{
  specialArgs,
  hostBridge,
  hostAddress,
  localAddress,
  syncthingPort ? 22000,
  syncthingLocalAnnouncePort ? 21027,
  smbTcpPort ? 445,
  autoStart ? false,
}:
{
  inherit specialArgs;
  config =
    { ... }:
    {
      system.stateVersion = "20.05"; # Did you read the comment?

      imports = [ ../profiles/containers/configuration.nix ];

      networking.firewall.allowedTCPPorts = [
        # syncthing gui
        8384
      ];

      services.syncthing = {
        enable = true;
        openDefaultPorts = true;
        guiAddress = "0.0.0.0:8384";
      };

      services.samba = {
        enable = true;
        securityType = "user";
        openFirewall = true;
        settings = {
          global = {
            "workgroup" = "DMZ";
            "server string" = "syncthing";
            "netbios name" = "syncthing";
            "security" = "user";
            #"use sendfile" = "yes";
            #"max protocol" = "smb2";
            # note: localhost is the ipv6 localhost ::1
            "hosts allow" = "192.168.23. 127.0.0.1 localhost";
            "hosts deny" = "0.0.0.0/0";
            "guest account" = "nobody";
            "map to guest" = "bad user";
          };
          "scan-stefan" = {
            "path" = "/var/lib/syncthing/Sync/Home::Scan::Stefan";
            "browseable" = "yes";
            "read only" = "no";
            "guest ok" = "no";
            "create mask" = "0644";
            "directory mask" = "0755";
            "force user" = "syncthing";
            "force group" = "syncthing";
          };

          "scan-justyna" = {
            "path" = "/var/lib/syncthing/Sync/Home::Scan::Justyna";
            "browseable" = "yes";
            "read only" = "no";
            "guest ok" = "no";
            "create mask" = "0644";
            "directory mask" = "0755";
            "force user" = "syncthing";
            "force group" = "syncthing";
          };
        };
      };


      # TODO: find out if smbpasswd file is still used and set it here. or find an alternative
      # sops.secrets.smbpasswd = {
      # };
      # environment.etc."samba/smbpasswd".source = config.sops.secrets.smbpasswd.text;
    };

  inherit autoStart;

  bindMounts = {
    "/var/lib/syncthing/" = {
      hostPath = "/var/lib/container-volumes/syncthing/var-lib-syncthing";
      isReadOnly = false;
    };
  };

  privateNetwork = true;
  forwardPorts = [
    {
      containerPort = 22000;
      hostPort = syncthingPort;
      protocol = "tcp";
    }
    {
      containerPort = 22000;
      hostPort = syncthingPort;
      protocol = "udp";
    }
    {
      containerPort = 21027;
      hostPort = syncthingLocalAnnouncePort;
      protocol = "udp";
    }
    {
      containerPort = 445;
      hostPort = smbTcpPort;
      protocol = "tcp";
    }
  ];

  inherit hostBridge hostAddress localAddress;
}