Add R2 rclone mount apps under ~/darkmatter

README.md

@@ -127,26 +127,54 @@ By default all shared Darkmatter secrets are installed. Limit the set with:
 
 This flake also exposes a few runnable utilities for the team.
 
-### `rclone-s3`
+### Cloudflare R2 mounts at `~/darkmatter`
 
-Mount an S3 bucket locally with `rclone`:
+Three Cloudflare R2 buckets are exposed as local FUSE mounts under `~/darkmatter`:
 
-```/dev/null/example.sh#L1-1
-nix run github:darkmatter/nix#rclone-s3 -- ~/path/to/dir bucket-name
+- `~/darkmatter/public`  — bucket `darkmatter-public`
+- `~/darkmatter/team`    — bucket `darkmatter-team`
+- `~/darkmatter/personal` — bucket `darkmatter-personal`
+
+One-time setup — create the rclone remote (`darkmatter-r2`):
+
+```bash
+# Will prompt for account id / access key / secret if not in env.
+R2_ACCOUNT_ID=... R2_ACCESS_KEY_ID=... R2_SECRET_ACCESS_KEY=... \
+  nix run github:darkmatter/nix#configure-darkmatter-r2
 ```
 
-This command expects:
+Mount everything (or a single bucket):
 
-- argument 1: local mount directory
-- argument 2: S3 bucket name
+```bash
+nix run github:darkmatter/nix#mount-darkmatter
+nix run github:darkmatter/nix#mount-darkmatter -- team
+```
+
+Unmount:
+
+```bash
+nix run github:darkmatter/nix#unmount-darkmatter
+nix run github:darkmatter/nix#unmount-darkmatter -- personal
+```
 
-The wrapper also exports AWS environment variables before starting `rclone` so teammates do not need to remember the right profile settings manually. Fill in the placeholder values in `flake.nix` for your environment, for example:
+Override the mount root for a single invocation with `DARKMATTER_BASE_DIR=/some/path`.
 
-- `AWS_PROFILE`
-- `AWS_REGION`
-- `AWS_DEFAULT_REGION`
+To customize bucket names, the rclone remote name, or the mount layout in another flake, import the module and override the options:
 
-Once mounted, unmount it the usual way for your OS when you are done.
+```nix
+{
+  imports = [ inputs.darkmatter.flakeModules.r2 ];
+
+  perSystem = { ... }: {
+    darkmatter.r2 = {
+      enable = true;
+      accountId = "<cloudflare-account-id>";
+      mounts.team.bucket = "my-team-bucket";
+      mounts.archive = { bucket = "my-archive-bucket"; };
+    };
+  };
+}
+```
 
 ## Quick Start
 

flake.nix

@@ -42,6 +42,7 @@
         flakeModules = {
           default = ./modules/flake-parts;
           agenix-rekey = ./modules/flake-parts/ci/agenix-rekey.nix;
+          r2 = ./modules/flake-parts/r2.nix;
         };
         homeManagerModules = {
           default = defaultHomeManagerModule;
@@ -79,6 +80,9 @@
             cachix.enable = true;
             cachix.name = "darkmatter";
           };
+          # Expose mount-darkmatter / unmount-darkmatter / configure-darkmatter-r2
+          # apps that mount Cloudflare R2 buckets at ~/darkmatter/{public,team,personal}.
+          darkmatter.r2.enable = true;
         };
     };
 }

modules/flake-parts/ci/agenix-rekey.nix

@@ -97,10 +97,12 @@ in {
         };
       };
 
-      workflowFile = pkgs.writeText "agenix-rekey.yaml" (
-        "# Generated by darkmatter flake - do not edit manually\n"
-        + (builtins.readFile (yaml.generate "agenix-rekey.yaml" workflow))
-      );
+      workflowFile = pkgs.runCommand "agenix-rekey.yaml" { } ''
+        {
+          echo '# Generated by darkmatter flake - do not edit manually'
+          cat ${yaml.generate "agenix-rekey.yaml" workflow}
+        } > $out
+      '';
 
       installScript = pkgs.writeShellScriptBin "install-agenix-rekey-workflow" ''
         mkdir -p .github/workflows

modules/flake-parts/default.nix

@@ -16,5 +16,6 @@
 {...}: {
   imports = [
     ./ci
+    ./r2.nix
   ];
 }