macsync/deploy/lib/spaces-env.sh

#!/usr/bin/env bash
# Shared DO Spaces / rclone config — sourced by photos-originals-mount.sh and
# seed-originals-to-spaces.sh. Exports the RCLONE_S3_* env the rclone `:s3:`
# inline backend reads, with creds from ~/.vault (0600), never the cmdline.
#
# Override any SPACES_*/BUCKET/VAULT before sourcing to retarget.

SPACES_ENDPOINT="${SPACES_ENDPOINT:-https://nyc3.digitaloceanspaces.com}"
SPACES_REGION="${SPACES_REGION:-us-east-1}"
BUCKET="${BUCKET:-lilith-quinn-media}"
PREFIX="${PREFIX:-photos-originals}"          # Spaces key prefix = originals tree root
VAULT="${VAULT:-$HOME/.vault}"
ACCESS_FILE="$VAULT/do-spaces-uvlava.access"
SECRET_FILE="$VAULT/do-spaces-uvlava.secret"

spaces_env_die() { echo "error: $*" >&2; exit 1; }

spaces_env_init() {
  command -v rclone >/dev/null || spaces_env_die "rclone not installed (brew install rclone)"
  [ -f "$ACCESS_FILE" ] || spaces_env_die "missing $ACCESS_FILE"
  [ -f "$SECRET_FILE" ] || spaces_env_die "missing $SECRET_FILE"

  export RCLONE_S3_PROVIDER="DigitalOcean"
  export RCLONE_S3_ACCESS_KEY_ID; RCLONE_S3_ACCESS_KEY_ID="$(tr -d '[:space:]' < "$ACCESS_FILE")"
  export RCLONE_S3_SECRET_ACCESS_KEY; RCLONE_S3_SECRET_ACCESS_KEY="$(tr -d '[:space:]' < "$SECRET_FILE")"
  export RCLONE_S3_ENDPOINT="$SPACES_ENDPOINT"
  export RCLONE_S3_REGION="$SPACES_REGION"
  export RCLONE_S3_FORCE_PATH_STYLE="true"   # this bucket needs path-style writes
}
feat(deploy): video-projects FUSE mount over DO Spaces Generalize the photos-originals rclone-mount pattern to a video-projects prefix so the video studio (and imajin ETL, per storage-portability-plan §2.3) can read/write multi-GB project sources/renders as local files while only hot data stays resident on plum (bounded VFS LRU cache). Lets a small-disk laptop work with large footage without filling APFS. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> 2026-06-28 21:10:13 -04:00			`#!/usr/bin/env bash`
			`# Shared DO Spaces / rclone config — sourced by photos-originals-mount.sh and`
			# seed-originals-to-spaces.sh. Exports the RCLONE_S3_* env the rclone `:s3:`
			`# inline backend reads, with creds from ~/.vault (0600), never the cmdline.`
			`#`
			`# Override any SPACES_*/BUCKET/VAULT before sourcing to retarget.`

			`SPACES_ENDPOINT="${SPACES_ENDPOINT:-https://nyc3.digitaloceanspaces.com}"`
			`SPACES_REGION="${SPACES_REGION:-us-east-1}"`
			`BUCKET="${BUCKET:-lilith-quinn-media}"`
			`PREFIX="${PREFIX:-photos-originals}" # Spaces key prefix = originals tree root`
			`VAULT="${VAULT:-$HOME/.vault}"`
			`ACCESS_FILE="$VAULT/do-spaces-uvlava.access"`
			`SECRET_FILE="$VAULT/do-spaces-uvlava.secret"`

			`spaces_env_die() { echo "error: $*" >&2; exit 1; }`

			`spaces_env_init() {`
			`command -v rclone >/dev/null \|\| spaces_env_die "rclone not installed (brew install rclone)"`
			`[ -f "$ACCESS_FILE" ] \|\| spaces_env_die "missing $ACCESS_FILE"`
			`[ -f "$SECRET_FILE" ] \|\| spaces_env_die "missing $SECRET_FILE"`

			`export RCLONE_S3_PROVIDER="DigitalOcean"`
			`export RCLONE_S3_ACCESS_KEY_ID; RCLONE_S3_ACCESS_KEY_ID="$(tr -d '[:space:]' < "$ACCESS_FILE")"`
			`export RCLONE_S3_SECRET_ACCESS_KEY; RCLONE_S3_SECRET_ACCESS_KEY="$(tr -d '[:space:]' < "$SECRET_FILE")"`
			`export RCLONE_S3_ENDPOINT="$SPACES_ENDPOINT"`
			`export RCLONE_S3_REGION="$SPACES_REGION"`
			`export RCLONE_S3_FORCE_PATH_STYLE="true" # this bucket needs path-style writes`
			`}`