diff --git a/sys/platforms/vps/srv/default.nix b/sys/platforms/vps/srv/default.nix
index cf7adb0..5fedff9 100644
--- a/sys/platforms/vps/srv/default.nix
+++ b/sys/platforms/vps/srv/default.nix
@@ -21,5 +21,6 @@ with lib; {
     ./trilium.nix
     # ./firefly.nix gnucash is better
     ./roundcube.nix
+    ./syncthing.nix
   ];
 }
diff --git a/sys/platforms/vps/srv/syncthing.nix b/sys/platforms/vps/srv/syncthing.nix
new file mode 100644
index 0000000..0f08487
--- /dev/null
+++ b/sys/platforms/vps/srv/syncthing.nix
@@ -0,0 +1,44 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  users.groups.syncthingnginx.members = ["acme" "syncthing" "nginx"];
+  security.acme.certs."cloud.posixlycorrect.com".group = "syncthingnginx";
+
+  networking.firewall.allowedTCPPorts = [22000];
+  networking.firewall.allowedUDPPorts = [22000 21027];
+
+  services = {
+    nginx = {
+      virtualHosts."cloud.posixlycorrect.com" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8384";
+        };
+      };
+    };
+
+    syncthing = {
+      enable = true;
+      systemService = true;
+      overrideFolders = false;
+      overrideDevices = false;
+      openDefaultPorts = false;
+      key = "/var/lib/acme/cloud.posixlycorrect.com/key.pem";
+      cert = "/var/lib/acme/cloud.posixlycorrect.com/cert.pem";
+      guiAddress = "127.0.0.1:8384";
+      settings = {
+        options = {
+          urAccepted = -1;
+        };
+      };
+    };
+  };
+}