{ config, pkgs, lib, user, host, secrets, ...}:
let 
  # helper funcitons
  conv = _: device: with device; { "${name}" = {id = id;};}; 
  justname = devices: (builtins.map (device: device.name)) devices;
  todevice = key: name: { inherit name; id = secrets.syncthing.id.${key}; };
  
  devices = builtins.mapAttrs todevice {
    north = "NxNORTH";
    xps = "NxXPS";
    ace = "NxACE";
    s21u = "NxS21U";
    diane = "diane";
    daniel = "daniel";
    tessa = "tessa";
    georg = "georg";
  };

  dirs = {
    default = { name = "sync"; path = "/home/${user}/sync"; };
  };
  cd = "/home/${user}/.config/syncthing";
in 
lib.mkIf (user != "tv")
{

  sops.secrets = {
    "syncthing/${host}-cert.pem" = {
      owner = user;
      # path = "/home/${user}/.config/syncthing/cert.pem";
    };
    "syncthing/${host}-key.pem" = {
      owner = user;
      # path = "/home/${user}/.config/syncthing/key.pem";
    };
  };

  services.syncthing = with (builtins.mapAttrs conv devices); {
    enable = true;
    user = "${user}";
    dataDir = "/home/${user}/.local/share/syncthing"; # useless ?
    configDir = cd; 
    # key = "/home/${user}/.config/syncthing/key.pem";
    # cert = "/home/${user}/.config/syncthing/cert.pem";
    key = config.sops.secrets."syncthing/${host}-key.pem".path;
    cert = config.sops.secrets."syncthing/${host}-cert.pem".path;
    overrideDevices = true;    
    overrideFolders = true;    
    guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
    settings = {
      devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then (
        north // ace // s21u
      ) else if (host == "NxNORTH") then (        
        xps // ace // s21u
      ) else (
        north // xps // s21u // diane // daniel // tessa // georg 
      );
      folders = with dirs; if (host == "NxXPS") then {
        "${default.name}" = {        
          path = default.path;
          devices = with devices; (justname [ north ace s21u ]);     
        };
      } else if (host == "NxNORTH") then {
        "${default.name}" = {        
          path = default.path;
          devices = with devices; (justname [  s21u ]);
          # devices = with devices; (justname [ xps ace s21u ]);
        };
      } else {
        "${default.name}" = {        
          path = default.path;
          devices = with devices; (justname [ xps north s21u ]);
        };
      };
      gui = {
        theme = "black";
        user = user;
        password = secrets.syncthing.gui-password; # option to use a file is till in the works... https://github.com/NixOS/nixpkgs/issues/85336
      };
    };
  };

  systemd.services."syncthing".after = [ "sops-nix.service" ];
}