admin-infra-digitalocean

Deploys infrastructure on DigitalOcean with Droplets (VMs), Firewalls, and VPCs. Includes Kasm Workspaces auto-scaling integration for dynamic agent provisioning. Use when: setting up DigitalOcean infrastructure, deploying Droplets, configuring firewalls, integrating with Kasm auto-scaling, looking for US/global cloud with good API. Keywords: digitalocean, doctl, droplet, VPS, firewall, VPC, kasm autoscale, cloud infrastructure

181 stars

bymajiayu000

View on GitHub Installation ↓

Best use case

admin-infra-digitalocean is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using admin-infra-digitalocean should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/admin-infra-digitalocean/SKILL.md --create-dirs "https://raw.githubusercontent.com/majiayu000/claude-skill-registry/main/skills/data/admin-infra-digitalocean/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/admin-infra-digitalocean/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How admin-infra-digitalocean Compares

Feature / Agent	admin-infra-digitalocean	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# DigitalOcean Infrastructure

**Status**: Production Ready | **Dependencies**: doctl CLI, SSH key pair

---

## Navigation

- Operations, troubleshooting, config, and cost snapshot: `references/OPERATIONS.md`

---

## Step 0: Gather Required Information (MANDATORY)

**STOP. Before ANY deployment commands, collect ALL parameters from the user.**

Copy this checklist and confirm each item:

```
Required Parameters:
- [ ] SERVER_NAME      - Unique name for this server
- [ ] DO_REGION        - Region (nyc1, sfo3, lon1, fra1, sgp1, etc.)
- [ ] DO_SIZE          - Droplet size (see profiles below)
- [ ] SSH_KEY_NAME     - Name of SSH key in DigitalOcean
- [ ] SSH_KEY_PATH     - Path to local SSH private key (default: ~/.ssh/id_rsa)

Deployment Purpose (determines recommended profile):
- [ ] Purpose: coolify / kasm / both / custom
      coolify → s-2vcpu-4gb ($24/mo)
      kasm    → s-4vcpu-8gb ($48/mo)
      both    → s-8vcpu-16gb ($96/mo)
      custom  → Ask for specific size
```

**Recommended profiles by purpose:**

| Purpose | Size | vCPU | RAM | Monthly |
|---------|------|------|-----|---------|
| coolify | s-2vcpu-4gb | 2 | 4GB | $24 |
| kasm | s-4vcpu-8gb | 4 | 8GB | $48 |
| both | s-8vcpu-16gb | 8 | 16GB | $96 |

**DO NOT proceed to Prerequisites until ALL parameters are confirmed.**

---

## Prerequisites

Before using this skill, verify the following:

### 1. DigitalOcean CLI Installed

```bash
doctl version
```

**If missing**, install with:

```bash
# macOS
brew install doctl

# Linux (snap)
sudo snap install doctl

# Linux (download binary)
cd ~
wget https://github.com/digitalocean/doctl/releases/download/v1.104.0/doctl-1.104.0-linux-amd64.tar.gz
tar xf doctl-1.104.0-linux-amd64.tar.gz
sudo mv doctl /usr/local/bin

# Windows (scoop)
scoop install doctl
```

### 2. DigitalOcean Account & API Token

**If you don't have a DigitalOcean account**:

Sign up at: https://m.do.co/c/YOUR_REFERRAL_CODE

> *Disclosure: This is a referral link. You'll receive $200 in credit for 60 days, and the skill author receives account credit. Using this link helps support the development of these skills.*

**Get API token**: https://cloud.digitalocean.com/account/api/tokens

Create a token with **Read & Write** scope.

### 3. doctl CLI Configured

```bash
doctl account get
```

**If it shows an error**, authenticate with:

```bash
doctl auth init
# Paste your API token when prompted
```

Or set via environment variable:
```bash
export DIGITALOCEAN_ACCESS_TOKEN="your_token_here"
doctl account get
```

### 4. SSH Key Pair

```bash
ls ~/.ssh/id_rsa.pub
```

**If missing**, generate with:

```bash
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
```

### 5. SSH Key Uploaded to DigitalOcean

```bash
doctl compute ssh-key list
```

**If empty**, upload with:

```bash
doctl compute ssh-key import my-key --public-key-file ~/.ssh/id_rsa.pub
```

### 6. Test Authentication

```bash
doctl compute region list
```

**If this fails**: Token may be invalid or expired. Create a new one.

---

## Server Profiles

### Coolify/Kasm Deployments

| Profile | Droplet Type | vCPU | RAM | Disk | Monthly Cost |
|---------|--------------|------|-----|------|--------------|
| `coolify` | s-2vcpu-4gb | 2 | 4GB | 80GB | $24 |
| `kasm` | s-4vcpu-8gb | 4 | 8GB | 160GB | $48 |
| `both` | s-8vcpu-16gb | 8 | 16GB | 320GB | $96 |

### Premium CPU (Higher Performance)

| Profile | Droplet Type | vCPU | RAM | Disk | Monthly Cost |
|---------|--------------|------|-----|------|--------------|
| `premium-small` | c-4-8gib | 4 | 8GB | 50GB | $84 |
| `premium-medium` | c-8-16gib | 8 | 16GB | 100GB | $168 |
| `premium-large` | c-16-32gib | 16 | 32GB | 200GB | $336 |

<details>
<summary><strong>General Purpose (Best for mixed workloads)</strong></summary>

| Droplet Type | vCPU | RAM | Disk | Monthly Cost |
|--------------|------|-----|------|--------------|
| g-2vcpu-8gb | 2 | 8GB | 25GB | $63 |
| g-4vcpu-16gb | 4 | 16GB | 50GB | $126 |
| g-8vcpu-32gb | 8 | 32GB | 100GB | $252 |

</details>

---

## Deployment Steps

### Step 1: Set Environment Variables

```bash
export DO_REGION="nyc1"                    # See regions below
export DO_SIZE="s-2vcpu-4gb"               # See profiles above
export DO_IMAGE="ubuntu-22-04-x64"
export SERVER_NAME="my-server"
export SSH_KEY_NAME="my-key"
```

<details>
<summary><strong>Region options</strong></summary>

| Code | Location | Region |
|------|----------|--------|
| `nyc1` | New York 1 | US East |
| `nyc3` | New York 3 | US East |
| `sfo2` | San Francisco 2 | US West |
| `sfo3` | San Francisco 3 | US West |
| `tor1` | Toronto | Canada |
| `lon1` | London | UK |
| `ams3` | Amsterdam | Netherlands |
| `fra1` | Frankfurt | Germany |
| `blr1` | Bangalore | India |
| `sgp1` | Singapore | Asia |
| `syd1` | Sydney | Australia |

</details>

### Step 2: Get SSH Key ID

```bash
SSH_KEY_ID=$(doctl compute ssh-key list --format ID,Name --no-header | grep "$SSH_KEY_NAME" | awk '{print $1}')
echo "SSH Key ID: $SSH_KEY_ID"

# Verify
if [ -z "$SSH_KEY_ID" ]; then
  echo "ERROR: SSH key '$SSH_KEY_NAME' not found. Upload it first."
  exit 1
fi
```

### Step 3: Create Firewall

```bash
# Create firewall
doctl compute firewall create \
  --name my-firewall \
  --inbound-rules "protocol:tcp,ports:22,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:80,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:443,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:8000,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:6001-6002,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:8443,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:3389,address:0.0.0.0/0,address:::/0" \
  --inbound-rules "protocol:tcp,ports:3000-4000,address:0.0.0.0/0,address:::/0" \
  --outbound-rules "protocol:tcp,ports:all,address:0.0.0.0/0,address:::/0" \
  --outbound-rules "protocol:udp,ports:all,address:0.0.0.0/0,address:::/0" \
  --outbound-rules "protocol:icmp,address:0.0.0.0/0,address:::/0"
```

### Step 4: Create Droplet

```bash
doctl compute droplet create "$SERVER_NAME" \
  --region "$DO_REGION" \
  --size "$DO_SIZE" \
  --image "$DO_IMAGE" \
  --ssh-keys "$SSH_KEY_ID" \
  --tag-names "myproject" \
  --wait
```

### Step 5: Get Droplet IP

```bash
SERVER_IP=$(doctl compute droplet get "$SERVER_NAME" --format PublicIPv4 --no-header)
echo "SERVER_IP=$SERVER_IP"
```

### Step 6: Apply Firewall to Droplet

```bash
FIREWALL_ID=$(doctl compute firewall list --format ID,Name --no-header | grep "my-firewall" | awk '{print $1}')
DROPLET_ID=$(doctl compute droplet get "$SERVER_NAME" --format ID --no-header)

doctl compute firewall add-droplets "$FIREWALL_ID" --droplet-ids "$DROPLET_ID"
```

### Step 7: Wait for Server Ready

```bash
# Wait for SSH to be available (typically 30-60 seconds)
echo "Waiting for server to be ready..."
until ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@$SERVER_IP "echo connected" 2>/dev/null; do
  sleep 5
done
echo "Server is ready!"
```

### Step 8: Verify Connection

```bash
ssh root@$SERVER_IP "uname -a && free -h && df -h /"
```

### Step 9: Output for Downstream Skills

```bash
# DigitalOcean only offers x86 architecture
SERVER_ARCH="amd64"

# Save to .env.local for downstream skills
echo "SERVER_IP=$SERVER_IP" >> .env.local
echo "SSH_USER=root" >> .env.local
echo "SSH_KEY_PATH=~/.ssh/id_rsa" >> .env.local
echo "SERVER_ARCH=$SERVER_ARCH" >> .env.local
echo "COOLIFY_SERVER_IP=$SERVER_IP" >> .env.local
echo "KASM_SERVER_IP=$SERVER_IP" >> .env.local

echo ""
echo "Droplet deployed successfully!"
echo "  IP: $SERVER_IP"
echo "  Arch: $SERVER_ARCH"
echo "  SSH: ssh root@$SERVER_IP"
```

---

## Verify Deployment

```bash
ssh root@$SERVER_IP "echo 'DigitalOcean Droplet connected successfully'"
```

---

## Kasm Workspaces Auto-Scaling

DigitalOcean has native integration with Kasm Workspaces for automatic agent provisioning.

### Enable in Kasm Admin

1. Go to **Infrastructure** → **Pools** → **Edit Pool**
2. Enable **Digital Ocean Scaling Enabled**
3. Configure:
   - **DO API Key**: Your DigitalOcean API token
   - **DO Region**: Region for new agents
   - **DO Droplet Size**: Size for auto-provisioned droplets
   - **DO SSH Key ID**: Your SSH key ID

### How It Works

- Kasm automatically provisions new Droplets when user demand increases
- Droplets are destroyed when no longer needed
- Ensures resource utilization and cost efficiency

---

## Cleanup

**Warning**: This is destructive and cannot be undone.

```bash
# Delete droplet
doctl compute droplet delete "$SERVER_NAME" --force

# Delete firewall
FIREWALL_ID=$(doctl compute firewall list --format ID,Name --no-header | grep "my-firewall" | awk '{print $1}')
doctl compute firewall delete "$FIREWALL_ID" --force

# Optionally delete SSH key
# doctl compute ssh-key delete "$SSH_KEY_ID" --force
```

---

## Operations

Troubleshooting, best practices, configuration variables, and cost snapshots are in `references/OPERATIONS.md`.

---

## Logging Integration

When performing infrastructure operations, log to the centralized system:

```bash
# After provisioning
log_admin "SUCCESS" "operation" "Provisioned DigitalOcean droplet" "id=$DROPLET_ID provider=DigitalOcean"

# After destroying
log_admin "SUCCESS" "operation" "Deleted DigitalOcean droplet" "id=$DROPLET_ID"

# On error
log_admin "ERROR" "operation" "DigitalOcean deployment failed" "error=$ERROR_MSG"
```

See `admin` skill's `references/logging.md` for full logging documentation.

---

## References

- [DigitalOcean Console](https://cloud.digitalocean.com/)
- [doctl CLI Documentation](https://docs.digitalocean.com/reference/doctl/)
- [Droplet Pricing](https://www.digitalocean.com/pricing/droplets)
- [API Documentation](https://docs.digitalocean.com/reference/api/)
- [Kasm Auto-Scaling Docs](https://www.kasmweb.com/docs/latest/guide/zones/aws_autoscaling.html)

Related Skills

administration

181

from majiayu000/claude-skill-registry

How to monitor usage, track costs, configure analytics, and measure ROI for Claude Code. Use when user asks about monitoring, telemetry, metrics, costs, analytics, or OpenTelemetry.

administering-linux

181

from majiayu000/claude-skill-registry

Manage Linux systems covering systemd services, process management, filesystems, networking, performance tuning, and troubleshooting. Use when deploying applications, optimizing server performance, diagnosing production issues, or managing users and security on Linux servers.

admin

181

from majiayu000/claude-skill-registry

Admin panel - RBAC, config, admin tools. Use when building admin UI.

admin-wsl

181

from majiayu000/claude-skill-registry

WSL2 Ubuntu administration from Linux side. Profile-aware - reads preferences from Windows-side profile at /mnt/c/Users/{WIN_USER}/.admin/profiles/{hostname}.json Use when: Inside WSL for apt packages, Docker, Python/uv, shell configs, systemd. Coordinates with admin-windows via shared profile ON THE WINDOWS SIDE.

admin-windows

181

from majiayu000/claude-skill-registry

Windows system administration with PowerShell 7.x. Profile-aware - reads your preferences for package managers (scoop vs winget), paths, and installed tools. Use when: Windows-specific admin tasks, PowerShell automation, PATH configuration, package installation, bash-to-PowerShell translation.

admin-unix

181

from majiayu000/claude-skill-registry

Native macOS and Linux administration (non-WSL). Profile-aware - reads preferences from ~/.admin/profiles/{hostname}.json. Use when: macOS/Linux system admin, Homebrew (macOS), apt (Linux), services. NOT for WSL - use admin-wsl instead.

admin-panel-builder

181

from majiayu000/claude-skill-registry

Expert assistant for creating and maintaining admin panel pages in the KR92 Bible Voice project. Use when creating admin pages, building admin components, integrating with admin navigation, or adding admin features.

admin-mcp

181

from majiayu000/claude-skill-registry

MCP server management for Claude Desktop. Profile-aware - reads MCP server inventory from profile.mcp.servers{} and config path from profile.paths.claudeConfig. Use when: installing MCP servers, configuring Claude Desktop, troubleshooting MCP issues.

admin-interface-rules

181

from majiayu000/claude-skill-registry

Rules for the Admin interface functionalities

admin-infra-vultr

181

from majiayu000/claude-skill-registry

Deploys infrastructure on Vultr with Cloud Compute instances, High-Frequency servers, and VPCs. Excellent value with Kubernetes autoscaling support and global data centers. Use when: setting up Vultr infrastructure, deploying cloud compute or high-frequency instances, configuring firewalls, needing good price/performance with global reach. Keywords: vultr, vultr-cli, VPS, cloud compute, high-frequency, firewall, VPC, kubernetes autoscale, infrastructure

admin-infra-oci

181

from majiayu000/claude-skill-registry

Deploys infrastructure on Oracle Cloud Infrastructure (OCI) with ARM64 instances (Always Free tier eligible). Handles compartments, VCNs, subnets, security lists, and compute instances. Use when: setting up Oracle Cloud infrastructure, deploying ARM64 instances, troubleshooting OUT_OF_HOST_CAPACITY errors, optimizing for Always Free tier. Keywords: oracle cloud, OCI, ARM64, VM.Standard.A1.Flex, Always Free tier, OUT_OF_HOST_CAPACITY, oci compartment, oci vcn

admin-infra-linode

181

from majiayu000/claude-skill-registry

Deploys infrastructure on Linode (Akamai Cloud) with Linodes, Firewalls, and VLANs. Strong Kubernetes support with Cluster Autoscaler and Akamai edge network integration. Use when: setting up Linode/Akamai infrastructure, deploying Linodes, configuring firewalls, needing Kubernetes autoscaling, wanting Akamai CDN integration. Keywords: linode, akamai, linode-cli, VPS, dedicated CPU, firewall, VLAN, kubernetes autoscale, infrastructure