blackroad-os/blackroad-operating-system
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/BlackRoad-Operating-System.git synced 2026-03-17 07:57:19 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
02dfab68464cde6787e37ad99a13b138f0150a73
blackroad-operating-system/CLOUDFLARE_DNS_BLUEPRINT.md
Claude 0529a05942 Add comprehensive BlackRoad ecosystem implementation plans 
This commit adds detailed implementation plans mapping all 23 BlackRoad
repositories to the 7-layer architecture defined in MASTER_ORCHESTRATION_PLAN.md.

New Documentation:
- ORG_STRUCTURE.md: Complete repo architecture & responsibility map
- IMPLEMENTATION.md: Detailed plan for BlackRoad-Operating-System monolith
- CLOUDFLARE_DNS_BLUEPRINT.md: DNS configuration with repo ownership map

Implementation Plans (in implementation-plans/):
- IMPLEMENTATION_blackroad-api.md: Standalone API gateway (Phase 2)
- IMPLEMENTATION_blackroad-operator.md: Agent orchestration & workflows (Phase 2)
- IMPLEMENTATION_blackroad-prism-console.md: Admin dashboard (Phase 2)
- IMPLEMENTATION_blackroad-io.md: Corporate marketing site (Phase 1)
- IMPLEMENTATION_lucidia.md: Multi-model AI orchestration (Phase 1-2)
- IMPLEMENTATION_blackroad.md: Investigation template for unknown repo

Key Decisions:
- Monolith strategy for Phase 1 (months 0-12)
- Strategic split to microservices in Phase 2 (months 12-18)
- 4 core active repos in Phase 1, expand to 10+ in Phase 2-3
- Cloudflare DNS for all domains with clear repo ownership

Each implementation plan includes:
- Purpose & final role in architecture
- Required GitHub Actions workflows
- Secrets & environment variables
- Cloudflare DNS configuration
- Migration notes from monolith
- Phase-specific milestones
- Success criteria

Ready for Phase 1 execution starting with Week 1 infrastructure tasks.
2025-11-18 02:29:57 +00:00

514 lines
16 KiB
Markdown
Raw Blame History

# ☁️ CLOUDFLARE DNS BLUEPRINT
## Multi-Domain DNS Configuration & Repo Responsibility Map
**Version**: 1.0
**Date**: 2025-11-18
**Source**: Extracted from MASTER_ORCHESTRATION_PLAN.md + ORG_STRUCTURE.md
---
## EXECUTIVE SUMMARY
This document maps **10+ BlackRoad domains** to:
- Cloudflare DNS records
- Repository ownership
- Deployment targets
- SSL configuration
**DNS Strategy**: Cloudflare nameservers (migrated from GoDaddy) for all domains
**SSL Strategy**: Full (strict) with automatic SSL via Cloudflare + Railway/Vercel
---
## PART 1: DOMAIN INVENTORY
### Primary Domains (Phase 1)
| Domain | Purpose | Owner Repo | Status | Phase |
|--------|---------|------------|--------|-------|
| **blackroad.systems** | Corporate site | blackroad.io | 🎯 Primary | 1 |
| **blackroad.ai** | Alias to OS | BlackRoad-Operating-System | Active | 1 |
| **blackroad.network** | Developer docs | BlackRoad-Operating-System | Planned | 1 |
| **blackroad.me** | Personal identity | BlackRoad-Operating-System | Planned | 1 |
### Secondary Domains (Phase 2)
| Domain | Purpose | Owner Repo | Status | Phase |
|--------|---------|------------|--------|-------|
| **aliceqi.com** | ALICE QI engine | lucidia / quantum-math-lab | Research | 2 |
| **blackroadqi.com** | Financial intelligence | blackroad-api (QI module) | Planned | 2 |
| **lucidia.earth** | Narrative experiences | lucidia | Development | 2 |
| **blackroadquantum.com** | Research hub | quantum-math-lab | Research | 2 |
### Tertiary Domains (Phase 3)
| Domain | Purpose | Owner Repo | Status | Phase |
|--------|---------|------------|--------|-------|
| **roadwallet.com** | Wallet service | BlackRoad-Operating-System | Alias | 3 |
| **aliceos.io** | Legacy alias | BlackRoad-Operating-System | Legacy | 3 |
| **blackroadquantum.net** | Quantum APIs | quantum-math-lab | Planned | 3 |
| **blackroadquantum.info** | Education hub | quantum-math-lab | Planned | 3 |
| **blackroadquantum.store** | Merch/courses | TBD (e-commerce repo) | Planned | 3 |
| **lucidia.studio** | Creative production | lucidia | Planned | 3 |
| **blackroad.store** | Community commerce | TBD (e-commerce repo) | Planned | 3 |
---
## PART 2: DNS RECORDS BY DOMAIN
### blackroad.systems (Primary Corporate Site)
**Zone ID**: `[Get from Cloudflare dashboard]`
**Registrar**: GoDaddy → **Migrate nameservers to Cloudflare**
**Owner Repo**: `blackboxprogramming/blackroad.io`
#### DNS Records
| Type | Name | Target | Proxy | TTL | Purpose | Responsible Repo |
|------|------|--------|-------|-----|---------|------------------|
| CNAME | @ | `cname.vercel-dns.com` | ✅ | Auto | Corporate site | blackroad.io |
| CNAME | www | `blackroad.systems` | ✅ | Auto | www redirect | blackroad.io |
| CNAME | os | `blackroad-os-production.up.railway.app` | ✅ | Auto | OS interface | BlackRoad-Operating-System |
| CNAME | api | `blackroad-api-production.up.railway.app` | ✅ | Auto | API gateway | blackroad-api (Phase 2) |
| CNAME | prism | `blackroad-prism-console.vercel.app` | ✅ | Auto | Prism Console | blackroad-prism-console |
| CNAME | operator | `blackroad-operator.up.railway.app` | ❌ | Auto | Operator (internal) | blackroad-operator |
| CNAME | lucidia | `lucidia-api.up.railway.app` | ✅ | Auto | Lucidia API | lucidia |
| CNAME | docs | `blackboxprogramming.github.io` | ✅ | Auto | Developer docs | BlackRoad-Operating-System |
| TXT | @ | `v=spf1 include:_spf.google.com ~all` | - | Auto | Email SPF | - |
| MX | @ | `1 aspmx.l.google.com` | - | Auto | Email MX | - |
**Cloudflare Settings**:
- SSL/TLS: **Full (strict)**
- Always Use HTTPS: **Enabled**
- Auto Minify: JavaScript, CSS, HTML
- Brotli: **Enabled**
- Cache Level: Standard
---
### blackroad.ai (OS Alias)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/BlackRoad-Operating-System`
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `os.blackroad.systems` | ✅ | Alias to OS | BlackRoad-Operating-System |
| CNAME | www | `blackroad.ai` | ✅ | www redirect | BlackRoad-Operating-System |
**Page Rule**:
```
blackroad.ai/*
→ Forwarding URL (301 - Permanent Redirect)
→ https://os.blackroad.systems/$1
```
---
### blackroad.network (Developer Portal)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/BlackRoad-Operating-System` (docs/ directory)
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `blackboxprogramming.github.io` | ✅ | Developer docs | BlackRoad-Operating-System/docs/ |
| CNAME | www | `blackroad.network` | ✅ | www redirect | BlackRoad-Operating-System/docs/ |
| CNAME | api | `blackroad-api-production.up.railway.app` | ✅ | API for developers | blackroad-api |
**GitHub Pages Setup** (in BlackRoad-Operating-System repo):
1. Enable GitHub Pages from `docs/` directory
2. Add custom domain: `blackroad.network`
3. Enforce HTTPS
4. Cloudflare DNS points to GitHub Pages
---
### blackroad.me (Personal Identity)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/BlackRoad-Operating-System`
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `os.blackroad.systems` | ✅ | Identity portal | BlackRoad-Operating-System |
| CNAME | www | `blackroad.me` | ✅ | www redirect | BlackRoad-Operating-System |
**Host-Based Routing** (in BlackRoad-Operating-System):
```python
# backend/app/middleware/domain_routing.py
from fastapi import Request
async def domain_middleware(request: Request, call_next):
host = request.headers.get("host")
if host == "blackroad.me":
# Serve identity portal theme
request.state.theme = "identity"
response = await call_next(request)
return response
```
---
### lucidia.earth (Narrative Site)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/lucidia`
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `lucidia-narrative.vercel.app` | ✅ | Narrative site | lucidia |
| CNAME | www | `lucidia.earth` | ✅ | www redirect | lucidia |
| CNAME | api | `lucidia-api.up.railway.app` | ✅ | Lucidia API | lucidia |
**Phase 2 Launch** (Month 12+)
---
### aliceqi.com (ALICE QI Research)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/quantum-math-lab` or `lucidia-lab`
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `aliceqi-research.vercel.app` | ✅ | Research site | quantum-math-lab |
| CNAME | www | `aliceqi.com` | ✅ | www redirect | quantum-math-lab |
**Phase 2 Launch** (Month 12+)
---
### roadwallet.com (Wallet Alias)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/BlackRoad-Operating-System`
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `os.blackroad.systems` | ✅ | Alias to OS wallet | BlackRoad-Operating-System |
| CNAME | www | `roadwallet.com` | ✅ | www redirect | BlackRoad-Operating-System |
**Page Rule**: Redirect to `os.blackroad.systems#wallet` (deep link to Wallet app)
---
### aliceos.io (Legacy Alias)
**Registrar**: GoDaddy
**Owner Repo**: `blackboxprogramming/BlackRoad-Operating-System`
#### DNS Records
| Type | Name | Target | Proxy | Purpose | Responsible Repo |
|------|------|--------|-------|---------|------------------|
| CNAME | @ | `os.blackroad.systems` | ✅ | Legacy alias | BlackRoad-Operating-System |
| CNAME | www | `aliceos.io` | ✅ | www redirect | BlackRoad-Operating-System |
**Note**: Consider deprecating or redirecting to blackroad.systems in Phase 2
---
## PART 3: REPO RESPONSIBILITY MAP
### Canonical Ownership Table
| Subdomain / Domain | Repo | Service Type | Deployment Target | Phase |
|--------------------|------|--------------|-------------------|-------|
| **blackroad.systems** | blackroad.io | Static site (Astro) | Vercel | 1 |
| **os.blackroad.systems** | BlackRoad-Operating-System | FastAPI + static UI | Railway | 1 |
| **api.blackroad.systems** | blackroad-api | FastAPI API | Railway | 2 |
| **prism.blackroad.systems** | blackroad-prism-console | React SPA | Vercel | 2 |
| **operator.blackroad.systems** | blackroad-operator | Worker service | Railway | 2 |
| **lucidia.blackroad.systems** | lucidia | FastAPI AI service | Railway | 1/2 |
| **docs.blackroad.systems** | BlackRoad-Operating-System | GitHub Pages (docs/) | GitHub Pages | 1 |
| **blackroad.network** | BlackRoad-Operating-System | GitHub Pages (docs/) | GitHub Pages | 1 |
| **blackroad.me** | BlackRoad-Operating-System | Identity portal | Railway | 1 |
| **lucidia.earth** | lucidia | Narrative site | Vercel | 2 |
| **aliceqi.com** | quantum-math-lab | Research site | Vercel | 2 |
---
## PART 4: CLOUDFLARE MIGRATION CHECKLIST
### Per-Domain Migration (Repeat for all domains)
#### Step 1: Add Domain to Cloudflare
- [ ] Log in to Cloudflare dashboard
- [ ] Click "Add a site"
- [ ] Enter domain (e.g., `blackroad.systems`)
- [ ] Choose Free plan
- [ ] Cloudflare scans existing DNS records from GoDaddy
- [ ] Review imported records, add missing ones
#### Step 2: Update Nameservers
- [ ] Cloudflare provides 2 nameservers (e.g., `aaaa.ns.cloudflare.com`, `bbbb.ns.cloudflare.com`)
- [ ] Log in to GoDaddy
- [ ] Go to domain → Manage DNS → Nameservers
- [ ] Switch from GoDaddy to Custom
- [ ] Enter Cloudflare nameservers
- [ ] Save (propagation: 5-60 minutes)
#### Step 3: Verify Active
- [ ] Wait for Cloudflare to detect nameserver change
- [ ] Cloudflare dashboard should say "Active" (not "Pending")
- [ ] Test DNS resolution: `dig blackroad.systems` (should show Cloudflare IPs)
#### Step 4: Configure SSL
- [ ] Cloudflare → SSL/TLS → Set to "Full (strict)"
- [ ] SSL/TLS → Edge Certificates → Enable "Always Use HTTPS"
- [ ] SSL/TLS → Edge Certificates → Enable "Automatic HTTPS Rewrites"
#### Step 5: Configure Performance
- [ ] Speed → Optimization → Enable Auto Minify (JS, CSS, HTML)
- [ ] Speed → Optimization → Enable Brotli
- [ ] Caching → Configuration → Cache Level: Standard
#### Step 6: Test
- [ ] Visit `https://yourdomain.com` → Should load with 🔒
- [ ] Visit `http://yourdomain.com` → Should redirect to HTTPS
- [ ] Test API: `curl https://os.blackroad.systems/health`
### Domains to Migrate (Priority Order)
**Week 1**:
1. [ ] blackroad.systems (corporate site - highest priority)
2. [ ] blackroad.ai (OS alias)
3. [ ] blackroad.me (identity)
**Week 2**:
4. [ ] blackroad.network (developer docs)
5. [ ] roadwallet.com (wallet alias)
**Phase 2** (Month 12+):
6. [ ] lucidia.earth
7. [ ] aliceqi.com
8. [ ] blackroadqi.com
9. [ ] blackroadquantum.com
---
## PART 5: AUTOMATION SCRIPTS
### DNS Sync Script (Planned)
**File**: `scripts/cloudflare/sync_dns.py`
```python
#!/usr/bin/env python3
"""
Sync DNS records from config to Cloudflare
Usage: python scripts/cloudflare/sync_dns.py --domain blackroad.systems
"""
import os
import yaml
import requests
from typing import Dict, List
CF_API_TOKEN = os.getenv("CF_API_TOKEN")
CF_ZONE_ID = os.getenv("CF_ZONE_ID")
def load_config(domain: str) -> Dict:
"""Load DNS config from ops/domains/{domain}.yaml"""
with open(f"ops/domains/{domain}.yaml") as f:
return yaml.safe_load(f)
def get_existing_records(zone_id: str) -> List[Dict]:
"""Fetch existing DNS records from Cloudflare"""
url = f"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records"
headers = {"Authorization": f"Bearer {CF_API_TOKEN}"}
response = requests.get(url, headers=headers)
return response.json()["result"]
def create_dns_record(zone_id: str, record: Dict):
"""Create DNS record in Cloudflare"""
url = f"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records"
headers = {
"Authorization": f"Bearer {CF_API_TOKEN}",
"Content-Type": "application/json"
}
response = requests.post(url, headers=headers, json=record)
return response.json()
def update_dns_record(zone_id: str, record_id: str, record: Dict):
"""Update existing DNS record"""
url = f"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records/{record_id}"
headers = {
"Authorization": f"Bearer {CF_API_TOKEN}",
"Content-Type": "application/json"
}
response = requests.put(url, headers=headers, json=record)
return response.json()
def sync_domain(domain: str):
"""Sync DNS records for a domain"""
print(f"Syncing DNS for {domain}...")
config = load_config(domain)
existing = get_existing_records(CF_ZONE_ID)
for record in config["dns_records"]:
# Check if record exists
existing_record = next((r for r in existing if r["name"] == record["name"] and r["type"] == record["type"]), None)
if existing_record:
print(f" Updating {record['type']} {record['name']}")
update_dns_record(CF_ZONE_ID, existing_record["id"], record)
else:
print(f" Creating {record['type']} {record['name']}")
create_dns_record(CF_ZONE_ID, record)
print(f"✅ Sync complete for {domain}")
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("--domain", required=True)
args = parser.parse_args()
sync_domain(args.domain)
```
**Config File Example** (`ops/domains/blackroad.systems.yaml`):
```yaml
domain: blackroad.systems
zone_id: your-zone-id
dns_records:
- type: CNAME
name: "@"
content: cname.vercel-dns.com
proxied: true
ttl: 1 # Auto
- type: CNAME
name: www
content: blackroad.systems
proxied: true
ttl: 1
- type: CNAME
name: os
content: blackroad-os-production.up.railway.app
proxied: true
ttl: 1
# ... more records
```
**Usage**:
```bash
export CF_API_TOKEN="your-token"
export CF_ZONE_ID="your-zone-id"
python scripts/cloudflare/sync_dns.py --domain blackroad.systems
```
---
## PART 6: MONITORING & HEALTH CHECKS
### Domain Health Check Workflow
**File**: `.github/workflows/domain-health.yml`
```yaml
name: Domain Health
on:
schedule:
- cron: '0 */6 * * *' # Every 6 hours
workflow_dispatch:
jobs:
health:
runs-on: ubuntu-latest
strategy:
matrix:
domain:
- https://blackroad.systems
- https://os.blackroad.systems
- https://api.blackroad.systems
- https://prism.blackroad.systems
- https://blackroad.network
steps:
- name: Check ${{ matrix.domain }}
run: |
STATUS=$(curl -s -o /dev/null -w "%{http_code}" ${{ matrix.domain }}/health || echo "000")
if [ "$STATUS" != "200" ]; then
echo "❌ ${{ matrix.domain }} is down (status: $STATUS)"
exit 1
else
echo "✅ ${{ matrix.domain }} is up"
fi
- name: Check SSL
run: |
echo | openssl s_client -servername $(echo ${{ matrix.domain }} | sed 's/https:\/\///') -connect $(echo ${{ matrix.domain }} | sed 's/https:\/\///'):443 2>/dev/null | openssl x509 -noout -dates
```
---
## PART 7: COST SUMMARY
### Cloudflare Costs
**Free Tier** (all Phase 1 domains):
- Unlimited DNS queries
- SSL certificates (automatic)
- DDoS protection (unmetered)
- CDN caching (100 GB/month)
- 3 Page Rules per domain
**Pro Tier** ($20/mo per domain, if needed):
- More Page Rules
- Image optimization
- Mobile redirect
- Polish (WebP/AVIF)
**Recommendation**: Stay on Free tier for Phase 1
### GoDaddy Costs
**Domain Registration** (annual):
- .systems: ~$15/year
- .com: ~$12/year
- .ai: ~$90/year (premium TLD)
- .earth: ~$20/year
- .me: ~$20/year
- .io: ~$40/year
**Total Annual**: ~$200-300/year for all domains
**DNS Hosting**: $0 (migrated to Cloudflare)
---
## CONCLUSION
**Current State**: Domains registered with GoDaddy, DNS managed by GoDaddy
**Target State**: Domains registered with GoDaddy, DNS managed by Cloudflare
**Migration Effort**: 1-2 days for Phase 1 domains
**Next Action**: Start with `blackroad.systems` migration (see NEXT_ACTIONS_ALEXA.md, Item #1)
---
**Last Updated**: 2025-11-18
**Next Review**: After Phase 1 DNS migration complete (Week 2)
Reference in New Issue View Git Blame Copy Permalink