# Site verification for google. Only modify if you know what you're doing.
 resource "namedotcom_record" "record__206768814" {
   domain_name = "nycmesh.net"
   host        = ""
@@ -285,6 +314,7 @@ resource "namedotcom_record" "record__206768814" {
   answer      = "google-site-verification=-6nHnrb5t1xNkD9zHiJm9hYTlAP7seIk-WLVaB1OveU"
 }
 
+# Mastodon
 resource "namedotcom_record" "record_mastodon_219371939" {
   domain_name = "nycmesh.net"
   host        = "mastodon"
@@ -292,6 +322,7 @@ resource "namedotcom_record" "record_mastodon_219371939" {
   answer      = "199.170.132.101"
 }
 
+# Alternate domain for for Mastodon
 resource "namedotcom_record" "record_social_219371944" {
   domain_name = "nycmesh.net"
   host        = "social"
@@ -299,6 +330,7 @@ resource "namedotcom_record" "record_social_219371944" {
   answer      = "199.170.132.101"
 }
 
+# Typo helper for Mastodon
 resource "namedotcom_record" "record_mastadon_219988024" {
   domain_name = "nycmesh.net"
   host        = "mastadon"
@@ -306,6 +338,7 @@ resource "namedotcom_record" "record_mastadon_219988024" {
   answer      = "199.170.132.101"
 }
 
+# Stripe redirect
 resource "namedotcom_record" "record_stripeportal_222339638" {
   domain_name = "nycmesh.net"
   host        = "stripeportal"
@@ -313,6 +346,7 @@ resource "namedotcom_record" "record_stripeportal_222339638" {
   answer      = "nycmesh-stripe-redirect.netlify.app"
 }
 
+# Invoice Ninja
 resource "namedotcom_record" "record_ninja_226273090" {
   domain_name = "nycmesh.net"
   host        = "ninja"
@@ -320,6 +354,16 @@ resource "namedotcom_record" "record_ninja_226273090" {
   answer      = "165.227.70.230"
 }
 
+# Dev environment for the status page?
+# Offline as of 9/2/24
+resource "namedotcom_record" "record_status-dev_189526708" {
+  domain_name = "nycmesh.net"
+  host        = "status-dev"
+  record_type = "A"
+  answer      = "199.170.132.78"
+}
+
+# Status page
 resource "namedotcom_record" "record_status_238885567" {
   domain_name = "nycmesh.net"
   host        = "status"
@@ -327,6 +371,7 @@ resource "namedotcom_record" "record_status_238885567" {
   answer      = "164.92.117.225"
 }
 
+# Test record, feel free to remove
 resource "namedotcom_record" "record__123" {
   answer      = "127.0.0.1"
   domain_name = "nycmesh.net"
diff --git a/sld/records.nycmeshconnect.net.tf b/sld/records.nycmeshconnect.net.tf
index cf2683f..5dc1a6c 100644
--- a/sld/records.nycmeshconnect.net.tf
+++ b/sld/records.nycmeshconnect.net.tf
@@ -1,3 +1,6 @@
+# Pointed to github pages
+# https://github.com/nycmeshnet/connect/blob/main/CNAME
+
 resource "namedotcom_record" "record__240356243" {
   domain_name = "nycmeshconnect.net"
   host        = ""
diff --git a/sld/records.themesh.foundation.tf b/sld/records.themesh.foundation.tf
index bd75c2e..897fcd9 100644
--- a/sld/records.themesh.foundation.tf
+++ b/sld/records.themesh.foundation.tf
@@ -1,3 +1,5 @@
+# Parked with sedo.com
+
 resource "namedotcom_record" "record__4980549" {
   domain_name = "themesh.foundation"
   host        = ""