DigitalOcean Infrastructure

Status: Production Ready | Dependencies: doctl CLI, SSH key pair

Navigation

• Operations, troubleshooting, config, and cost snapshot:

  references/OPERATIONS.md

Step 0: Gather Required Information (MANDATORY)

STOP. Before ANY deployment commands, collect ALL parameters from the user.

Copy this checklist and confirm each item:

Required Parameters:
- [ ] SERVER_NAME      - Unique name for this server
- [ ] DO_REGION        - Region (nyc1, sfo3, lon1, fra1, sgp1, etc.)
- [ ] DO_SIZE          - Droplet size (see profiles below)
- [ ] SSH_KEY_NAME     - Name of SSH key in DigitalOcean
- [ ] SSH_KEY_PATH     - Path to local SSH private key (default: ~/.ssh/id_rsa)

Deployment Purpose (determines recommended profile):
- [ ] Purpose: coolify / kasm / both / custom
      coolify → s-2vcpu-4gb ($24/mo)
      kasm    → s-4vcpu-8gb ($48/mo)
      both    → s-8vcpu-16gb ($96/mo)
      custom  → Ask for specific size

Recommended profiles by purpose:

DO NOT proceed to Prerequisites until ALL parameters are confirmed.

Prerequisites

Before using this skill, verify the following:

1. DigitalOcean CLI Installed

doctl version

If missing, install with:

# macOS
brew install doctl

# Linux (snap)
sudo snap install doctl

# Linux (download binary)
cd ~
wget https://github.com/digitalocean/doctl/releases/download/v1.104.0/doctl-1.104.0-linux-amd64.tar.gz
tar xf doctl-1.104.0-linux-amd64.tar.gz
sudo mv doctl /usr/local/bin

# Windows (scoop)
scoop install doctl

2. DigitalOcean Account & API Token

If you don't have a DigitalOcean account:

Sign up at: https://m.do.co/c/YOUR_REFERRAL_CODE

Disclosure: This is a referral link. You'll receive $200 in credit for 60 days, and the skill author receives account credit. Using this link helps support the development of these skills.

Get API token: https://cloud.digitalocean.com/account/api/tokens

Create a token with Read & Write scope.

3. doctl CLI Configured

doctl account get

If it shows an error, authenticate with:

doctl auth init
# Paste your API token when prompted

Or set via environment variable:

export DIGITALOCEAN_ACCESS_TOKEN="your_token_here"
doctl account get

4. SSH Key Pair

ls ~/.ssh/id_rsa.pub

If missing, generate with:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""

5. SSH Key Uploaded to DigitalOcean

doctl compute ssh-key list

If empty, upload with:

doctl compute ssh-key import my-key --public-key-file ~/.ssh/id_rsa.pub

6. Test Authentication

doctl compute region list

If this fails: Token may be invalid or expired. Create a new one.

Server Profiles

Coolify/Kasm Deployments

coolify

kasm

both

Premium CPU (Higher Performance)

premium-small

premium-medium

premium-large

Deployment Steps

Step 1: Set Environment Variables

export DO_REGION="nyc1"                    # See regions below
export DO_SIZE="s-2vcpu-4gb"               # See profiles above
export DO_IMAGE="ubuntu-22-04-x64"
export SERVER_NAME="my-server"
export SSH_KEY_NAME="my-key"

nyc1

nyc3

sfo2

sfo3

tor1

lon1

ams3

fra1

blr1

sgp1

syd1

Step 2: Get SSH Key ID

SSH_KEY_ID=$(doctl compute ssh-key list --format ID,Name --no-header | grep "$SSH_KEY_NAME" | awk '{print $1}')
echo "SSH Key ID: $SSH_KEY_ID"

# Verify
if [ -z "$SSH_KEY_ID" ]; then
  echo "ERROR: SSH key '$SSH_KEY_NAME' not found. Upload it first."
  exit 1
fi

Step 3: Create Firewall

# Create firewall
doctl compute firewall create \
  --name my-firewall \
  --inbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:443,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:8000,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:6001-6002,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:8443,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:3389,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:3000-4000,address:0.0.0.0/0,address:::/0" \
  --outbound-rules "protocol:tcp,ports:all,address:0.0.0.0/0,address:::/0" \
  --outbound-rules "protocol:udp,ports:all,address:0.0.0.0/0,address:::/0" \
  --outbound-rules "protocol:icmp,address:0.0.0.0/0,address:::/0"

Step 4: Create Droplet

doctl compute droplet create "$SERVER_NAME" \
  --region "$DO_REGION" \
  --size "$DO_SIZE" \
  --image "$DO_IMAGE" \
  --ssh-keys "$SSH_KEY_ID" \
  --tag-names "myproject" \
  --wait

Step 5: Get Droplet IP

SERVER_IP=$(doctl compute droplet get "$SERVER_NAME" --format PublicIPv4 --no-header)
echo "SERVER_IP=$SERVER_IP"

Step 6: Apply Firewall to Droplet

FIREWALL_ID=$(doctl compute firewall list --format ID,Name --no-header | grep "my-firewall" | awk '{print $1}')
DROPLET_ID=$(doctl compute droplet get "$SERVER_NAME" --format ID --no-header)

doctl compute firewall add-droplets "$FIREWALL_ID" --droplet-ids "$DROPLET_ID"

Step 7: Wait for Server Ready

# Wait for SSH to be available (typically 30-60 seconds)
echo "Waiting for server to be ready..."
until ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@$SERVER_IP "echo connected" 2>/dev/null; do
  sleep 5
done
echo "Server is ready!"

Step 8: Verify Connection

ssh root@$SERVER_IP "uname -a && free -h && df -h /"

Step 9: Output for Downstream Skills

# DigitalOcean only offers x86 architecture
SERVER_ARCH="amd64"

# Save to .env.local for downstream skills
echo "SERVER_IP=$SERVER_IP" >> .env.local
echo "SSH_USER=root" >> .env.local
echo "SSH_KEY_PATH=~/.ssh/id_rsa" >> .env.local
echo "SERVER_ARCH=$SERVER_ARCH" >> .env.local
echo "COOLIFY_SERVER_IP=$SERVER_IP" >> .env.local
echo "KASM_SERVER_IP=$SERVER_IP" >> .env.local

echo ""
echo "Droplet deployed successfully!"
echo "  IP: $SERVER_IP"
echo "  Arch: $SERVER_ARCH"
echo "  SSH: ssh root@$SERVER_IP"

Verify Deployment

ssh root@$SERVER_IP "echo 'DigitalOcean Droplet connected successfully'"

Kasm Workspaces Auto-Scaling

DigitalOcean has native integration with Kasm Workspaces for automatic agent provisioning.

Enable in Kasm Admin

1. Go to Infrastructure → Pools → Edit Pool
2. Enable Digital Ocean Scaling Enabled
3. Configure:
   • DO API Key: Your DigitalOcean API token
   • DO Region: Region for new agents
   • DO Droplet Size: Size for auto-provisioned droplets
   • DO SSH Key ID: Your SSH key ID

How It Works

• Kasm automatically provisions new Droplets when user demand increases
• Droplets are destroyed when no longer needed
• Ensures resource utilization and cost efficiency

Cleanup

Warning: This is destructive and cannot be undone.

# Delete droplet
doctl compute droplet delete "$SERVER_NAME" --force

# Delete firewall
FIREWALL_ID=$(doctl compute firewall list --format ID,Name --no-header | grep "my-firewall" | awk '{print $1}')
doctl compute firewall delete "$FIREWALL_ID" --force

# Optionally delete SSH key
# doctl compute ssh-key delete "$SSH_KEY_ID" --force

Operations

Troubleshooting, best practices, configuration variables, and cost snapshots are in

references/OPERATIONS.md

Logging Integration

When performing infrastructure operations, log to the centralized system:

# After provisioning
log_admin "SUCCESS" "operation" "Provisioned DigitalOcean droplet" "id=$DROPLET_ID provider=DigitalOcean"

# After destroying
log_admin "SUCCESS" "operation" "Deleted DigitalOcean droplet" "id=$DROPLET_ID"

# On error
log_admin "ERROR" "operation" "DigitalOcean deployment failed" "error=$ERROR_MSG"

See

admin

references/logging.md

References

• DigitalOcean Console
• doctl CLI Documentation
• Droplet Pricing
• API Documentation
• Kasm Auto-Scaling Docs