I use syncthing to move data to and from a firewalled production server and usually syncthing just works.
I have also gone to great length to keep the service private - as in using a private discovery service.
When a package installs a service - whether that is user or system it is (usually) placed /usr/lib/systemd.
When you enable a user service - it will be placed in folder in your ~/.config/systemd - a folder matching the target run level - in the case of syncthing the folder is default-target.wnats.
This is how it looks on my system
$ tree ~/.config/systemd
/home/fh/.config/systemd
└── user
├── check-aur.service
├── check-aur.timer
├── default.target.wants
│ ├── modprobed-db.service -> /usr/lib/systemd/user/modprobed-db.service
│ └── syncthing.service -> /usr/lib/systemd/user/syncthing.service
├── protonvpn_reconnect.service
└── timers.target.wants
└── check-aur.timer -> /home/fh/.config/systemd/user/check-aur.timer
When you manually create a service you place it in ~/.config/systemd.
The check-aur.timer and check-aur.service is described in [root tip] [HowTo] Check if your AUR build scripts have been updated
When a user service is placed in /usr/lib/systemd/user it is a template service - you need to activate for your user - and should be needless to say never use sudo with user services - this is the only way the system will know which user you are enabling the service for - it is only a template.
systemctl enable --now syncthing@$USER.service
If you omit the @username you will get a service not found - because it does not exist