diff --git a/configuration.nix b/configuration.nix
index 2576194..20073cc 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -27,6 +27,7 @@ in
     (import ./sourcehut.nix { inherit base-domain; })
     (import ./paperless.nix { inherit base-domain lib; })
     (import ./mailserver.nix { inherit base-domain; })
+    (import ./syncthing.nix { inherit base-domain; })
 
     ./userprogs.nix
   ];
diff --git a/firewall.nix b/firewall.nix
index 2f3ffbe..9ad7ab3 100644
--- a/firewall.nix
+++ b/firewall.nix
@@ -1,8 +1,8 @@
 {
   networking.firewall = {
     enable = true;
-    allowedTCPPorts = [ 22 80 443 21 25 465 587 143 993 995 110 ];
-    allowedUDPPorts = [ 22 80 443 25 465 587 143 993 995 110 ];
+    allowedTCPPorts = [ 22 80 443 21 25 465 587 143 993 995 110 22000 ];
+    allowedUDPPorts = [ 22 80 443 25 465 587 143 993 995 110 22000 ];
     allowedTCPPortRanges = [
       # vsftpd passive
       {
diff --git a/nginx.nix b/nginx.nix
index 31d5767..a30b407 100644
--- a/nginx.nix
+++ b/nginx.nix
@@ -26,6 +26,13 @@
           proxyPass = "http://localhost:28981";
         };
       };
+      "syncthing.${base-domain}" = { 
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://syncthing.${base-domain}:8384";
+        };
+      };
     };
   };
 }
diff --git a/syncthing.nix b/syncthing.nix
new file mode 100644
index 0000000..5d099ad
--- /dev/null
+++ b/syncthing.nix
@@ -0,0 +1,10 @@
+{ base-domain, ... }:
+let
+  fqdn = "syncthing.${base-domain}:8384";
+in
+{
+  services.syncthing = {
+    enable = true;
+    guiAddress = fqdn;
+  };
+}