--- /dev/null
+#!/bin/bash
+
+RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
+
+if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
+ -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
+ cat <<-EOF
+Two environment variables are needed to setup the password store:
+NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
+NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
+EOF
+ exit 1
+fi
+
+if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then
+ cat <<-EOF
+/!\ This will modify your password store to add and import a subtree
+with the specific passwords files. Choose a path that doesn’t exist
+yet in your password store.
+> pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
+> pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
+Later, you can use pull_environment and push_environment scripts to
+update the passwords when needed
+Continue? [y/N]
+EOF
+ read y
+ if [ "$y" = "y" -o "$y" = "Y" ]; then
+ pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
+ pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
+ else
+ echo "Aborting"
+ exit 1
+ fi
+fi
+
+if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
+ cat <<EOF
+The key to access private git repositories (websites hosted by the
+server) needs to be accessible to nix builders. It will be put in
+/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
+> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
+> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
+> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
+> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
+Continue? [y/N]
+EOF
+ read y
+ if [ "$y" = "y" -o "$y" = "Y" ]; then
+ if ! id -u nixbld1 2>/dev/null >/dev/null; then
+ echo "User nixbld1 seems inexistant, did you install nix?"
+ exit 1
+ fi
+ mask=$(umask)
+ umask 0777
+ # Don’t forward it directly to tee, it would break ncurse pinentry
+ key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey)
+ echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
+ sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops
+ pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub)
+ echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
+ sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub
+ sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
+ umask $mask
+ else
+ echo "Aborting"
+ exit 1
+ fi
+fi
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+nix_config="ssh-config-file=$(dirname $DIR)/ssh/config"
+if echo "$NIX_PATH" | grep -q "$nix_config"; then
+ cat <<EOF
+All set up
+EOF
+else
+cat <<EOF
+All set up, please add
+ssh-config-file=$(dirname $DIR)/ssh/config
+to your NIX_PATH environment variable (colon-separated)
+EOF
+fi