diff --git a/Makefile b/Makefile
index 0769992..849c60d 100644
--- a/Makefile
+++ b/Makefile
@@ -11,29 +11,29 @@ endif
 PLUGIN_DIR = ~/.terraform.d/plugins
 
 PROVIDER_NAME = terraform-provider-ansible
-PROVIDER_VERSION = v0.0.4
+PROVIDER_VERSION = v1.0.3
 PROVIDER_ARCHIVE = $(PROVIDER_NAME)-$(ARCH).zip
 PROVIDER_URL = https://github.com/nbering/terraform-provider-ansible/releases/download/$(PROVIDER_VERSION)/$(PROVIDER_ARCHIVE)
 
 PROVISIONER_NAME = terraform-provisioner-ansible
-PROVISIONER_VERSION = v2.0.0
+PROVISIONER_VERSION = v2.3.0
 PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(subst _,-,$(ARCH))_$(PROVISIONER_VERSION)
 PROVISIONER_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
 
-all: requirements install-provider install-provisioner secrets
-	echo "Success!"
+all: requirements install-provider install-provisioner secrets init-terraform
+	@echo "Success!"
 
 plugins: install-provider install-provisioner
 
 requirements:
 	ansible-galaxy install --ignore-errors --force -r ansible/requirements.yml
 
-install-unzip:
-	ifeq (, $(shell which unzip)) \
- 		$(error "No unzip in PATH, consider doing apt install unzip") \
- 	endif
+check-unzip:
+ifeq (, $(shell which unzip))
+	$(error "No unzip in PATH, consider doing apt install unzip")
+endif
 
-install-provider:
+install-provider: check-unzip
 	if [ ! -e $(PLUGIN_DIR)/$(ARCH)/$(PROVIDER_NAME)_$(PROVIDER_VERSION) ]; then \
 		mkdir -p $(PLUGIN_DIR); \
 		wget $(PROVIDER_URL) -P $(PLUGIN_DIR); \
@@ -47,13 +47,16 @@ install-provisioner:
 		chmod +x $(PLUGIN_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION); \
 	fi
 
+init-terraform:
+	terraform init -upgrade=true
+
 secrets:
 	pass services/consul/ca-crt > ansible/files/consul-ca.crt
 	pass services/consul/ca-key > ansible/files/consul-ca.key
 	pass services/consul/client-crt > ansible/files/consul-client.crt
 	pass services/consul/client-key > ansible/files/consul-client.key
-	pass cloud/GoogleCloud/json > google-cloud.json
-	echo "\
+	echo "Saving secrets to: terraform.tfvars"
+	@echo "\
 # secrets extracted from password-store\n\
 digitalocean_token  = \"$(shell pass cloud/DigitalOcean/token)\"\n\
 cloudflare_token    = \"$(shell pass cloud/Cloudflare/token)\"\n\
diff --git a/main.tf b/main.tf
index 9a8ed1b..2d4dfef 100644
--- a/main.tf
+++ b/main.tf
@@ -1,32 +1,37 @@
-/* DERIVED --------------------------------------*/
+/* PROVIDERS ------------------------------------*/
+
 provider "digitalocean" {
-  token   = "${var.digitalocean_token}"
-  version = "<= 0.1.3"
+  token = var.digitalocean_token
 }
+
 provider "cloudflare" {
-  email  = "${var.cloudflare_email}"
-  token  = "${var.cloudflare_token}"
-  org_id = "${var.cloudflare_org_id}"
+  email  = var.cloudflare_email
+  token  = var.cloudflare_token
+  org_id = var.cloudflare_org_id
 }
+
 provider "google" {
-  credentials = "${file("google-cloud.json")}"
+  credentials = file("google-cloud.json")
   project     = "russia-servers"
   region      = "us-central1"
 }
+
 provider "alicloud" {
-  access_key = "${var.alicloud_access_key}"
-  secret_key = "${var.alicloud_secret_key}"
-  region     = "${var.alicloud_region}"
+  access_key = var.alicloud_access_key
+  secret_key = var.alicloud_secret_key
+  region     = var.alicloud_region
 }
 
 /* DATA -----------------------------------------*/
 
 terraform {
   backend "consul" {
-    address   = "https://consul.statusim.net:8400"
-    lock      = true
+    address = "https://consul.statusim.net:8400"
+    lock    = true
+
     /* KV store has a limit of 512KB */
-    gzip      = true
+    gzip = true
+
     /* WARNING This needs to be changed for every repo. */
     path      = "terraform/nimbus/"
     ca_file   = "ansible/files/consul-ca.crt"
@@ -38,49 +43,56 @@ terraform {
 /* RESOURCES ------------------------------------*/
 
 module "nimbus-master" {
-  source = "github.com/status-im/infra-tf-digital-ocean"
-  name   = "master"
-  env    = "nimbus"
-  group  = "nimbus-master"
-  size   = "s-4vcpu-8gb"
-  count  = 1
-  domain = "${var.domain}"
+  source     = "github.com/status-im/infra-tf-digital-ocean"
+
+  name       = "master"
+  env        = "nimbus"
+  group      = "nimbus-master"
+  size       = "s-4vcpu-8gb"
+  host_count = 1
+  domain     = var.domain
   open_ports = [
-    "80",        /* HTTP */
-    "443",       /* HTTPS */
+    "80", /* HTTP */
+    "443", /* HTTPS */
     "9000-9010", /* Nimbus ports */
     "9100-9110", /* Nimbus ports */
   ]
 }
 
-resource "cloudflare_record" "nimbus-test-stats" {
-  domain  = "${var.public_domain}"
-  name    = "nimbus-test-stats"
-  type    = "A"
-  proxied = true
-  value   = "${module.nimbus-master.public_ips[0]}"
-}
-
-resource "cloudflare_record" "serenity-testnets" {
-  domain  = "${var.public_domain}"
-  name    = "serenity-testnets"
-  type    = "A"
-  proxied = true
-  value   = "${module.nimbus-master.public_ips[0]}"
-}
-
 module "nimbus-nodes" {
-  source = "github.com/status-im/infra-tf-digital-ocean"
-  name   = "node"
-  env    = "nimbus"
-  group  = "nimbus-slaves"
-  size   = "s-4vcpu-8gb"
-  domain = "${var.domain}"
-  count  = "${var.hosts_count}"
+  source     = "github.com/status-im/infra-tf-digital-ocean"
+
+  name       = "node"
+  env        = "nimbus"
+  group      = "nimbus-slaves"
+  size       = "s-4vcpu-8gb"
+  domain     = var.domain
+  host_count = var.hosts_count
   open_ports = [
-    "80",        /* HTTP */
-    "443",       /* HTTPS */
+    "80", /* HTTP */
+    "443", /* HTTPS */
     "9000-9010", /* beacon node */
     "9100-9110", /* beacon node */
   ]
 }
+
+/* DNS ------------------------------------------*/
+
+resource "cloudflare_record" "nimbus-test-stats" {
+  domain  = var.public_domain
+  name    = "nimbus-test-stats"
+  type    = "A"
+  proxied = true
+  value   = module.nimbus-master.public_ips[count.index]
+  count   = length(module.nimbus-master.public_ips)
+}
+
+resource "cloudflare_record" "serenity-testnets" {
+  domain  = var.public_domain
+  name    = "serenity-testnets"
+  type    = "A"
+  proxied = true
+  value   = module.nimbus-master.public_ips[count.index]
+  count   = length(module.nimbus-master.public_ips)
+}
+
diff --git a/variables.tf b/variables.tf
index e226bcf..1058c0a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,49 +1,49 @@
 /* REQUIRED -------------------------------------*/
 
-variable cloudflare_token {
+variable "cloudflare_token" {
   description = "Token for interacting with Cloudflare API."
 }
 
-variable digitalocean_token {
+variable "digitalocean_token" {
   description = "Token for interacting with DigitalOcean API."
 }
 
-variable cloudflare_email {
+variable "cloudflare_email" {
   description = "Email address of Cloudflare account."
 }
 
-variable cloudflare_org_id {
+variable "cloudflare_org_id" {
   description = "ID of the CloudFlare organization."
 }
 
-variable alicloud_access_key {
+variable "alicloud_access_key" {
   description = "Alibaba Cloud API access key."
 }
 
-variable alicloud_secret_key {
+variable "alicloud_secret_key" {
   description = "Alibaba Cloud API secret key."
 }
 
-variable alicloud_region {
+variable "alicloud_region" {
   description = "Alibaba Cloud hosting region."
   default     = "cn-hongkong"
 }
 
 /* GENERAL --------------------------------------*/
 
-variable public_domain {
+variable "public_domain" {
   description = "Domain under which the public sites go."
   default     = "status.im"
 }
 
-variable domain {
+variable "domain" {
   description = "DNS Domain to update"
   default     = "statusim.net"
 }
 
 /* RESOURCES ------------------------------------*/
 
-variable hosts_count {
+variable "hosts_count" {
   description = "Count of hosts in nimbus cluster"
   default     = 9
 }
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}