It's hard to say unequivocally here ... There are a lot of questions to be considered. Starting from who will manage the infrastructure, how all these branch offices will interact with each other, where is the Internet, etc.
You can make at least one domain, or you can make two and trust between them ... You can put branches on thin clients, or maybe not, maybe they need a DC in place ...
In general, no one here will answer for sure, like do it this way ! It is probably best to call some integrator who will understand the needs of the business and offer the best option.

One domain, two sites, two domain controllers in each center.
A separate domain for external users is not required.
Between VPN branches.
All documents in DFS.
It is better to virtualize the entire infrastructure and maintain replicas in centers.
It's minimum. You really need more data (Which applications will you use Exchange, SharePoint or something else).

>>Task: to build a fault-tolerant domain structure in such a way that the centers could provide the work of the organization on their own.
That is, in the event of a fall vpn branches should continue to work? What is the infrastructure there?
Do head offices have a network partition on Internal \ dmz ? Is there an IB in the organization? What does she think \ what are the requirements for the directory service?