# Nix build results
result
result-*

# Ignore everything in the secrets directory
secrets/*

# Explicitly allow ONLY these files
!secrets/secrets.yaml
!secrets/keys.txt.age
!secrets/ssh-github
!secrets/ssh-key

# Explicitly block the plain text keys (even if the rule above changes)
secrets/keys.txt
secrets/ssh-private

# macOS
.DS_Store
._.DS_Store
**/.DS_Store
**/._.DS_Store

# secrets (encrypted via sops, but extra safety)
secrets/*.yaml~

# Editor
.direnv/
.envrc