35 lines
1.1 KiB
Nix
35 lines
1.1 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.sane.programs.ripgrep;
|
|
in
|
|
{
|
|
sane.programs.ripgrep = {
|
|
sandbox.autodetectCliPaths = "existing";
|
|
sandbox.whitelistPwd = true;
|
|
sandbox.extraHomePaths = [
|
|
# let it follow symlinks to non-sensitive data
|
|
".persist/ephemeral"
|
|
".persist/plaintext"
|
|
];
|
|
|
|
# .ignore file is read by ripgrep (rg), silver searcher (ag), maybe others.
|
|
# ignore translation files by default when searching, as they tend to have
|
|
# a LOT of duplicate text.
|
|
# fs.".ignore".symlink.text = ''
|
|
# po/
|
|
# '';
|
|
# XXX(2024-12-08): rg crawls from pwd up to root checking for .ignore files,
|
|
# however it does this *after* pwd has been dereferenced.
|
|
# hence, if inside a persisted directory, it will crawl up through /mnt/persist/...
|
|
# and never actually see the `.ignore` file in /home/colin.
|
|
# instead: place the .ignore file in `/` and symlink it to ~ as a way to hack it into the sandbox
|
|
fs.".ignore".symlink.target = "/.ignore";
|
|
};
|
|
|
|
sane.fs = lib.mkIf cfg.enabled {
|
|
"/.ignore".symlink.text = ''
|
|
po/
|
|
'';
|
|
};
|
|
}
|