From c16961d55e7b9936101e3356f43d45214b5bce8e Mon Sep 17 00:00:00 2001
From: Matei Adriel <rafaeladriel11@gmail.com>
Date: Thu, 14 Dec 2023 00:54:51 +0100
Subject: [PATCH] Periodically clean up direnv permissions

---
 home/features/cli/direnv.nix     | 11 +++++++----
 home/features/neovim/default.nix |  1 +
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/home/features/cli/direnv.nix b/home/features/cli/direnv.nix
index eea2ac3..65263e3 100644
--- a/home/features/cli/direnv.nix
+++ b/home/features/cli/direnv.nix
@@ -1,4 +1,7 @@
-{ config, ... }: {
+{ config, ... }:
+let statePath = "${config.xdg.dataHome}/direnv/allow";
+in
+{
   programs.direnv.enable = true;
   programs.direnv.nix-direnv.enable = true;
 
@@ -9,7 +12,7 @@
     DIRENV_LOG_FORMAT = "";
   };
 
-  satellite.persistence.at.state.apps.direnv.directories = [
-    "${config.xdg.dataHome}/direnv/allow"
-  ];
+  # Only save allowed paths for 30d
+  systemd.user.tmpfiles.rules = [ "d ${statePath} - - - 30d" ];
+  satellite.persistence.at.state.apps.direnv.directories = [ statePath ];
 }
diff --git a/home/features/neovim/default.nix b/home/features/neovim/default.nix
index fef25f3..d223943 100644
--- a/home/features/neovim/default.nix
+++ b/home/features/neovim/default.nix
@@ -290,6 +290,7 @@ in
     event = "BufReadPost";
 
     opts.enabled = true;
+    # TODO: blacklist harpoon, NeogitStatus
   };
   # }}}
   # {{{ harpoon