From b77c8eb5c0594b6916099534ab72981354600614 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 27 Jan 2026 21:10:17 +0900
Subject: [PATCH] modules/rsync-pull-targets: fix multiple pull targets with
 same user

---
 modules/rsync-pull-targets.nix | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/modules/rsync-pull-targets.nix b/modules/rsync-pull-targets.nix
index 14f9a7c..79ce537 100644
--- a/modules/rsync-pull-targets.nix
+++ b/modules/rsync-pull-targets.nix
@@ -124,16 +124,22 @@ in
     services.openssh.enable = true;
     users.users = lib.pipe cfg.locations [
       (lib.filterAttrs (_: value: value.enable))
-      (lib.mapAttrs' (_: { user, location, rrsyncPackage, rrsyncArgs, authorizedKeysAttrs, publicKey, ... }: let
-        rrsyncArgString = lib.cli.toCommandLineShellGNU {
-          isLong = _: false;
-        } rrsyncArgs;
-        # TODO: handle " in location
-      in {
-        name = user;
-        value.openssh.authorizedKeys.keys = [
-          "command=\"${lib.getExe rrsyncPackage} ${rrsyncArgString} ${location}\",${lib.concatStringsSep "," authorizedKeysAttrs} ${publicKey}"
-        ];
+
+      lib.attrValues
+
+      # Index locations by SSH user
+      (lib.foldl (acc: location: acc // {
+        ${location.user} = (acc.${location.user} or [ ]) ++ [ location ];
+      }) { })
+
+      (lib.mapAttrs (_name: locations: {
+        openssh.authorizedKeys.keys = map ({ user, location, rrsyncPackage, rrsyncArgs, authorizedKeysAttrs, publicKey, ... }: let
+          rrsyncArgString = lib.cli.toCommandLineShellGNU {
+            isLong = _: false;
+          } rrsyncArgs;
+          # TODO: handle " in location
+        in "command=\"${lib.getExe rrsyncPackage} ${rrsyncArgString} ${location}\",${lib.concatStringsSep "," authorizedKeysAttrs} ${publicKey}"
+        ) locations;
       }))
     ];
   };