From 50aca7b17014f102f413bc796bd236363f1a09d2 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Wed, 4 Jun 2025 13:14:11 -0500
Subject: [PATCH 1/3] added applications key file

---
 .sops.yaml         |  4 ++++
 flake.lock         | 44 ++++++++++++++++++++++----------------------
 nix-config-secrets |  2 +-
 3 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index b8b0adf..a6e6f4f 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -13,3 +13,7 @@ creation_rules:
     key_groups:
       - age:
         - *leyla
+  - path_regex: secrets/application-keys.yaml$
+    key_groups:
+      - age:
+        - *leyla
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
index f77dacd..eeebec5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -28,11 +28,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1748923398,
-        "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=",
+        "lastModified": 1749009805,
+        "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "9eb346d6488b06f04809da4de2073666e25ede9d",
+        "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1",
         "type": "gitlab"
       },
       "original": {
@@ -115,11 +115,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748923085,
-        "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=",
+        "lastModified": 1749049052,
+        "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d",
+        "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab",
         "type": "github"
       },
       "original": {
@@ -185,11 +185,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748352827,
-        "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=",
+        "lastModified": 1749012745,
+        "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90",
+        "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b",
         "type": "github"
       },
       "original": {
@@ -227,11 +227,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748916419,
-        "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=",
+        "lastModified": 1749002682,
+        "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb",
+        "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994",
         "type": "github"
       },
       "original": {
@@ -242,11 +242,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1748634340,
-        "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
+        "lastModified": 1749056381,
+        "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
+        "rev": "029bd66faa180e11262dd1bc2732254c33415f52",
         "type": "github"
       },
       "original": {
@@ -258,11 +258,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748693115,
-        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
+        "lastModified": 1748929857,
+        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
+        "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
         "type": "github"
       },
       "original": {
@@ -292,11 +292,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1743538790,
-        "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=",
+        "lastModified": 1749060788,
+        "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=",
         "ref": "refs/heads/main",
-        "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34",
-        "revCount": 17,
+        "rev": "96e0ee4409830716a1658b37737f9e05d366408e",
+        "revCount": 18,
         "type": "git",
         "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
       },
diff --git a/nix-config-secrets b/nix-config-secrets
index 3d63dff..96e0ee4 160000
--- a/nix-config-secrets
+++ b/nix-config-secrets
@@ -1 +1 @@
-Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34
+Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e

From 7363fc97bc0c6248bc12891940175052777d5b62 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Wed, 4 Jun 2025 13:19:44 -0500
Subject: [PATCH 2/3] updated application key file structure

---
 flake.lock         | 8 ++++----
 nix-config-secrets | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/flake.lock b/flake.lock
index eeebec5..636f746 100644
--- a/flake.lock
+++ b/flake.lock
@@ -292,11 +292,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1749060788,
-        "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=",
+        "lastModified": 1749061163,
+        "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=",
         "ref": "refs/heads/main",
-        "rev": "96e0ee4409830716a1658b37737f9e05d366408e",
-        "revCount": 18,
+        "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba",
+        "revCount": 19,
         "type": "git",
         "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
       },
diff --git a/nix-config-secrets b/nix-config-secrets
index 96e0ee4..1c5c059 160000
--- a/nix-config-secrets
+++ b/nix-config-secrets
@@ -1 +1 @@
-Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e
+Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba

From 0f26b73f6a3e96aed1978432f80689b892083760 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Wed, 4 Jun 2025 18:37:53 -0500
Subject: [PATCH 3/3] set up makemkv persistence

---
 .../home-manager/leyla/packages/default.nix   |  1 +
 .../home-manager/leyla/packages/makemkv.nix   | 17 +++++++++++++++
 modules/home-manager-modules/default.nix      |  1 +
 .../home-manager-modules/programs/makemkv.nix | 21 +++++++++++++++++--
 modules/home-manager-modules/sops.nix         |  7 +++++++
 5 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 configurations/home-manager/leyla/packages/makemkv.nix
 create mode 100644 modules/home-manager-modules/sops.nix

diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix
index 5af20ef..4acfaf1 100644
--- a/configurations/home-manager/leyla/packages/default.nix
+++ b/configurations/home-manager/leyla/packages/default.nix
@@ -13,6 +13,7 @@ in {
     ./direnv.nix
     ./openssh.nix
     ./git.nix
+    ./makemkv.nix
   ];
 
   config = lib.mkMerge [
diff --git a/configurations/home-manager/leyla/packages/makemkv.nix b/configurations/home-manager/leyla/packages/makemkv.nix
new file mode 100644
index 0000000..ee71955
--- /dev/null
+++ b/configurations/home-manager/leyla/packages/makemkv.nix
@@ -0,0 +1,17 @@
+{
+  config,
+  inputs,
+  ...
+}: {
+  config = {
+    sops.secrets = {
+      "application-keys/makemkv" = {
+        sopsFile = "${inputs.secrets}/application-keys.yaml";
+      };
+    };
+    programs.makemkv = {
+      appKeyFile = config.sops.placeholder."application-keys/makemkv";
+      destinationDir = "/home/leyla/downloads/makemkv";
+    };
+  };
+}
diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix
index faf6f58..73876f4 100644
--- a/modules/home-manager-modules/default.nix
+++ b/modules/home-manager-modules/default.nix
@@ -1,6 +1,7 @@
 # this folder container modules that are for home manager only
 {...}: {
   imports = [
+    ./sops.nix
     ./user.nix
     ./flipperzero.nix
     ./i18n.nix
diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix
index c1040bb..eca059d 100644
--- a/modules/home-manager-modules/programs/makemkv.nix
+++ b/modules/home-manager-modules/programs/makemkv.nix
@@ -7,6 +7,12 @@
 }: {
   options.programs.makemkv = {
     enable = lib.mkEnableOption "enable makemkv";
+    appKeyFile = lib.mkOption {
+      type = lib.types.str;
+    };
+    destinationDir = lib.mkOption {
+      type = lib.types.str;
+    };
   };
 
   config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [
@@ -14,11 +20,22 @@
       home.packages = with pkgs; [
         makemkv
       ];
-      # TODO: write config file for makemkv
+
+      sops.templates."MakeMKV.settings.conf".content = ''
+        app_DestinationDir = "${config.programs.makemkv.destinationDir}"
+        app_DestinationType = "2"
+        app_Key = "${config.programs.makemkv.appKeyFile}"
+      '';
+
+      home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path;
     }
     (
       lib.mkIf osConfig.host.impermanence.enable {
-        # TODO: map impermanence for makemkv
+        home.persistence."/persist${config.home.homeDirectory}" = {
+          directories = [
+            ".MakeMKV"
+          ];
+        };
       }
     )
   ]);
diff --git a/modules/home-manager-modules/sops.nix b/modules/home-manager-modules/sops.nix
new file mode 100644
index 0000000..910fbb6
--- /dev/null
+++ b/modules/home-manager-modules/sops.nix
@@ -0,0 +1,7 @@
+{...}: {
+  config = {
+    sops = {
+      age.keyFile = "/var/lib/sops-nix/key.txt";
+    };
+  };
+}