resource "digitalocean_domain" "default" {
  name = "distrust.co"
}

# Handle record for www redirect
resource "digitalocean_record" "www" {
  domain = "distrust.co"
  type   = "CNAME"
  name   = "www"
  value  = digitalocean_cdn.distrust_co.origin
}

# Handle record for distrust.co
resource "digitalocean_record" "distrust_co" {
  domain = "distrust.co"
  type   = "CNAME"
  name   = "@"
  value  = digitalocean_cdn.distrust_co.origin
}

resource "tls_private_key" "private_key" {
  algorithm = "RSA"
}

resource "acme_registration" "reg" {
  account_key_pem = tls_private_key.private_key.private_key_pem
  email_address   = "team@distrust.co"
}

resource "acme_certificate" "certificate" {
  account_key_pem           = acme_registration.reg.account_key_pem
  common_name               = "www.distrust.co"
  subject_alternative_names = []

  dns_challenge {
    provider = "digitalociean"
  }
}