{ config, ... }:

{
	age.secrets = {
		syncthingKey.file = ../../secrets/syncthing/key;
		syncthingCert.file = ../../secrets/syncthing/cert;
	};
	services.syncthing = {
		enable = true;
		key = config.age.secrets.syncthingKey.path;
		cert = config.age.secrets.syncthingCert.path;
		guiAddress = "0.0.0.0:8384";
		folders = {
			"passwords" = {
				path = "${config.services.syncthing.dataDir}/passwords";
			};
		};
	};

	# Set up traefik as the reverse proxy for syncthing
	services.traefik = {
		dynamicConfigOptions = {
			http = {
				routers = {
					syncthing-subpath = {
						middlewares = [ "syncthing-strip-prefix" ];
						rule = "PathPrefix(`/syncthing/`)";
						service = "syncthing";
					};
				};
				services.syncthing.loadBalancer.servers = [
					{ url = "http://localhost:8384"; }
				];
				middlewares.syncthing-strip-prefix.stripprefix.prefixes = "/syncthing";
			};
		};
	};
}