do non root user doc

.vitepress/config.mts

@@ -36,7 +36,7 @@ export default defineConfig({
           { text: 'Google Sign in without Identity', link: '/dotnet/google-sign-in-without-identity' },
           { text: 'Service Testing', link: '/dotnet/service-testing' },
           { text: 'Controller Testing', link: '/dotnet/controller-testing' },
-          { text: 'API Key Authentication', link: '/dotnet/api-key-auth'}
+          { text: 'API Key Authentication', link: '/dotnet/api-key-auth' }
         ]
       },
       {
@@ -147,6 +147,7 @@ export default defineConfig({
         link: '/opentofu/',
         collapsed: true,
         items: [
+          { text: 'Digital Ocean Droplet Creation', link: '/opentofu/digital-ocean-droplet-non-root-user' },
           { text: 'Encrypted State', link: '/opentofu/encrypted-state' },
         ]
       },

docs/opentofu/digital-ocean-droplet-non-root-user.md

@@ -0,0 +1,27 @@
+# Digital Ocean Droplet Non Root User
+
+Digital Ocean droplets usually have a default user which is root, which is not ideal for security reasons. The following userdata script can be used to create a non-root user and set up SSH access for that user. This is typically used when creating a droplet with Terraform or any other infrastructure as code tool that supports user data.
+
+```tf
+data "digitalocean_ssh_key" "default" {
+  name = "my-ssh-key"
+}
+
+resource "digitalocean_droplet" "example" {
+  # ... other droplet configuration ...
+
+  user_data = <<-EOF
+    #cloud-config
+    users:
+      - name: reach
+        groups: sudo
+        shell: /bin/bash
+        sudo: ALL=(ALL) NOPASSWD:ALL
+        ssh-authorized-keys:
+          - ${data.digitalocean_ssh_key.default.public_key}
+
+    disable_root: true
+    package_update: true
+    package_upgrade: true
+  EOF
+}