From fb59a242fb362fee00c002f6c65bebadd3bd7ce6 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 27 Jan 2026 18:55:25 +0900
Subject: [PATCH] kommode/gitea: add rsync pull target for gitea dump dir

---
 hosts/kommode/services/gitea/default.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/hosts/kommode/services/gitea/default.nix b/hosts/kommode/services/gitea/default.nix
index a5c1bf6..6d0392f 100644
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -195,6 +195,22 @@ in {
 
   networking.firewall.allowedTCPPorts = [ sshPort ];
 
+  services.rsync-pull-targets = {
+    enable = true;
+    locations.${cfg.dump.backupDir} = {
+      user = "root";
+      rrsyncArgs.ro = true;
+      authorizedKeysAttrs = [
+        "restrict"
+        "no-agent-forwarding"
+        "no-port-forwarding"
+        "no-pty"
+        "no-X11-forwarding"
+      ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpMVrOppyqYaDiAhqmAuOaRsubFvcQGBGyz+NHB6+0o gitea rsync backup";
+    };
+  };
+
   systemd.services.gitea-dump = {
     serviceConfig.ExecStart = let
       args = lib.cli.toGNUCommandLineShell { } {