diff --git a/ansible/roles/syncthing/config.xml.j2 b/ansible/roles/syncthing/config.xml.j2
index 3487a72..7f6277d 100644
--- a/ansible/roles/syncthing/config.xml.j2
+++ b/ansible/roles/syncthing/config.xml.j2
@@ -231,6 +231,8 @@
         <address>0.0.0.0:8384</address>
         <apikey>{{ api_key }}</apikey>
         <theme>light</theme>
+	<user>pim</user>
+	<password>$2a$10$m3yFFV47/kiCTz0SILEZHOTTLGKX3rkh0Ig4ciqqMPWNPj4gI6gT2</password>
     </gui>
     <ldap></ldap>
     <options>
diff --git a/ansible/roles/syncthing/docker-stack.yml.j2 b/ansible/roles/syncthing/docker-stack.yml.j2
index d3cf206..e9c9c46 100644
--- a/ansible/roles/syncthing/docker-stack.yml.j2
+++ b/ansible/roles/syncthing/docker-stack.yml.j2
@@ -1,6 +1,10 @@
 # vi: ft=yaml
 version: "3"
 
+networks:
+  traefik:
+    external: true
+
 configs:
   config:
     file: /srv/syncthing/config.xml
@@ -12,13 +16,21 @@ configs:
 services:
   syncthing:
     image: lscr.io/linuxserver/syncthing:latest
+    networks:
+      - traefik
     deploy:
       placement:
         constraints:
           - "node.labels.syncthing == true"
       labels:
-        - traefik.enable=false
-        - com.centurylinklabs.watchtower.enable=false
+        - traefik.enable=true
+        - traefik.http.routers.syncthing.entrypoints=localsecure
+        - traefik.http.routers.syncthing.rule=Host(`syncthing.pim.kunis.nl`)
+        - traefik.http.routers.syncthing.service=syncthing
+        - traefik.http.routers.syncthing.tls=true
+        - traefik.http.routers.syncthing.tls.certresolver=letsencrypt
+        - traefik.docker.network=treafik
+        - traefik.http.services.syncthing.loadbalancer.server.port=8384
     environment:
       - PUID=1000
       - PGID=1000
@@ -27,8 +39,6 @@ services:
       - type: bind
         source: /mnt/data/syncthing
         target: /data
-    ports:
-      - 8384:8384
     configs:
       - source: config
         target: /config/config.xml
diff --git a/ansible/roles/syncthing/tasks/main.yml b/ansible/roles/syncthing/tasks/main.yml
index dcd537d..2ea02e2 100644
--- a/ansible/roles/syncthing/tasks/main.yml
+++ b/ansible/roles/syncthing/tasks/main.yml
@@ -7,22 +7,31 @@
   template:
     src: "{{ role_path }}/config.xml.j2"
     dest: /srv/syncthing/config.xml
+  register: config
       
 - name: Copy private key
   copy:
     src: "{{ role_path }}/key.pem"
     dest: /srv/syncthing/key.pem
+  register: privkey
 
 - name: Copy certificate
   copy:
     src: "{{ role_path }}/cert.pem"
     dest: /srv/syncthing/cert.pem
+  register: cert
 
 - name: Copy Docker stack file
   template:
     src: "{{ role_path }}/docker-stack.yml.j2"
     dest: /srv/syncthing/docker-stack.yml
 
+- name: Remove docker stack
+  docker_stack:
+    name: syncthing
+    state: absent
+  when: config.changed or privkey.changed or cert.changed
+
 - name: Deploy Docker stack
   docker_stack:
     name: syncthing