From 5a09bc627e5bb248dd38936bcac97cd7b7175b44 Mon Sep 17 00:00:00 2001
From: David Landry <david@dmwl.net>
Date: Sat, 25 May 2024 14:50:39 -0400
Subject: [PATCH] chore(syncthing): attempt to inject sops-encrypted secrets
 into syncthing's config folder

---
 apps/syncthing/base/sync-deployment.yaml      |   6 +-
 apps/syncthing/overlays/media/cert.sops.pem   |  20 +
 apps/syncthing/overlays/media/config.json     |  11 +
 apps/syncthing/overlays/media/config.xml      | 783 ++++++++++++++++++
 .../overlays/media/deployment-patch.yaml      |  24 +
 apps/syncthing/overlays/media/key.sops.pem    |  20 +
 .../overlays/media/kustomization.yaml         |  11 +
 apps/syncthing/overlays/media/secrets.yaml    |  15 +
 8 files changed, 887 insertions(+), 3 deletions(-)
 create mode 100644 apps/syncthing/overlays/media/cert.sops.pem
 create mode 100644 apps/syncthing/overlays/media/config.json
 create mode 100644 apps/syncthing/overlays/media/config.xml
 create mode 100644 apps/syncthing/overlays/media/deployment-patch.yaml
 create mode 100644 apps/syncthing/overlays/media/key.sops.pem
 create mode 100644 apps/syncthing/overlays/media/kustomization.yaml
 create mode 100644 apps/syncthing/overlays/media/secrets.yaml

diff --git a/apps/syncthing/base/sync-deployment.yaml b/apps/syncthing/base/sync-deployment.yaml
index cd51009..a3319ae 100644
--- a/apps/syncthing/base/sync-deployment.yaml
+++ b/apps/syncthing/base/sync-deployment.yaml
@@ -27,15 +27,15 @@ spec:
             - containerPort: 22000
               hostPort: 22000
               protocol: TCP
-              name: syncthing-tcp
+              name: sync-tcp
             - containerPort: 22000
               hostPort: 22000
               protocol: UDP
-              name: syncthing-quic
+              name: sync-quic
             - containerPort: 21027
               hostPort: 21027
               protocol: UDP
-              name: syncthing-discovery
+              name: sync-discovery
             - containerPort: 8384
               name: http
           volumeMounts:
diff --git a/apps/syncthing/overlays/media/cert.sops.pem b/apps/syncthing/overlays/media/cert.sops.pem
new file mode 100644
index 0000000..f2a484a
--- /dev/null
+++ b/apps/syncthing/overlays/media/cert.sops.pem
@@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:uVfizKnFIFJStCPtdNEJBe4apghX/DbJim4kM75KtuL/TQJ/WJ8Cas5o2Q1cwMggkpuSLCyo6BUwWQoYjSvTonVkFU26O8n2m1Y62Lukg7fOY2ZYvzj79c+YlWPDGstdh1CtGMPdgmZfmC/YlJDyXxx/it4jiCvK2ADF4s+HECfwgOyN5YMwrliPgj3J3maVQAMjnDcs540k1uh3l8bWA+keLE9bqSIEZSQ/e/RkaZ02JDYssFEhCTWBY9RYzaQ5DvXvN8UjdeCz5EtfSeZICxitvkYPjEfLZ9CNAhVnnGTM8/6p1xWNiEnnSwrNqpJ+zK3cixkQNlTgcDA8tcOtTzqU8POtj5itOrJV0mCwpyArK2DfungDR4P0nVlBBuqPxiWjufpDxUfg+IPFhxFKHHGZaOvDZfiXwT/mZFwp31wUbdaKLQkqWAHcAyUN/pabjWzOhSdCWEFh/VlPX4a1CW/yl8YYPEqGz4gzJ9SUM29cUH4GoyLksC/bFf5J92sZ50dj5QD12duuVqYmJGLqTphSjsnRv7AO4EdpFSvO69WoxzkcGzx92dK5mw4RcuW5SCEfu4XaZWCVLCBpnp9Rl3R6BPUdckh5nbDp6L99++swgReZ4z4wWgeUZ60yTgcO+wH5FBGIWBTNlA8Z+C/d3ZGboU4zGqIr6X3ohDu/jKjgA0+2OBcEXPm/zHp2QfqQmUk48AlDUnxcX7wGEB4l48ErBNjhyreNWkmuoZtLwdQUeQc+vstnLOdx3sbMEUVEvyvZVzTfLMhJvkCfFjZyIF7fynNtvMn8wnUSumPkGQ5FqVh1uNnX,iv:zsUQSb6qkBpr5TLYy0FCV4X6b4exTYxmlp+q5wCZoCw=,tag:EIPkQItZvaLUkm9HoQdILw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByYnVhODBJV091cXFTbk13\nWUhWREgvMTlGSUtxRUptazA3OUlONjZMV0g0CmhwTFJiZk1zZjA2a2RncHNmdmZX\nckRyNVpPWVJsTlp5ZDlaWWhHcG5TQzgKLS0tIC9EUEFJOFlBWVBVc285RzdYVXlq\nc0RBRW5SNy9wL2s2Q0Fpa21JREVwVlkKIHnlUKipzptrJUyzQumGiSRVm+hsEuq8\n+o7772jG0rwsLt0xQ3cKaQP2Rfeiul3QQXde7bEuT8T/iN6fBZPYkg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-05-25T13:09:08Z",
+		"mac": "ENC[AES256_GCM,data:c84fztj6EhtZtm9IdIy3qEq0EFjl4Id5IG1B8kaZChnScTNFLTKb8Hlbc6GMVFM11FfOjscfe6/oa1eZAk6bM4V0LNFi5ysXIbByPcUy5ZaA1agUtSKOlQOD0lIaONhzaAVuQWD7W7m7vz1nYVoUEBNvFplkoZqVgllenJiq4Jo=,iv:CeOKU8Vfls5Bc//n/uTKNJlz6ZwtNskPVj7Da3otw0U=,tag:wkh25T/s1p+oRRuAlYQdZw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file
diff --git a/apps/syncthing/overlays/media/config.json b/apps/syncthing/overlays/media/config.json
new file mode 100644
index 0000000..7ab532f
--- /dev/null
+++ b/apps/syncthing/overlays/media/config.json
@@ -0,0 +1,11 @@
+{
+  "appName": "syncthing",
+  "userGivenName": "syncthing",
+  "destNamespace": "media",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/syncthing/overlays/media",
+  "srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}
diff --git a/apps/syncthing/overlays/media/config.xml b/apps/syncthing/overlays/media/config.xml
new file mode 100644
index 0000000..6a64a88
--- /dev/null
+++ b/apps/syncthing/overlays/media/config.xml
@@ -0,0 +1,783 @@
+<configuration version="37">
+    <folder id="44txc-mcfw9" label="Dropbox" path="~/Sync/Dropbox" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="EP5HNDF-DLV3X6X-AMY2QKO-IALGPD4-4GBCK6Y-WALAXG4-P2ISU2Y-GO7JPQ6" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="KMW6CAQ-MJVFGTJ-7WUDRLG-WFAXZKH-WFYA3H3-ACLUIWS-6AIFHC4-XJ32ZAN" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="M6F45CW-FKBPJAL-J6SAYUU-7NANRZ6-MPX2FKZ-IPJ6FZG-ETXPFLS-WELI7QV" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="Y7762UE-6FH6ASG-HKU2VMZ-XVAVW3V-GQU3IPD-LINHD3F-VTV55I6-NXSXGQA" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>0</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="5ys6k-kh4sl" label="Research" path="/var/syncthing/Sync/Research" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="fodkr-lhjaw" label="Joint" path="/var/syncthing/Sync/Joint" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="EP5HNDF-DLV3X6X-AMY2QKO-IALGPD4-4GBCK6Y-WALAXG4-P2ISU2Y-GO7JPQ6" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="KMW6CAQ-MJVFGTJ-7WUDRLG-WFAXZKH-WFYA3H3-ACLUIWS-6AIFHC4-XJ32ZAN" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="M6F45CW-FKBPJAL-J6SAYUU-7NANRZ6-MPX2FKZ-IPJ6FZG-ETXPFLS-WELI7QV" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="Y7762UE-6FH6ASG-HKU2VMZ-XVAVW3V-GQU3IPD-LINHD3F-VTV55I6-NXSXGQA" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="mca5s-rtykg" label="Personal" path="~/Sync/Personal" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="KMW6CAQ-MJVFGTJ-7WUDRLG-WFAXZKH-WFYA3H3-ACLUIWS-6AIFHC4-XJ32ZAN" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="nqdjm-vj6af" label="Freelance" path="/var/syncthing/Sync/Freelance" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="KMW6CAQ-MJVFGTJ-7WUDRLG-WFAXZKH-WFYA3H3-ACLUIWS-6AIFHC4-XJ32ZAN" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="pepid-gjr7f" label="Vanese&#39;s Wedding" path="/var/syncthing/Sync/Vanese&#39;s Wedding" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="EP5HNDF-DLV3X6X-AMY2QKO-IALGPD4-4GBCK6Y-WALAXG4-P2ISU2Y-GO7JPQ6" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="pixel-photos" label="Pixel Camera" path="~/Sync/Pixel Camera" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="wfm5n-ywqyf" label="Words" path="/var/syncthing/Sync/Words" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="wm9gg-gnmys" label="Avanade" path="/var/syncthing/Sync/Avanade" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="C4PWQ2E-P6R3EKU-PUBUGSO-UIAUQ7A-B7ZFHOC-6RZ6MNU-CTGLTME-KI6PAQU" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="KMW6CAQ-MJVFGTJ-7WUDRLG-WFAXZKH-WFYA3H3-ACLUIWS-6AIFHC4-XJ32ZAN" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="TUX2R4X-FK7IGLF-X2WVJVM-J5PONPP-YWDZYJH-RISJ5KW-ZPAKWH2-YZVFVAS" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="3E6EYPO-5X6QHWQ-D2NDMKK-DBWZLJ7-CMHDCDE-PXFZRZZ-XS46BJR-5ZDGUA6" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="wt8xy-9ayjz" label="ESA-TA" path="~/Sync/ESA-TA" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="xsdrc-txqdr" label="MAAS Cluster" path="/var/syncthing/Sync/MAAS Cluster" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>-1</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>true</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>0</maxSingleEntrySize>
+            <maxTotalSize>0</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <device id="C4PWQ2E-P6R3EKU-PUBUGSO-UIAUQ7A-B7ZFHOC-6RZ6MNU-CTGLTME-KI6PAQU" name="Avanade MBP" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="EP5HNDF-DLV3X6X-AMY2QKO-IALGPD4-4GBCK6Y-WALAXG4-P2ISU2Y-GO7JPQ6" name="Luther" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="PZWJB3G-3QHKOZE-33GNYOO-7TEGIGW-SZHATNG-3GE2D2C-WDOFQSY-3KWVVQB">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB" name="eir" compression="metadata" introducer="true" skipIntroductionRemovals="false" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>true</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="KMW6CAQ-MJVFGTJ-7WUDRLG-WFAXZKH-WFYA3H3-ACLUIWS-6AIFHC4-XJ32ZAN" name="davad-mpb.local" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU" name="thor" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="M6F45CW-FKBPJAL-J6SAYUU-7NANRZ6-MPX2FKZ-IPJ6FZG-ETXPFLS-WELI7QV" name="loki" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="PBSMF7G-CJQICRQ-D23OQPE-QUSDML7-OAVC22M-ZI7GFNH-K4RHFFY-PKDRHAK" name="tyr.local" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="TUX2R4X-FK7IGLF-X2WVJVM-J5PONPP-YWDZYJH-RISJ5KW-ZPAKWH2-YZVFVAS" name="Pixel 6 Pro" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" name="dmwl-nas" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="Y7762UE-6FH6ASG-HKU2VMZ-XVAVW3V-GQU3IPD-LINHD3F-VTV55I6-NXSXGQA" name="Jessicas-Air.local" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="LU6ULRW-D4LMTY6-E5FFS74-T7HIZ5Z-QBLZ47S-VKUCIX4-6MHP7JI-337NNAU">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="3E6EYPO-5X6QHWQ-D2NDMKK-DBWZLJ7-CMHDCDE-PXFZRZZ-XS46BJR-5ZDGUA6" name="Pixel 3 XL" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="JHS4ID2-AVIGIJS-VQMXDKB-PDWVVL6-FSL7RY4-GG54ZJJ-BOEEMGR-6E6ZDQB">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <gui enabled="true" tls="false" debugging="false">
+        <address>0.0.0.0:8384</address>
+        <user>admin</user>
+        <password>$2a$10$dd/m.ut08qmfEhEA71J1..ZEXaed6XVK4gnE0oQOyz3awkjVU5vte</password>
+        <apikey>94Ne6vTVebdMXsZgauKv5tohwpdvdRsN</apikey>
+        <theme>default</theme>
+    </gui>
+    <ldap></ldap>
+    <options>
+        <listenAddress>default</listenAddress>
+        <globalAnnounceServer>default</globalAnnounceServer>
+        <globalAnnounceEnabled>true</globalAnnounceEnabled>
+        <localAnnounceEnabled>true</localAnnounceEnabled>
+        <localAnnouncePort>21027</localAnnouncePort>
+        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <reconnectionIntervalS>60</reconnectionIntervalS>
+        <relaysEnabled>true</relaysEnabled>
+        <relayReconnectIntervalM>10</relayReconnectIntervalM>
+        <startBrowser>true</startBrowser>
+        <natEnabled>true</natEnabled>
+        <natLeaseMinutes>60</natLeaseMinutes>
+        <natRenewalMinutes>30</natRenewalMinutes>
+        <natTimeoutSeconds>10</natTimeoutSeconds>
+        <urAccepted>3</urAccepted>
+        <urSeen>3</urSeen>
+        <urUniqueID>DEeXiP4q</urUniqueID>
+        <urURL>https://data.syncthing.net/newdata</urURL>
+        <urPostInsecurely>false</urPostInsecurely>
+        <urInitialDelayS>1800</urInitialDelayS>
+        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
+        <upgradeToPreReleases>false</upgradeToPreReleases>
+        <keepTemporariesH>24</keepTemporariesH>
+        <cacheIgnoredFiles>false</cacheIgnoredFiles>
+        <progressUpdateIntervalS>5</progressUpdateIntervalS>
+        <limitBandwidthInLan>false</limitBandwidthInLan>
+        <minHomeDiskFree unit="%">1</minHomeDiskFree>
+        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
+        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
+        <tempIndexMinBlocks>10</tempIndexMinBlocks>
+        <trafficClass>0</trafficClass>
+        <setLowPriority>true</setLowPriority>
+        <maxFolderConcurrency>0</maxFolderConcurrency>
+        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
+        <crashReportingEnabled>true</crashReportingEnabled>
+        <stunKeepaliveStartS>180</stunKeepaliveStartS>
+        <stunKeepaliveMinS>20</stunKeepaliveMinS>
+        <stunServer>default</stunServer>
+        <databaseTuning>auto</databaseTuning>
+        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
+        <announceLANAddresses>true</announceLANAddresses>
+        <sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
+        <connectionLimitEnough>0</connectionLimitEnough>
+        <connectionLimitMax>0</connectionLimitMax>
+        <insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
+        <connectionPriorityTcpLan>10</connectionPriorityTcpLan>
+        <connectionPriorityQuicLan>20</connectionPriorityQuicLan>
+        <connectionPriorityTcpWan>30</connectionPriorityTcpWan>
+        <connectionPriorityQuicWan>40</connectionPriorityQuicWan>
+        <connectionPriorityRelay>50</connectionPriorityRelay>
+        <connectionPriorityUpgradeThreshold>0</connectionPriorityUpgradeThreshold>
+    </options>
+    <remoteIgnoredDevice time="2019-04-04T22:41:32.499Z" id="U62Y77H-H2F3QKH-DXTPFFZ-CQ4WA4W-K3XKRQH-HI3HB6H-ORLEZCI-VMICMQG" name="lens-solidworks" address="96.231.19.84:22067"></remoteIgnoredDevice>
+    <defaults>
+        <folder id="" label="" path="~/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+            <filesystemType>basic</filesystemType>
+            <device id="WQ3AREK-ZJZKJRP-B3XXEXR-UJNOCUM-QFYK5XN-THCXKZL-6OLKJ3F-EK7XRAX" introducedBy="">
+                <encryptionPassword></encryptionPassword>
+            </device>
+            <minDiskFree unit="%">1</minDiskFree>
+            <versioning>
+                <cleanupIntervalS>3600</cleanupIntervalS>
+                <fsPath></fsPath>
+                <fsType>basic</fsType>
+            </versioning>
+            <copiers>0</copiers>
+            <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+            <hashers>0</hashers>
+            <order>random</order>
+            <ignoreDelete>false</ignoreDelete>
+            <scanProgressIntervalS>0</scanProgressIntervalS>
+            <pullerPauseS>0</pullerPauseS>
+            <maxConflicts>10</maxConflicts>
+            <disableSparseFiles>false</disableSparseFiles>
+            <disableTempIndexes>false</disableTempIndexes>
+            <paused>false</paused>
+            <weakHashThresholdPct>25</weakHashThresholdPct>
+            <markerName>.stfolder</markerName>
+            <copyOwnershipFromParent>false</copyOwnershipFromParent>
+            <modTimeWindowS>0</modTimeWindowS>
+            <maxConcurrentWrites>2</maxConcurrentWrites>
+            <disableFsync>false</disableFsync>
+            <blockPullOrder>standard</blockPullOrder>
+            <copyRangeMethod>standard</copyRangeMethod>
+            <caseSensitiveFS>false</caseSensitiveFS>
+            <junctionsAsDirs>false</junctionsAsDirs>
+            <syncOwnership>false</syncOwnership>
+            <sendOwnership>false</sendOwnership>
+            <syncXattrs>false</syncXattrs>
+            <sendXattrs>false</sendXattrs>
+            <xattrFilter>
+                <maxSingleEntrySize>1024</maxSingleEntrySize>
+                <maxTotalSize>4096</maxTotalSize>
+            </xattrFilter>
+        </folder>
+        <device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+            <address>dynamic</address>
+            <paused>false</paused>
+            <autoAcceptFolders>false</autoAcceptFolders>
+            <maxSendKbps>0</maxSendKbps>
+            <maxRecvKbps>0</maxRecvKbps>
+            <maxRequestKiB>0</maxRequestKiB>
+            <untrusted>false</untrusted>
+            <remoteGUIPort>0</remoteGUIPort>
+        </device>
+        <ignores></ignores>
+    </defaults>
+</configuration>
diff --git a/apps/syncthing/overlays/media/deployment-patch.yaml b/apps/syncthing/overlays/media/deployment-patch.yaml
new file mode 100644
index 0000000..18471c0
--- /dev/null
+++ b/apps/syncthing/overlays/media/deployment-patch.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: syncthing
+spec:
+  template:
+    containers:
+      - name: syncthing
+        volumeMounts:
+          - name: sync-keys
+            mountPath: /var/syncthing/config/cert.pem
+            subPath: cert.pem
+            readOnly: true
+          - name: sync-keys
+            mountPath: /var/syncthing/config/key.pem
+            readOnly: true
+            subPath: key.pem
+    volumes:
+      - name: sync-keys
+        secret:
+          secretName: sync-secret
+          items:
+            - key: cert.pem
+            - key: key.pem
diff --git a/apps/syncthing/overlays/media/key.sops.pem b/apps/syncthing/overlays/media/key.sops.pem
new file mode 100644
index 0000000..3d313ab
--- /dev/null
+++ b/apps/syncthing/overlays/media/key.sops.pem
@@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:UeRToJkSGyQUd7AS/5B1ksjtwzwhSrEGNySX/qfqoByWOiTFy+slinkbDRj1Xb/xcqM92/nq3CF1m5K2Kyg+XiixFSh/RTTe9NV8julJqNQ6sMtlGmp+cFh8BwESTqdwqusjS0OztNdInvdzpm2+vfRY5lccwRrqSElobTZ2mr9zewJmIb6BBWyKf4NoTu5vvxGLsTe+caaX4RDjFnsDA7jD3kHKNkk7O8wMVhpf0dYF0xDQUp/BHVRpGQlOidNzCpisDs/Ww1JuXoR2/comp70qTR13mD2EIv3pITyRTVUKzYY7nI3LqDNxr7pUi78Q5gJRayW/TGSejJnMlnCQBvy7axRS94TpmDMBD3OhY5d//sU8l1qJp9bAPZ+cQy52,iv:isJiH3XpfLXflLjwbpeW1/T9OK7JAVEZgKwhNW1oeFU=,tag:j1ozcySXkqPGB1+kCmpNQw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaFdsNW1CYzZQR29SSldV\nSEdudDVHS01vOGRicHhGUjFQb3pwNlBzUUhrCk52YW83VmpLYlBuc2xqWCtadXc0\nK0NJR1JiYUZhak1mSXp2T3dmcXVDTzAKLS0tIFR0dFJZdjMvdWF1QVZTU3pZNG9L\nUXcvSUZUTGZyeVJEVlFoTnVtMXZJL0UKC6Ddfsg6346q2ozfx0v4VbtE099q2SgE\nteD2nQXqGIuVTdifmUWPb4kwRBeb8Zk1w7F5ELME3UQOGVPvGiJB/Q==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-05-25T13:09:11Z",
+		"mac": "ENC[AES256_GCM,data:GGcmvaZ/h5OMfeNY7EzMGYCFPYnxtce/5yqGvdf6pGwCDGLIBBXSQzYRKCOz4knCFTho1ka9EQAj24EM/z3qz7cGDTbU96WoxZaEaknAY6EaI9SjNxhFJNf1KFgmf6eOimDTLNfieG81jL10i/fAyXV+qgd1s/okDDs2C/pGyRA=,iv:kdfbAtaFeA/pQWwVkJRm3uVNoD/BFz08kFBiekM5lQo=,tag:C+4DNsbG8G0Vm9TbBIti3w==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file
diff --git a/apps/syncthing/overlays/media/kustomization.yaml b/apps/syncthing/overlays/media/kustomization.yaml
new file mode 100644
index 0000000..cf89748
--- /dev/null
+++ b/apps/syncthing/overlays/media/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+generators:
+  - secrets.yaml
+
+patches:
+  - path: deployment-patch.yaml
diff --git a/apps/syncthing/overlays/media/secrets.yaml b/apps/syncthing/overlays/media/secrets.yaml
new file mode 100644
index 0000000..ea9ed74
--- /dev/null
+++ b/apps/syncthing/overlays/media/secrets.yaml
@@ -0,0 +1,15 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: ksops-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ksops
+secretFrom:
+  - metadata:
+      name: sync-secret
+    type: Opaque
+    binaryFiles:
+      - cert.pem=./cert.sops.pem
+      - key.pem=./key.sops.pem