Is there any interest to integrate an ssh tunneling mechanism into syncthing? Most of my clients only have a single open port (ssh) that all traffic is encrypted and sent through. It is definitely possible to open a tunnel outside of syncthing and then point syncthing at the local port, but this is annoying because the tunnel has to be established separately, even when syncthing may be running.
I suppose that this could also be handled via systemd, which may make more sense if we want to avoid feature creep…make the syncthing daemon dependent on opening a specified ssh tunnel. Would users be more interested in built-in ssh tunneling functionality or handling it externally (and potentially automatically if syncthing were appropriately packaged for the distros).