{
  inputs,
  pkgs,
  ...
}: {
  services.syncthing = {
    enable = true;
    openDefaultPorts = true;
    user = "y";
    dataDir = "/home/y/sync"; # default location for new folders
    # configDir = "/home/myusername/.config/syncthing";
    key = "/home/y/sync/key.pem";
    cert = "/home/y/sync/cert.pem";
    settings = {
      devices = {
        "phone" = {id = "TOBQJTK-QWVMMCN-7SJWXTL-FUKM4FB-ZTLGEL7-KEBTTB3-PC3WZOO-FLBW5A2 ";};
        "laptop" = {id = "INHTOYO-WNCIVPD-M27N2DY-2PJWVCV-FWYOCTQ-AWHBVIJ-4PRVAWR-E7PUTQ4";};
        # "desktop" = {id = "DEVICE-ID-GOES-HERE";};
      };
      folders = {
        "memes" = {
          path = "/home/y/sync/memes";
          devices = ["phone" "laptop"];
        };
        "creds" = {
          path = "/home/y/sync/creds";
          devices = ["phone" "laptop"];
          # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
          # ignorePerms = false;
        };
        "docs" = {
          path = "/home/y/sync/docs";
          devices = ["phone" "laptop"];
        };
        # "Sensitive" = {
        #   path = "/home/myusername/Sensitive";
        #   devices = [
        #     # We trust this device to have access
        #     # to the decrypted contents of this folder.
        #     "device1"
        #     # We do not trust this device, but we want to have another
        #     # (encrypted) copy of the data for redundancy/backup/sync purposes.
        #     {
        #       name = "device2";
        #       # encryptionPasswordFile is a path to a file containing the encryption password.
        #       # See below for information about managing secrets on NixOS.
        #       encryptionPasswordFile = "/run/secrets/st-sensitive-password";
        #     }
        #   ];
        # };
      };
    };
  };
}