{ flake, config, ... }:
let
  inherit (flake.config.machines.devices)
    synology
    phone
    mars
    ceres
    ;
  inherit (flake.config.services)
    instances
    ;
  hostname = config.networking.hostName;
  localhost = instances.web.localhost.address1;
  service = instances.syncthing;
  postgres = instances.postgresql;
  forgejo = instances.forgejo;
  backupPath = "${service.paths.path1}";

  syncDevices = {
    synologySync = {
      ${synology.name} = {
        autoAcceptFolders = true;
        name = synology.name;
        addresses = [
          "tcp://${synology.ip.address0}:${toString service.ports.port2}"
        ];
        id = synology.sync.address0;
      };
    };

    phoneSync = {
      ${phone.name} = {
        autoAcceptFolders = true;
        name = phone.name;
        addresses = [
          "tcp://${phone.ip.address0}:${toString service.ports.port2}"
        ];
        id = phone.sync.address0;
      };
    };
  };
in
{
  services = {
    syncthing = {
      enable = true;
      overrideDevices = false;
      overrideFolders = false;
      openDefaultPorts = true;
      systemService = true;
      guiAddress = "${localhost}:${toString service.ports.port0}";
      settings = {
        devices =
          if hostname == mars.name then
            syncDevices.phoneSync // syncDevices.synologySync
          else if hostname == ceres.name then
            syncDevices.synologySync
          else
            { };
      };
    };
  };

  systemd.tmpfiles.rules = [
    # Main syncthing directory
    "d ${service.paths.path0} 0755 ${service.name} ${service.name} -"

    # Backup directories
    "d ${backupPath} 0755 ${service.name} ${service.name} -"
    "d ${backupPath}/${postgres.name} 0755 ${postgres.name} ${service.name} -"
    "d ${backupPath}/${forgejo.name} 0750 ${forgejo.name} ${service.name} -"
  ];

  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
        service.ports.port1
        service.ports.port2
      ];
    };
  };
}