diff --git a/ops/nixos/kusakabe/default.nix b/ops/nixos/kusakabe/default.nix
index 9dea167401..81fac23262 100644
--- a/ops/nixos/kusakabe/default.nix
+++ b/ops/nixos/kusakabe/default.nix
@@ -117,6 +117,9 @@ in {
 
         # IPFS
         4001
+
+        # rsyncd
+        873
       ];
     };
   };
@@ -310,5 +313,48 @@ in {
     dataDir = "/store/ipfs";
   };
 
+  services.rsyncd = {
+    enable = true;
+    settings = {
+      global = {
+        "use chroot" = false;
+        "lock file" = "/run/rsync/rsyncd.lock";
+        "max connections" = 4;
+      };
+      winworldpc = {
+        path = "/store/winworldpc";
+        comment = "WinWorldPC archive";
+        "read only" = true;
+        exclude = "/_data /_data/**";
+      };
+    };
+  };
+  users.users.rsync = {};
+  systemd.services.rsyncd = {
+    confinement.enable = true;
+    serviceConfig = {
+      User = "rsync";
+      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+      PrivateUsers = false;
+
+      ProtectHostname = true;
+      ProtectClock = true;
+      RestrictAddressFamilies = "AF_INET AF_INET6";
+      RestrictNamespaces = true;
+      LockPersonality = true;
+      NoNewPrivileges = true;
+      MemoryDenyWriteExecute = true;
+
+      RuntimeDirectory = "rsync";
+
+      BindReadOnlyPaths = [
+        "/store/winworldpc"
+      ];
+      BindPaths = [
+        "/dev/log"
+      ];
+    };
+  };
+
   system.stateVersion = "20.03";
 }