diff --git a/syncthing-vm-sharing.png b/syncthing-vm-sharing.png
new file mode 100644
index 0000000..047bb07
Binary files /dev/null and b/syncthing-vm-sharing.png differ
diff --git a/syncthing.md b/syncthing.md
new file mode 100644
index 0000000..7faf63b
--- /dev/null
+++ b/syncthing.md
@@ -0,0 +1,33 @@
+## syncthing Best-practise
+
+#### config
+syncthing works well under systemd context, especially under the user permission. The config is commonly under gnome located in `~/.conf/syncthing/`
+
+#### misbehaviour
+##### global state not equal to local state
+ - No elegant way to fix, delete instead the database and rebuild it all the way upp
+##### encrypted unnsynced files
+ - No elegant way to fix, delete thee file and mybe reupload all of the folder
+
+
+#### warpinator behaviour
+- use link-local IPv6 adresses based on the mac like `quic6://[fe80:abcd:ef01:2345:6789%25enp0s8]:22000`
+- reduce `fsWatcherDelayS`
+- disable globalAnnouncement
+- enable localAnnoucement and add multicastgroup? `[ff12::8384]:21027`
+- add local Relay if needed `relay://[fe80:abcd:ef01:2345:6789%25enp0s8]:22067/?id=ABCDEF-000000-111111-222222-333333-4444444-555555-666666`
+
+#### virtual machine ↔ host interconnect
+![syncthing-vm-sharing.png](./syncthing-vm-sharing.png)
+1. create separate vm which is connected to a host-only and the internal vm network
+
+
+#### extended hardening
+- set the `config.xml` to readonly and immutable
+- deactivate the network interface  for configuring
+- use https certifiicate 
+
+#### bugs and missbehaviour
+https://github.com/syncthing/syncthing/issues/7581
+https://github.com/syncthing/docs/issues/780
+announce interface identifier, either needs mapping to own interface or omit it in the hope, that the stack will track that
\ No newline at end of file