diff --git a/roles/alpina/tasks/main.yml b/roles/alpina/tasks/main.yml
index a272946..c239c70 100644
--- a/roles/alpina/tasks/main.yml
+++ b/roles/alpina/tasks/main.yml
@@ -29,6 +29,7 @@
     stacks:
       - gitea
       - woodpecker
+      - syncthing
       - nextcloud
       - jellyfin
       - arrstack
diff --git a/roles/alpina/templates/apps/syncthing/compose.yml.j2 b/roles/alpina/templates/apps/syncthing/compose.yml.j2
new file mode 100644
index 0000000..564b9f8
--- /dev/null
+++ b/roles/alpina/templates/apps/syncthing/compose.yml.j2
@@ -0,0 +1,16 @@
+{% import 'contrib/compose_helpers.j2' as helpers with context %}
+
+networks:
+  {{ helpers.default_network(193) | indent(2) }}
+
+services:
+  syncthing:
+    image: linuxserver/syncthing
+    container_name: syncthing
+    labels:
+      - {{ helpers.traefik_labels('sync', port='8384', auth=true) | indent(6) }}
+    restart: unless-stopped
+    network_mode: host
+    volumes:
+      - {{ base_volume_path }}/syncthing/config:/config
+      - {{ base_volume_path }}/syncthing/data:/data
diff --git a/roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2 b/roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2
index 9694f45..349dfb3 100644
--- a/roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2
+++ b/roles/alpina/templates/services/authentik/blueprints/apps-proxy.yaml.j2
@@ -13,6 +13,13 @@ entries:
       "ui_group": "Services",
       "allowed_for_groups": ["admins"],
     },
+    "Syncthing": {
+      "host": "sync",
+      "icon": "https://sync."~ domain ~"/assets/img/favicon-default.png",
+      "unauthenticated_paths": "^/assets/img/favicon-default.png$",
+      "ui_group": "Apps",
+      "allowed_for_groups": ["admins"],
+    },
     "qBit": {
       "host": "qbit",
       "icon": "https://qbit."~ domain ~"/images/qbittorrent-tray.svg",
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 14d9497..79b44d6 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -32,7 +32,7 @@
     state: enabled
     immediate: yes
 
-- name: Allow Web
+- name: Disallow Web
   become: yes
   firewalld:
     service: http
@@ -72,6 +72,14 @@
     state: enabled
     immediate: yes
 
+- name: Allow Syncthing
+  become: yes
+  firewalld:
+    service: syncthing
+    permanent: yes
+    state: enabled
+    immediate: yes
+
 - name: Reboot if needed
   become: yes
   ansible.builtin.reboot: