diff --git a/roles/any.software.syncthing/handlers/main.yml b/roles/any.software.syncthing/handlers/main.yml
new file mode 100644
index 0000000..f575826
--- /dev/null
+++ b/roles/any.software.syncthing/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: 'restart syncthing'
+  ansible.builtin.systemd_service:
+    name: 'syncthing'
+    state: 'restarted'
+
+    daemon_reload: true
diff --git a/roles/any.software.syncthing/tasks/main.yml b/roles/any.software.syncthing/tasks/main.yml
new file mode 100644
index 0000000..8e19260
--- /dev/null
+++ b/roles/any.software.syncthing/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: Ensure Syncthing is installed
+  ansible.builtin.apt:
+    name: syncthing
+    state: present
+
+- name: Ensure data directories are present
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+    owner: 'root'
+    group: 'root'
+  loop:
+    - "{{ syncthing_data_dir }}"
+    - "{{ syncthing_home_dir }}"
+    - "{{ syncthing_config_dir }}"
+
+- name: Ensure service file is present
+  ansible.builtin.template:
+    src: 'syncthing.service.j2'
+    dest: '/lib/systemd/system/syncthing.service'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify: 'restart syncthing'
+
+- name: Ensure Syncthing service is enabled
+  ansible.builtin.service:
+    name: 'syncthing'
+    enabled: true
diff --git a/roles/any.software.syncthing/templates/syncthing.service.j2 b/roles/any.software.syncthing/templates/syncthing.service.j2
new file mode 100644
index 0000000..d47bfa1
--- /dev/null
+++ b/roles/any.software.syncthing/templates/syncthing.service.j2
@@ -0,0 +1,24 @@
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization
+Documentation=man:syncthing(1)
+After=network.target
+StartLimitIntervalSec=60
+StartLimitBurst=4
+
+[Service]
+ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --config='{{ syncthing_config_dir }}' --data='{{ syncthing_data_dir }}' --no-default-folder --gui-address=0.0.0.0:8384
+Restart=on-failure
+RestartSec=1
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+Environment="HOME={{ syncthing_home_dir }}"
+
+# Hardening
+ProtectSystem=full
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target