## syncthing Best-practise

#### config
syncthing works well under systemd context, especially under the user permission. The config is commonly under gnome located in `~/.conf/syncthing/`

#### misbehaviour
##### global state not equal to local state
- No elegant way to fix, delete instead the database and rebuild it all the way upp
##### encrypted unnsynced files
- No elegant way to fix, delete thee file and mybe reupload all of the folder

#### warpinator behaviour
- use link-local IPv6 adresses based on the mac like `quic6://[fe80:abcd:ef01:2345:6789%25enp0s8]:22000`
- reduce `fsWatcherDelayS`
- disable globalAnnouncement
- enable localAnnoucement and add multicastgroup? `[ff12::8384]:21027`
- add local Relay if needed `relay://[fe80:abcd:ef01:2345:6789%25enp0s8]:22067/?id=ABCDEF-000000-111111-222222-333333-4444444-555555-666666`

#### virtual machine ↔ host interconnect
![syncthing-vm-sharing.png](./syncthing-vm-sharing.png)
1. create separate vm which is connected to a host-only and the internal vm network

#### extended hardening
- set the `config.xml` to readonly and immutable
- deactivate the network interface  for configuring
- use https certifiicate 

#### bugs and missbehaviour
https://github.com/syncthing/syncthing/issues/7581
https://github.com/syncthing/docs/issues/780
announce interface identifier, either needs mapping to own interface or omit it in the hope, that the stack will track that