{ config, ... }:

{
	services.syncthing = {
		enable = true;
		user = "toast";
		group = "users";
		dataDir = config.users.users.toast.home;
		settings.folders."passwords".path = "~/Documents/Passwords";
	};
	# Allow regular users to stop syncthing
	# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
	security.polkit.extraConfig = ''
		polkit.addRule(function(action, subject) {
			if (
				action.id == "org.freedesktop.systemd1.manage-units" &&
				action.lookup("unit") == "syncthing.service" &&
				subject.user == "${config.services.syncthing.user}"
			)
			{
				return polkit.Result.YES;
			}
		})
	'';
}