Set up TLS for VSFTPD

common/fragments/vsftpd.nix

@@ -1,11 +1,25 @@
-{ ... }: {
+{ config, ... }: {
   services.vsftpd = {
     enable = true;
     anonymousUser = true;
     anonymousUserNoPassword = true;
+
+    rsaCertFile = "${
+        config.security.acme.certs."technogothic.net".directory
+      }/fullchain.pem";
+    rsaKeyFile =
+      "${config.security.acme.certs."technogothic.net".directory}/key.pem";
+
+    forceLocalLoginsSSL = true;
+    forceLocalDataSSL = true;
+
     extraConfig = ''
       pasv_min_port=40000
       pasv_max_port=40200
+
+      allow_anon_ssl=YES
+      require_ssl_reuse=NO
+      ssl_ciphers=HIGH
     '';
   };
 }