From 47a744f68f19492c743993f3aeb830de6d8cd761 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 26 May 2026 13:37:29 +0900
Subject: [PATCH] ildkule/uptime-kuma: set up rsync pull target for principal

---
 .../services/monitoring/uptime-kuma.nix       | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/hosts/ildkule/services/monitoring/uptime-kuma.nix b/hosts/ildkule/services/monitoring/uptime-kuma.nix
index 288a240..14ad7e2 100644
--- a/hosts/ildkule/services/monitoring/uptime-kuma.nix
+++ b/hosts/ildkule/services/monitoring/uptime-kuma.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, values, ... }:
 let
   cfg = config.services.uptime-kuma;
   domain = "status.pvv.ntnu.no";
@@ -24,4 +24,21 @@ in {
     fsType = "bind";
     options = [ "bind" ];
   };
+
+  services.rsync-pull-targets = {
+    enable = true;
+    locations.${stateDir} = {
+      user = "root";
+      rrsyncArgs.ro = true;
+      authorizedKeysAttrs = [
+        "restrict"
+        "from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
+        "no-agent-forwarding"
+        "no-port-forwarding"
+        "no-pty"
+        "no-X11-forwarding"
+      ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXzcDm6cVr4NmWzUSroy33FlielKqaG83wY0RCMC0p/ uptime_kuma rsync backup";
+    };
+  };
 }