diff --git a/Makefile b/Makefile
index 01325ad..0f9deab 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
 %:
-	ansible-playbook playbooks/$@.yml -i inventory/hosts.yml -K
+	ansible-playbook playbooks/$@.yml -i inventory/hosts.yml -K --ask-vault-pass
 
 .PHONY: run
diff --git a/README.md b/README.md
index 902d0e9..f242fc2 100644
--- a/README.md
+++ b/README.md
@@ -11,9 +11,10 @@
 - Telegram (maybe only possible to download)
 - Oh my zsh?
 - Cool neovim setup
-- syncthing config
 - strawberry
 - fuzzy find
+- autostart syncthing
+- keepass config
 
 Would like Ansible Vault to check in keypair for syncthing.
 However, then I would need a password to unlock the vault.
diff --git a/playbooks/syncthing.yml b/playbooks/syncthing.yml
new file mode 100644
index 0000000..7f094a6
--- /dev/null
+++ b/playbooks/syncthing.yml
@@ -0,0 +1,4 @@
+- name: Install Syncthing
+  hosts: self
+  roles:
+    - syncthing
diff --git a/roles/syncthing/files/cert.pem b/roles/syncthing/files/cert.pem
new file mode 100644
index 0000000..80ce40b
--- /dev/null
+++ b/roles/syncthing/files/cert.pem
@@ -0,0 +1,45 @@
+$ANSIBLE_VAULT;1.1;AES256
+66646338323135646333656465636533393765626338303565346532623762383266393163623861
+3234303035383839303466363733393231383134333066640a663330653664326264376536373537
+31363061343434653231353837333064356333626633636630313133353738333832636435343634
+3431346261656539620a393832386639623431613566636433343734383330623165626464303536
+39393562343666343234366163656538666236643532333237383336393963666163396533343533
+62316430623238306162303666323637383361323066336461653835306666323534306438363430
+36653762643664613131373964343331316437396136643866323636333837643730366530653436
+31313361303036623235323539366535643333636634373633356336313434646165363633613963
+39613031643664366364326535353864616333356235666131363437343631623331666466333730
+64643636303363353639303336353661336339633334386561313761663433393031613563303263
+36393463343061376664383665303333326235356466353236636631313933656337356530623030
+33346139343732396663666361663039623931376533363530666365383530326432656365343562
+32303035336566313063383364643764326533356265386434646663663738343532623835346561
+33613633383031643638396332313837643430383164626539376466316466626238613539306331
+62643734386538336639333862363736343532643762393766323531366631393738343339326230
+38396336313738636663663961303061306361373132616330636430373766623266363135626632
+36343638316236343135313535653232343031616534366232313831353233643433643565343662
+31653063633932613631353965353633386234306235396130613030303064623532643930386364
+62353938616665633738613335316563616537656332386236306666636639326138343034323837
+66636637663664373434386363313563323061316163663236613963323436353532613766363636
+35646530363666616131383732393862333938353065636333333164366635616234626262316431
+36356664366465646233656635666330303338323039623433623530643964376664333565363862
+36316463613664643534346536636637363435653962633438333437346236663032626639333539
+61663135346430336238386366383935383763653731306561313135316437613161343763316430
+33643161363139643735373138623535333438656239376563366239643637653162303461313163
+36343762353863326161636637623066383036336630306632333736626563323661623534336437
+61303962633163663936613430616163666139363063313964353232376337653235303064336466
+61653330636338393130623165636433393566373739363031393235613238333834313135313066
+31303435666635316561383066336637646564323564653462323661666136316532326562326135
+36613930303832373066366263313666366666313536373064376433346435383630613234393830
+66393564346238386631346539646263663635353935386336386232613734343935346264303234
+36383265383931316137353733306235363237353934623835393062353633346438366235303730
+30666539373633313966643335376663363137393231636438353564343436636166346462633031
+34353733373563633536336637643966353233663466373932633339313432653538346331633535
+31363730376563646232386431376537353531356432306635306334636662316539616264616136
+65363933336365376635333933313561373063346433666464313765646162363264643338363764
+34333231353265363935313739663131333565666639336234656639616464623165396464613863
+33376131666231373961613561633065653366393532393736363935653065636365363564326364
+61326238313466616630623737646263613830616537383364633735303861343335613635383035
+36383165363939626639636334323866353235656165343636653732393832356665643735636663
+35336665653065653633363366623463633039366432333066363561633566643937303437613435
+38313265613362356662626563633764646164323239396136356538636461613631323035363039
+33326363306566303936366232343062643037366531376365356461396664356561343162363134
+36343332303830336562
diff --git a/roles/syncthing/files/config.xml b/roles/syncthing/files/config.xml
new file mode 100644
index 0000000..0eea2e4
--- /dev/null
+++ b/roles/syncthing/files/config.xml
@@ -0,0 +1,221 @@
+<configuration version="37">
+    <folder id="6pgsm-opvsv" label="Sync" path="/home/pim/sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="QW4NXKY-Y56F7ON-SIABMBI-EHMQANC-AVWEREO-B6WNTCN-NP2O7VI-6SGYMQS" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>false</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>1024</maxSingleEntrySize>
+            <maxTotalSize>4096</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <folder id="gfx9s-zaxrt" label="Music" path="/home/pim/Music" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+        <filesystemType>basic</filesystemType>
+        <device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <device id="QW4NXKY-Y56F7ON-SIABMBI-EHMQANC-AVWEREO-B6WNTCN-NP2O7VI-6SGYMQS" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+        <minDiskFree unit="%">1</minDiskFree>
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>false</junctionsAsDirs>
+        <syncOwnership>false</syncOwnership>
+        <sendOwnership>false</sendOwnership>
+        <syncXattrs>false</syncXattrs>
+        <sendXattrs>false</sendXattrs>
+        <xattrFilter>
+            <maxSingleEntrySize>1024</maxSingleEntrySize>
+            <maxTotalSize>4096</maxTotalSize>
+        </xattrFilter>
+    </folder>
+    <device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" name="Server" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <device id="QW4NXKY-Y56F7ON-SIABMBI-EHMQANC-AVWEREO-B6WNTCN-NP2O7VI-6SGYMQS" name="pim-x260" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+    </device>
+    <gui enabled="true" tls="false" debugging="false">
+        <address>127.0.0.1:40465</address>
+        <apikey></apikey>
+        <theme>default</theme>
+    </gui>
+    <ldap></ldap>
+    <options>
+        <listenAddress>tcp://0.0.0.0:38639</listenAddress>
+        <listenAddress>dynamic+https://relays.syncthing.net/endpoint</listenAddress>
+        <listenAddress>quic://0.0.0.0:38639</listenAddress>
+        <globalAnnounceServer>default</globalAnnounceServer>
+        <globalAnnounceEnabled>true</globalAnnounceEnabled>
+        <localAnnounceEnabled>true</localAnnounceEnabled>
+        <localAnnouncePort>21027</localAnnouncePort>
+        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <reconnectionIntervalS>60</reconnectionIntervalS>
+        <relaysEnabled>true</relaysEnabled>
+        <relayReconnectIntervalM>10</relayReconnectIntervalM>
+        <startBrowser>true</startBrowser>
+        <natEnabled>true</natEnabled>
+        <natLeaseMinutes>60</natLeaseMinutes>
+        <natRenewalMinutes>30</natRenewalMinutes>
+        <natTimeoutSeconds>10</natTimeoutSeconds>
+        <urAccepted>3</urAccepted>
+        <urSeen>3</urSeen>
+        <urUniqueID></urUniqueID>
+        <urURL>https://data.syncthing.net/newdata</urURL>
+        <urPostInsecurely>false</urPostInsecurely>
+        <urInitialDelayS>1800</urInitialDelayS>
+        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
+        <upgradeToPreReleases>false</upgradeToPreReleases>
+        <keepTemporariesH>24</keepTemporariesH>
+        <cacheIgnoredFiles>false</cacheIgnoredFiles>
+        <progressUpdateIntervalS>5</progressUpdateIntervalS>
+        <limitBandwidthInLan>false</limitBandwidthInLan>
+        <minHomeDiskFree unit="%">1</minHomeDiskFree>
+        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
+        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
+        <tempIndexMinBlocks>10</tempIndexMinBlocks>
+        <trafficClass>0</trafficClass>
+        <setLowPriority>true</setLowPriority>
+        <maxFolderConcurrency>0</maxFolderConcurrency>
+        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
+        <crashReportingEnabled>true</crashReportingEnabled>
+        <stunKeepaliveStartS>180</stunKeepaliveStartS>
+        <stunKeepaliveMinS>20</stunKeepaliveMinS>
+        <stunServer>default</stunServer>
+        <databaseTuning>auto</databaseTuning>
+        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
+        <announceLANAddresses>true</announceLANAddresses>
+        <sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
+        <connectionLimitEnough>0</connectionLimitEnough>
+        <connectionLimitMax>0</connectionLimitMax>
+        <insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
+    </options>
+    <defaults>
+        <folder id="" label="" path="~" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+            <filesystemType>basic</filesystemType>
+            <device id="QW4NXKY-Y56F7ON-SIABMBI-EHMQANC-AVWEREO-B6WNTCN-NP2O7VI-6SGYMQS" introducedBy="">
+                <encryptionPassword></encryptionPassword>
+            </device>
+            <minDiskFree unit="%">1</minDiskFree>
+            <versioning>
+                <cleanupIntervalS>3600</cleanupIntervalS>
+                <fsPath></fsPath>
+                <fsType>basic</fsType>
+            </versioning>
+            <copiers>0</copiers>
+            <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+            <hashers>0</hashers>
+            <order>random</order>
+            <ignoreDelete>false</ignoreDelete>
+            <scanProgressIntervalS>0</scanProgressIntervalS>
+            <pullerPauseS>0</pullerPauseS>
+            <maxConflicts>10</maxConflicts>
+            <disableSparseFiles>false</disableSparseFiles>
+            <disableTempIndexes>false</disableTempIndexes>
+            <paused>false</paused>
+            <weakHashThresholdPct>25</weakHashThresholdPct>
+            <markerName>.stfolder</markerName>
+            <copyOwnershipFromParent>false</copyOwnershipFromParent>
+            <modTimeWindowS>0</modTimeWindowS>
+            <maxConcurrentWrites>2</maxConcurrentWrites>
+            <disableFsync>false</disableFsync>
+            <blockPullOrder>standard</blockPullOrder>
+            <copyRangeMethod>standard</copyRangeMethod>
+            <caseSensitiveFS>false</caseSensitiveFS>
+            <junctionsAsDirs>false</junctionsAsDirs>
+            <syncOwnership>false</syncOwnership>
+            <sendOwnership>false</sendOwnership>
+            <syncXattrs>false</syncXattrs>
+            <sendXattrs>false</sendXattrs>
+            <xattrFilter>
+                <maxSingleEntrySize>1024</maxSingleEntrySize>
+                <maxTotalSize>4096</maxTotalSize>
+            </xattrFilter>
+        </folder>
+        <device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+            <address>dynamic</address>
+            <paused>false</paused>
+            <autoAcceptFolders>false</autoAcceptFolders>
+            <maxSendKbps>0</maxSendKbps>
+            <maxRecvKbps>0</maxRecvKbps>
+            <maxRequestKiB>0</maxRequestKiB>
+            <untrusted>false</untrusted>
+            <remoteGUIPort>0</remoteGUIPort>
+        </device>
+        <ignores></ignores>
+    </defaults>
+</configuration>
diff --git a/roles/syncthing/files/key.pem b/roles/syncthing/files/key.pem
new file mode 100644
index 0000000..bcc4f81
--- /dev/null
+++ b/roles/syncthing/files/key.pem
@@ -0,0 +1,20 @@
+$ANSIBLE_VAULT;1.1;AES256
+38373533323538326261326561623834613861653835356234633731366661383364316633353838
+3636313066663636386130336232373233666533353362320a366136653766656333653932396663
+33623066633132366162393963393038613634653933646437613935316365383665333035376132
+3430633230313139330a376530323866626635303534666630666339393164613865376535386163
+65356539643863373130333835613731366237613633616662363861353735633065623762653363
+35653063613461623361336564626365633238353939373539623836626134363438623836353830
+33613237383831373166393731323337353934346334313131306130376535653138666435393236
+36386466333637396139306436306333343437643565626630316433613061373136646436643933
+34383834636561316435623137303834663330613032313366396565336261646363323233633330
+38646265323439303039333266393434623931623736333932633130376335353831356231646666
+30353930663164663734353264636530323166393237626631346333303238613833313736346532
+32633132613134613032396530356437396138613761383737613532396534386465393338346138
+37326437653039633132616139396234633163336566633138343865613436333862393033393839
+31303136373130636538343535626265666364326432656166383062346337373233636561313765
+39633332363931323134333734353634666461393734626338343037323234336136643138353736
+38383537366539386166326164653038356639626264313938613266306464323166393931376563
+62343338326330313132643634613262353739376239643037626137386530386631383438336663
+66653130663563653138306235653030333738396565373066643835333663663662343538376132
+376230386465353039383632643034653434
diff --git a/roles/syncthing/tasks/main.yml b/roles/syncthing/tasks/main.yml
new file mode 100644
index 0000000..ad27b20
--- /dev/null
+++ b/roles/syncthing/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: Install Syncthing
+  become: true
+  apt:
+    state: latest
+    update_cache: true
+    cache_valid_time: 86400
+    pkg:
+      - syncthing
+- name: Create Syncthing configuration directory
+  file:
+    path: ~/.config/syncthing
+    state: directory
+- name: Copy Syncthing configuration
+  copy:
+    src: "{{ role_path }}/files/config.xml"
+    dest: ~/.config/syncthing/config.xml
+- name: Copy Syncthing private key
+  copy:
+    src: "{{ role_path }}/files/key.pem"
+    dest: ~/.config/syncthing/key.pem
+- name: Copy Syncthing certificate
+  copy:
+    src: "{{ role_path }}/files/cert.pem"
+    dest: ~/.config/syncthing/cert.pem
+
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index c0973b0..9ff04e3 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -22,7 +22,6 @@
       - gimp
       - tree
       - wireshark
-      - syncthing
 - name: Install .gitconfig
   template:
     src: "{{ role_path }}/templates/.gitconfig.j2"