From 22f1061f32eee1f585c7fca7dc89f1222d5a97fc Mon Sep 17 00:00:00 2001
From: Sebastian Estrella <2049686+sestrella@users.noreply.github.com>
Date: Fri, 17 Oct 2025 17:21:42 -0500
Subject: [PATCH 1/3] feat: Add gitleaks hook

---
 modules/hooks.nix | 8 ++++++++
 nix/tools.nix     | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/modules/hooks.nix b/modules/hooks.nix
index 8efaf3db..6eea6f62 100644
--- a/modules/hooks.nix
+++ b/modules/hooks.nix
@@ -2929,6 +2929,14 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.fourm
         package = tools.fprettify;
         entry = "${hooks.fprettify.package}/bin/fprettify";
       };
+      gitleaks = {
+        name = "gitleaks";
+        description = "Find secrets with Gitleaks";
+        entry = lib.getExe tools.gitleaks;
+        args = [ "git" ];
+        always_run = true;
+        stages = [ "post-commit" ];
+      };
       gitlint = {
         name = "gitlint";
         description = "Linting for your git commit messages";
diff --git a/nix/tools.nix b/nix/tools.nix
index 50890dfd..cb28f051 100644
--- a/nix/tools.nix
+++ b/nix/tools.nix
@@ -35,6 +35,7 @@
 , flake-checker ? null
 , fprettify
 , git-annex
+, gitleaks
 , gitlint
 , gptcommit ? null
 , hadolint
@@ -143,6 +144,7 @@ in
     elixir
     flake-checker
     fprettify
+    gitleaks
     gitlint
     go
     go-tools

From 863c9efe5e9638e764df318686f480bd357566e5 Mon Sep 17 00:00:00 2001
From: Sebastian Estrella <2049686+sestrella@users.noreply.github.com>
Date: Fri, 17 Oct 2025 17:23:09 -0500
Subject: [PATCH 2/3] docs: Add reference to gitleaks

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 7a834ff3..6b585663 100644
--- a/README.md
+++ b/README.md
@@ -308,6 +308,7 @@ use nix
 - [commitizen](https://github.com/commitizen-tools/commitizen)
 - [convco](https://github.com/convco/convco)
 - [forbid-new-submodules](https://github.com/pre-commit/pre-commit-hooks/blob/main/pre_commit_hooks/forbid_new_submodules.py)
+- [gitleaks](https://github.com/gitleaks/gitleaks)
 - [gitlint](https://github.com/jorisroovers/gitlint)
 - [gptcommit](https://github.com/zurawiki/gptcommit)
 - [no-commit-to-branch](https://github.com/pre-commit/pre-commit-hooks/blob/main/pre_commit_hooks/no_commit_to_branch.py)

From 477000ba2023e305c4a61cd20e26e51af24d2263 Mon Sep 17 00:00:00 2001
From: Sebastian Estrella <2049686+sestrella@users.noreply.github.com>
Date: Fri, 17 Oct 2025 17:24:30 -0500
Subject: [PATCH 3/3] Add `-v` to args

---
 modules/hooks.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/hooks.nix b/modules/hooks.nix
index 6eea6f62..fc1171bb 100644
--- a/modules/hooks.nix
+++ b/modules/hooks.nix
@@ -2933,7 +2933,7 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.fourm
         name = "gitleaks";
         description = "Find secrets with Gitleaks";
         entry = lib.getExe tools.gitleaks;
-        args = [ "git" ];
+        args = [ "git" "-v" ];
         always_run = true;
         stages = [ "post-commit" ];
       };