{ config, ... }:

{
	age.secrets = {
		syncthingKey.file = ../../secrets/syncthing/key;
		syncthingCert.file = ../../secrets/syncthing/cert;
	};

	services.syncthing = {
		enable = true;
		key = config.age.secrets.syncthingKey.path;
		cert = config.age.secrets.syncthingCert.path;
		guiAddress = "0.0.0.0:8384";
		settings.folders = {
			"passwords" = {
				path = "${config.services.syncthing.dataDir}/passwords";
			};
			"school-things" = {
				label = "School things";
				id = "z6alc-nfoqr";
				devices = [ "steamdeck" "server" "pc"];
				path = "${config.services.syncthing.dataDir}/school-things";
			};
			"steam-201810" = {
				label = "Wolfenstein The New Order Saves";
				id = "laxxf-t2wmy";
				devices = [ "steamdeck" "server" "pc" ];
				path = "${config.services.syncthing.dataDir}/steam-201810";
			};
			"retroarch"= {
			label = "RetroArch";
			id = "jxuou-2yjnu";
			devices = [ "steamdeck" "server" "pc" ];
			path = "${config.services.syncthing.dataDir}/retroarch";
		};
		};
	};
	systemd.services.syncthing.serviceConfig = {
		# Allow syncthing to change ownership of files
		AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
	};

	# Add a cname for syncthing
	services.dnsmasq.settings.cname = [ "sync.everest.sable-pancake.ts.net,everest" ];

	# Set up traefik as the reverse proxy for syncthing
	services.traefik = {
		dynamicConfigOptions = {
			http = {
				routers = {
					syncthing-subdomain = {
						rule = "Host(`sync.everest.sable-pancake.ts.net`)";
						service = "syncthing";
					};
				};
				services.syncthing.loadBalancer.servers = [
					{ url = "http://localhost:8384"; }
				];
			};
		};
	};
}