git secret handling

program-homemanager.nix

@@ -6,23 +6,44 @@ in
   imports = [
     (import "${home-manager}/nixos")
   ];
+  # Home-manager configuration for the root user
+  home-manager.users.root = {
+    home.stateVersion = config.vars.stateVersion; # Set to your current home-manager version
+
+    programs.git = {
+      enable = true;
+      userName  = config.vars.hm_git_username;
+      userEmail = config.vars.usermail;
+      extraConfig = {
+        credential.helper = "${pkgs.git.override { withLibsecret = true; }}/bin/git-credential-libsecret";
+      };
+    };
+  };
+
   home-manager.users."${config.vars.username}" = {
     /* The home.stateVersion option does not have a default and must be set */
-    home.stateVersion = "25.05";
+    home.stateVersion = config.vars.stateVersion;
     /* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
     programs.git = {
       enable = true;
       userName  = config.vars.hm_git_username;
-      userEmail = config.vars.usermail;    
+      userEmail = config.vars.usermail;
+      extraConfig = {
+        credential.helper = "${pkgs.git.override { withLibsecret = true; }}/bin/git-credential-libsecret";
+      };
     }; 
     programs.zoxide.enable = true;
     programs.zoxide.enableZshIntegration = true;
     programs.zsh.envExtra = ["LANG=en_US.UTF-8" "EDITOR='nano'"];
-    programs.ssh.matchBlocks = {
-      "nixconf" = {
-        hostname = "github.com";
-        user = "${config.vars.email}";
-        identityFile = "/home/${config.vars.username}/.ssh/id_nix";
+    programs.ssh = {
+      enable = true;
+      addKeysToAgent = "yes";
+      matchBlocks = {
+        "nixconf" = {
+          hostname = "github.com";
+          user = "${config.vars.usermail}";
+          identityFile = "/home/${config.vars.username}/.ssh/id_nix";
+        };
       };
     };
   };