{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.local.syncthing;
in {
  options.local.syncthing = {
    enable = mkEnableOption "syncthing server";
    openFirewall = mkEnableOption "syncthing firewall rules";
  };

  config = mkMerge [
    {
      networking.firewall = {
        allowedTCPPorts = optional cfg.openFirewall 22000;
        allowedUDPPorts = optional cfg.openFirewall 22000;
      };
    }
    (mkIf cfg.enable {
      local.syncthing.openFirewall = true;

      services.syncthing = {
        enable = true;

        systemService = true;
        overrideFolders = false;
        overrideDevices = false;
        openDefaultPorts = true;

        guiAddress = "127.0.0.1:8384";

        settings.options.urAccepted = -1;

        relay = {
          enable = true;

          pools = [];
          providedBy = "${config.networking.hostName}.${config.networking.domain}";
        };
      };
    })
  ];
}