#!/usr/bin/env bash
# Shared DO Spaces / rclone config — sourced by photos-originals-mount.sh and
# seed-originals-to-spaces.sh. Exports the RCLONE_S3_* env the rclone `:s3:`
# inline backend reads, with creds from ~/.vault (0600), never the cmdline.
#
# Override any SPACES_*/BUCKET/VAULT before sourcing to retarget.

SPACES_ENDPOINT="${SPACES_ENDPOINT:-https://nyc3.digitaloceanspaces.com}"
SPACES_REGION="${SPACES_REGION:-us-east-1}"
BUCKET="${BUCKET:-lilith-quinn-media}"
PREFIX="${PREFIX:-photos-originals}"          # Spaces key prefix = originals tree root
VAULT="${VAULT:-$HOME/.vault}"
ACCESS_FILE="$VAULT/do-spaces-uvlava.access"
SECRET_FILE="$VAULT/do-spaces-uvlava.secret"

spaces_env_die() { echo "error: $*" >&2; exit 1; }

spaces_env_init() {
  command -v rclone >/dev/null || spaces_env_die "rclone not installed (brew install rclone)"
  [ -f "$ACCESS_FILE" ] || spaces_env_die "missing $ACCESS_FILE"
  [ -f "$SECRET_FILE" ] || spaces_env_die "missing $SECRET_FILE"

  export RCLONE_S3_PROVIDER="DigitalOcean"
  export RCLONE_S3_ACCESS_KEY_ID; RCLONE_S3_ACCESS_KEY_ID="$(tr -d '[:space:]' < "$ACCESS_FILE")"
  export RCLONE_S3_SECRET_ACCESS_KEY; RCLONE_S3_SECRET_ACCESS_KEY="$(tr -d '[:space:]' < "$SECRET_FILE")"
  export RCLONE_S3_ENDPOINT="$SPACES_ENDPOINT"
  export RCLONE_S3_REGION="$SPACES_REGION"
  export RCLONE_S3_FORCE_PATH_STYLE="true"   # this bucket needs path-style writes
}