{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027, autoStart ? false }:

{

  config = { config, pkgs, ... }: {
    system.stateVersion = "20.05"; # Did you read the comment?

    imports = [ ../profiles/containers/configuration.nix ];

    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [
      # syncthing gui
      8384
    ];

    services.syncthing = {
      enable = true;
      openDefaultPorts = true;
      guiAddress = "0.0.0.0:8384";
    };
  };

  inherit autoStart;

  bindMounts = {
    "/var/lib/syncthing/" = {
      hostPath = "/var/lib/container-volumes/syncthing/var-lib-syncthing";
      isReadOnly = false;
    };
  };

  extraFlags = [ "--resolv-conf=bind-host" ];

  privateNetwork = true;
  forwardPorts = [
    {
      containerPort = 22000;
      hostPort = syncthingPort;
      protocol = "tcp";
    }
    {
      containerPort = 21027;
      hostPort = syncthingLocalAnnouncePort;
      protocol = "tcp";
    }
  ];

  inherit hostAddress localAddress;
}