{ lib, config, ... }:
let
  enabled = config.mod.syncthing.enable;
in
{
  options = {
    mod.syncthing = {
      enable = lib.mkEnableOption "Enable syncthing module";
    };
  };

  config = lib.mkIf enabled {
    services.syncthing = {
      enable = true;

      cert = config.age.secrets.syncthing-cert.path;
      key = config.age.secrets.syncthing-key.path;

      user = "storage";
      group = "storage";

      dataDir = "/mnt/sync/public";

      guiAddress = "0.0.0.0:8384";

      settings = {
        gui = {
          user = "syncthing";
          password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
          insecureSkipHostcheck = false;
        };

        devices = {
          pinwheel.id = config.lib.syncthing.pinwheel;
        };

        folders = {
          org = {
            path = "/mnt/sync/public/org";
            devices = [
              "pinwheel"
            ];
            versioning = {
              type = "staggered";
              params = {
                maxage = "2592000"; # 30 days
              };
            };
          };
        };
      };
    };

    age = {
      secrets = {
        "syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
        "syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
      };
    };
  };
}