diff --git a/hosts/orion/system.nix b/hosts/orion/system.nix
index f698bd1..1e043ff 100644
--- a/hosts/orion/system.nix
+++ b/hosts/orion/system.nix
@@ -10,6 +10,7 @@
     ../../modules/nixos/caddy.nix
     ../../modules/nixos/bitwarden.nix
     ../../modules/nixos/firewall.nix
+    ../../modules/nixos/syncthing.nix
     ../../modules/nixos/filebrowser.nix
     ../../modules/nixos/home-assistant.nix
     ../../modules/nixos/radicale.nix
diff --git a/modules/home-manager/desktop.nix b/modules/home-manager/desktop.nix
index 8d7dc7b..46cd67e 100644
--- a/modules/home-manager/desktop.nix
+++ b/modules/home-manager/desktop.nix
@@ -23,9 +23,9 @@
     ./kitty.nix
     ./lazygit.nix
     ./nh.nix
-    ./rclone.nix
     ./spicetify.nix
     ./ssh.nix
+    ./syncthing.nix
     ./thunar.nix
     ./thunderbird.nix
     ./todoman.nix
diff --git a/modules/nixos/desktop.nix b/modules/nixos/desktop.nix
index bcdbc50..50a9047 100644
--- a/modules/nixos/desktop.nix
+++ b/modules/nixos/desktop.nix
@@ -9,5 +9,6 @@
     ./hyprland.nix
     ./printing.nix
     ./systemd-boot.nix
+    ./syncthing.nix
   ];
 }
diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix
new file mode 100644
index 0000000..5666690
--- /dev/null
+++ b/modules/nixos/syncthing.nix
@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  username = config.var.username;
+  hostname = config.var.hostname;
+  isOrion = hostname == "orion";
+
+  # On desktops, sync to home directory. On server, sync to filebrowser storage.
+  syncPath = if isOrion then "/var/lib/filebrowser/files" else "/home/${username}/sync";
+  group = if isOrion then "filebrowser" else "users";
+in
+{
+  # 1. Firewall rules for synchronization
+  networking.firewall = {
+    allowedTCPPorts = [ 22000 ];
+    allowedUDPPorts = [
+      22000
+      21027
+    ];
+  };
+
+  # 3. Syncthing Service Configuration
+  services.syncthing = {
+    enable = true;
+
+    user = username;
+    group = group;
+
+    overrideDevices = true; # Overrides any devices added via Web UI
+    overrideFolders = true; # Overrides any folders added via Web UI
+
+    settings = {
+      devices = config.var.syncthing.devices;
+
+      folders = {
+        "sync" = {
+          path = syncPath;
+          devices = builtins.attrNames config.var.syncthing.devices; # Share with all defined devices
+          # Ensure new files are readable by the group (chmod 770 approx)
+          ignorePerms = false;
+        };
+      };
+
+      gui = {
+        # access the GUI on localhost:8384
+        theme = "black";
+      };
+    };
+  };
+
+  # 4. Permission Hardening for Orion
+  # Force syncthing to write files with group-write permissions (007 umask = 770 perms)
+  systemd.services.syncthing.serviceConfig.UMask = lib.mkIf isOrion "0007";
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/syncthing 0700 ${username} ${group} -"
+  ];
+}
diff --git a/modules/variables.nix b/modules/variables.nix
index ab6fe4c..ee5e5ca 100644
--- a/modules/variables.nix
+++ b/modules/variables.nix
@@ -25,6 +25,17 @@
       browser = "brave";
     };
 
+    syncthing = {
+      devices = {
+        "altair" = {
+          id = "HDHWROJ-ZLNQKCL-PN6WGHA-IGJHIRI-3UHDYUU-LUJHYK4-UMKWLAZ-VFISJQF";
+        };
+        "orion" = {
+          id = "7ESQ3BX-FEW7656-ZPT3CKF-FLXON26-HXRNTDW-THSJBNF-LFWCHFB-ASP4WAG";
+        };
+      };
+    };
+
     autoUpgrade = false;
     autoGarbageCollector = true;
   };