From dce366652139cba7f1a74642181a1fba0a737241 Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Thu, 11 Jun 2026 01:58:26 -0700 Subject: [PATCH] codex: stop managing ~/.codex/.gitignore via home-manager MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ~/.codex is a git-sync-rs checkout of codex-history, which ships its own real .gitignore. An HM-managed symlink there resolves to a symlink-blob (the target path), silently disabling all ignore rules — git won't read a symlinked ignore file. That let a git-sync auto-commit stage auth.json, *.sqlite and ~540 other state files locally (caught before push; remote was never affected). Leave .gitignore to the repo. Co-Authored-By: Claude Opus 4.8 --- nix-shared/home-manager/codex-generated-skills.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nix-shared/home-manager/codex-generated-skills.nix b/nix-shared/home-manager/codex-generated-skills.nix index f7e98b1f..1d8ba87b 100644 --- a/nix-shared/home-manager/codex-generated-skills.nix +++ b/nix-shared/home-manager/codex-generated-skills.nix @@ -55,10 +55,11 @@ in { config = lib.mkIf cfg.enable { home.file = { - ".codex/.gitignore" = { - force = true; - source = oos "${cfg.worktreeCodexDir}/.gitignore"; - }; + # NB: ~/.codex/.gitignore is intentionally NOT managed here. ~/.codex is + # a git-sync-rs checkout of the codex-history repo, which ships its own + # real .gitignore — git refuses to read a symlinked ignore file, so an + # HM-managed symlink here would silently disable ignore rules and risk + # committing auth.json/sqlite state. Leave it to the repo. ".codex/AGENTS.md" = { force = true;