From dc2ccdc7eaecd28bc16cacc101119f582bdc1dee Mon Sep 17 00:00:00 2001
From: Evie Litherland-Smith <evie@xenia.me.uk>
Date: Mon, 24 Jun 2024 07:27:22 +0100
Subject: [PATCH] Add pre-commit hook to run gitleaks

Search for accidentally included secrets when committing
---
 .envrc                  | 1 +
 .pre-commit-config.yaml | 5 +++++
 flake.nix               | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 .envrc
 create mode 100644 .pre-commit-config.yaml

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..f1f8f73
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.18.4
+    hooks:
+      - id: gitleaks
diff --git a/flake.nix b/flake.nix
index 0c2c072..a590167 100644
--- a/flake.nix
+++ b/flake.nix
@@ -85,7 +85,8 @@
       pkgs = import nixpkgs {system = "x86_64-linux";};
     in
       pkgs.mkShellNoCC {
-        packages = [pkgs.nil];
+        packages = with pkgs; [nil pre-commit];
+        shellHook = "pre-commit install --install-hooks";
       };
     homeConfigurations = {
       # Server