# DigitalOcean Setup Detailed guide for deploying OpenBoatmobile to DigitalOcean. ## When to Use DigitalOcean | Factor | Hetzner | DigitalOcean | |--------|---------|--------------| | Price | €4.49/mo (cx23) | $24/mo (s-2vcpu-4gb) | | US West Coast | No | Yes (SFO2, SFO3) | | Documentation | Good | Excellent | | One-click apps | Limited | Extensive | | Support | Ticket | Ticket + Premium | Use DigitalOcean if: - You're on the US West Coast (SFO has better latency than Ashburn) - You already have DO credits/promo codes - You prefer DO's documentation and ecosystem ## Create DigitalOcean Account 1. Go to [DigitalOcean](https://www.digitalocean.com/) 2. Sign up 3. Add a payment method ($5 minimum) ## Create API Token 1. Go to [DO API Settings](https://cloud.digitalocean.com/account/api/tokens) 2. Click **Generate New Token** 3. Name it (e.g., "openclaw-terraform") 4. Permissions: **Read & Write** 5. Copy the token immediately (shown only once) ## Add SSH Key 1. Go to [DO Security Settings](https://cloud.digitalocean.com/account/security) 2. Click **Add SSH Key** 3. Paste your public key contents: ```bash cat ~/.ssh/id_ed25519.pub ``` 4. Give it a name 5. Click **Add SSH Key** ### Get the Fingerprint Terraform needs the fingerprint, not the name: ```bash ssh-keygen -lf ~/.ssh/id_ed25519.pub # Output: 256 SHA256:abc123... your@email.com (ED25519) ``` The fingerprint is the part after `SHA256:` and before the email. ```bash TF_VAR_ssh_key_fingerprints='["abc123..."]' ``` ## Choose a Region | Code | Location | Notes | |------|----------|-------| | `nyc1` | New York | US East | | `nyc3` | New York | US East (recommended) | | `sfo2` | San Francisco | US West | | `sfo3` | San Francisco | US West | | `ams3` | Amsterdam | Europe | | `lon1` | London | Europe | | `sgp1` | Singapore | Asia | ## Configure OpenBoatmobile ### Minimal Configuration In `terraform.tfvars`: ```hcl provider = "digitalocean" server_name = "my-agent" droplet_size_digitalocean = "s-2vcpu-4gb" region_digitalocean = "nyc3" # These come from environment: # TF_VAR_do_token # TF_VAR_venice_api_key # TF_VAR_ssh_key_fingerprints ``` ### Droplet Sizes | Size | vCPU | RAM | Disk | Price | |------|------|-----|------|-------| | s-1vcpu-2gb | 1 | 2 GB | 50 GB | $12/mo | | **s-2vcpu-4gb** | 2 | 4 GB | 80 GB | **$24/mo** (recommended) | | s-2vcpu-8gb | 2 | 8 GB | 160 GB | $48/mo | | s-4vcpu-8gb | 4 | 8 GB | 160 GB | $64/mo | The s-2vcpu-4gb is the sweet spot for OpenClaw. ## Deploy ```bash # Load secrets source .env # Initialize (first time only) terraform init # Preview changes terraform plan # Deploy terraform apply ``` ## Post-Deployment Terraform outputs: ``` server_ip = "123.45.67.89" ssh_command = "ssh openclaw@123.45.67.89" # or "ssh hermes@123.45.67.89" for Hermes ``` ### Connect ```bash # Username is 'openclaw' or 'hermes' depending on framework ssh @123.45.67.89 ``` ### Run OpenClaw Onboarding ```bash openclaw onboard --install-daemon ``` ## Firewall Rules OpenBoatmobile creates a DigitalOcean firewall with: | Direction | Port | Source | |-----------|------|--------| | Inbound | 22 (SSH) | Configured IPs | | Outbound | All | Any | To restrict SSH to your IP: ```bash TF_VAR_ssh_allowed_ips='["your.public.ip/32"]' ``` ## Cleanup ```bash terraform destroy ``` ## Troubleshooting ### "SSH Key fingerprint not found" - Use the fingerprint, not the name - The fingerprint is shown in DO Console under Security - Make sure there are no extra spaces ### "API Token invalid" - Regenerate the token - Copy immediately (shown only once) - Check for trailing spaces in `.env` ### Droplet created but can't SSH - Wait 2-3 minutes for cloud-init - Verify your key fingerprint is correct - Check firewall allows your IP ### "Rate limit exceeded" - DO has API rate limits - Wait a few minutes and retry - Use `terraform plan` sparingly before `apply`