diff --git a/homes/x86_64-linux/mtxyz@pegasi/default.nix b/homes/x86_64-linux/mtxyz@pegasi/default.nix
index 93889ac..fa5ca80 100644
--- a/homes/x86_64-linux/mtxyz@pegasi/default.nix
+++ b/homes/x86_64-linux/mtxyz@pegasi/default.nix
@@ -4,4 +4,6 @@
     private = false;
     minimal = true;
   };
+
+  services.syncthing.enable = true;
 }
diff --git a/modules/nixos/core/default.nix b/modules/nixos/core/default.nix
index 62f5fb9..34a16b4 100644
--- a/modules/nixos/core/default.nix
+++ b/modules/nixos/core/default.nix
@@ -135,7 +135,12 @@ in
       # Dont start tailscale on boot, interferes with nebula but useful as a fallback.
       systemd.services.tailscaled.enable = lib.mkForce false;
 
-      services.syncthing.openDefaultPorts = lib.mkDefault cfg.private;
+      # Open ports for syncthing user service.
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [ 22000 ];
+        allowedUDPPorts = [ 22000 ];
+      };
 
       boot.binfmt.emulatedSystems = lib.optionals (!cfg.minimal) [ "aarch64-linux" "riscv64-linux" ];