diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
index 5935e56..8abfa8b 100644
--- a/group_vars/all/secrets.yml
+++ b/group_vars/all/secrets.yml
@@ -1,55 +1,64 @@
 $ANSIBLE_VAULT;1.1;AES256
-34366466616466626433323366326361303939326634643837643538356236646530373661613361
-3634343131313638386135383061383163313237356437620a663135356232383538373764643466
-63393839386538316165303937323132313837613764393262336135623439306638303838356634
-6431666235383834650a336537666162313535613835356365613638313835303465353737643437
-39343866323831663035363062663966373337326634626565366438396264643836313637633161
-63363663623665383830646637323866376331643635393266376632636461393265636433643465
-64383065323263393837326436623738343034663763663961396631343431383161313035373364
-64666236336339616430303666363032643530636362303438663030646463626631373066633231
-63646130393439393065366132656135373363633361626163323765666165346262386465633365
-38376532343631646365326533323738373134333232646232623838353761636466333233313436
-62633839333963613138373263363233346634396165626631373364616630643162393661306266
-34316335633437653764636337346438643135356336336136346264333939666337613535343664
-39346635656161383630363830613537623764653133326431313463333536313833323534366232
-63646664666433323163383166373863393465616562643437393730323766633533333563396438
-64636663356163613930626536386538313138633063386262613333383635356434623964306564
-33346234666131376330633532366636613561666231313661646661656432646232376336376639
-63373233303436356165653232626664353762626433343938623036323133353538353734346338
-32333033643939636438366237643932656538306637363237306164653664633532396262643031
-64396335623065636166316362643839313735356535396366333730336636353936356333366330
-66343464636235653533363130313735396465393862313662316232323831373234343931333837
-63373461323237316130616363316634356466396136633634313565333331356336623433623337
-37353733623662353733626462333538373033626464613035666265643061646663383139303963
-38626333366262666531646463386330626662646261633833393465326633363266656239656164
-39353463316164643435663132616666333930616137326332346537353735383434626339646163
-65336138636364303163373637373361653165356463363265366361613435616365646131616531
-36353865343766316662346432316539643438333733623333363031386439336363646133326439
-63323037303066663839346663383634643130633230373738303561363163646332643038666233
-65643535613334346237623963666233356133333462303030653365343066636461653262303232
-38616138373661643762336531356235636332393833393533393937646264663265373336376464
-31313934353863613234663765333136633331303030646265613135623865346438623038323434
-63326334313663373130366534623862623163656336353532383365313139313738323634663963
-64353735326664336232653030323261663336663864303862653236663066386232383536663832
-64666635633630643236303931663236306238633430666633393132313131653565643335636330
-65336631396566633332363665336665643531633335343464386432333762336564343463613165
-63366338343664363339653863343030353531303932633130336431623038316665346663613761
-36653066646332646238643265313266333239323637373333326539356465393561373631643064
-65386561663261383861646632363738343338633930353334323138633466333761376461366662
-66383834633564316464636133303335346138623166616336303635646233313961636538666134
-37323138346465303837653766346433663663656239356331613334336166346265373766393164
-65303433633735353132383332333530646163343562303439316163643865636361373964646466
-31653532643763313934633661303666666464363731343839663835383961383766656438646139
-66646234303039366631343034633466643330663437323337316132393232333238663566333638
-34383961356332663066346535323066313761653733363431373836636565656164336634316235
-64363265636239336633643566326665633732313734393335616438343432643661383731373935
-61396237373364383139396433326266333338316537666463353661653233306262626433666532
-39346538323631393562623166346535316238626263623931383930623636343765643833656436
-61663564353361396539343364346636313661323239336438636436336463373666643439656137
-34316230336435353131303831646231376332356232343564666430356162343263643430353631
-37343761616238626238313361633861353639316435613430616561613561376361623030393533
-31383663373938366537393130313565633136636137363366623734393235316132306138306233
-35633634656562623834356365376364353532653465613530613133623863666132316162643637
-33396534623336333262636533336261666462363138626464663132386263656238616566633164
-37663164316465326338373566336536346233363338346437626263623562306362613564306531
-3131366536313963393164383534373962613539663130303934
+32303264363761663737623165343531373232343433636463326163663834326666353035383635
+3336303833643536353761633637333332363139613236310a663863343764663266626263666537
+62386438623738663864383062373763366639623766633931643965356530636539346137393635
+3030396535333130620a616264323138356133333439653035303231346136633664336263323536
+35653066363730313233346138316539383966393335633035336438666564383661376234366338
+64313336356534323836383938363264323635636163633966666362306131303565393339353131
+66613230313035623236366336663537396363646330626338336538646562316464313437663234
+61363036323433633761666161323362373032663037356438613832326438663833656134333566
+66326431613632336534353962663038666130636463323666373231636334373633643665666238
+33356336333930396637623865633466303531343861616531663438373835373839623565356538
+33616530613563336636376633623865313835373932663635633132646166323630303961383166
+32636438313263386134353965393330386433356639366232366133366538643336363936373033
+38313739363738303139383031306637366233303531356264633935366430326264323136613134
+36643363333061376633656235386361666232383431313063636266303633333439636163636236
+35663663643032623536353835653165326531313135623231633363326633616134613535303631
+63666437386234313133336233373761323362393766396330623638363533626230343062353763
+36623261383433343763353363343234663033643530366461633663383363666163336166346139
+37336237303130323337303065613436313862373465393039653230643535346530326337653734
+65353434303332626130633263356530373963373035656235336563353038616461376430333662
+66663233393433346532313132386236353632663230326338666165376536393863376232333764
+36326162663566333837386534666663363466623736613233663334383438363963613365333138
+63633633623066383635633364623865313931323831306233376264343531363739313931366132
+66353136623065343137383362623366306637616338656531353066643162326239313136636132
+32326337316633336538316430626461366539656630323537663938356333643039663330383836
+31363833323632663239333332326466323866623338396630393861613163373439356631613464
+62313363323337643837336663613865663465306264333735323437643738663063346631393638
+39666636313633313765616438383635633531306137383762383535666562353532303234623065
+35373165333361353039376262316236653032366437303830303563343332353536383333373630
+36333630653837643034303237313766636363376530343463623435386661623966663863326532
+36313633633930353833656365636566383565323032653537393433363663653466353763306334
+37666164656134386166353531646566306132626430393137663133616462666166613665346430
+65626561653537623736366163356633646665353865363438326164306238663661343431326238
+63636435343230363264313466656332323730623965613164353464396462343134356233626235
+36326233313437636364643735323934356133663332623133313261313933333835636636326535
+38313964333834666438386536356639613436346364616131383763333437313634356165346138
+37316130386663613038313761393139663663343961346564643736363363353836336439356638
+39616336653632383766333265623533626361326663323138383862306563653162323932663034
+39333030356662313663663666623433393631306430306134316336653730356161383266366265
+34396334393636313831396137646164346438636263666330356136346264346163656561313961
+37366133376132613031333835316230343834333538393862633530383563633763663862623262
+30666533353266393834626563343032313139643964373864333031306539663132393364323437
+61306631613261353737613536336161353439623565343237383037316264373462636163366637
+39313534663538393633306430643139396331633730343364666237353964333963383132386366
+66316332363630333831613433323163313561623864356137316435643631326430323466383762
+63323635306238393339363162656261623861356334646532666265643061653431353438643335
+61383038386638313734643434306238353034643633366132316563646463636339613162393265
+37393035373733643237393932326132666165386163393938656361333330653963363630376638
+39313562366432346236383066353235643261616632363932633065303861376538353336646265
+66626332363637623735303531306435373665396439666335643261653430306462666562353336
+63613739376566393733373863373836343365323432393536323739616633376431316261306636
+31366133386539303538353430353036363837333633336136316261363262333765316237323661
+36343565353761366237376164623563663831383035383232353231636163313537623264323561
+33323333626331656437303235663034666462613037363263363336666330643564363333396466
+37623633376133653632396239353462313636306236323432643938646535653063316238373532
+35303730613035383436336263323662613961653931333063306532656263633833633632356237
+64623439646531306562353461326665323535343637376264363764363534653964316665623862
+36376437666665393838336432636332383530653762306462663935373662353839363330306237
+34613762346466373965343465663838363936386535663633363166633364353763383135363163
+66363130383236326466363638373766343862623164633336613832343864386666386163653239
+64326330326232643937386231663634643936653434323037616563383439316437363837633636
+30626531373666623362623063333731646137663761636363373132303061306161666137636632
+39316538363563393062643432393937383663323337666637396134343132313962363437363531
+616266316664633637613539646265353833
diff --git a/roles/docker_services/defaults/main.yml b/roles/docker_services/defaults/main.yml
index c2fb30e..a230f31 100644
--- a/roles/docker_services/defaults/main.yml
+++ b/roles/docker_services/defaults/main.yml
@@ -30,6 +30,13 @@ services:
     volume: "{{ base_volume }}/smp-server"
     version: v5
 
+  simplexmq_xftp:
+    domain: xftp01.simplex.{{ base_domain }}
+    onion: n5vct5tnf4zoaigmfj4ppxzhgrslg3n4a4sp5yjppp6lfwvq7m2vn2id.onion
+    volume: "{{ base_volume }}/xftp-server"
+    quota: 50gb
+    version: v5
+
   searxng:
     domain: search.{{ base_domain }}
     onion: gbat2pbpg7ys3fi3pbp64667tt5x66mg45xok35bxdw7v55brm7a27yd.onion
diff --git a/roles/docker_services/tasks/services/simplexmq_smp.yml b/roles/docker_services/tasks/services/simplexmq_smp.yml
index 902e502..e8cd220 100644
--- a/roles/docker_services/tasks/services/simplexmq_smp.yml
+++ b/roles/docker_services/tasks/services/simplexmq_smp.yml
@@ -25,7 +25,7 @@
         aliases:
           - smp-server
     env:
-      addr: "{{ services.simplexmq_smp.domain }}"
+      ADDR: "{{ services.simplexmq_smp.domain }}"
     volumes:
       - "{{ services.simplexmq_smp.volume }}/config:/etc/opt/simplex:rw"
       - "{{ services.simplexmq_smp.volume }}/logs:/var/opt/simplex:rw"
diff --git a/roles/docker_services/tasks/services/simplexmq_xftp.yml b/roles/docker_services/tasks/services/simplexmq_xftp.yml
new file mode 100644
index 0000000..6412798
--- /dev/null
+++ b/roles/docker_services/tasks/services/simplexmq_xftp.yml
@@ -0,0 +1,38 @@
+# vim: ft=yaml.ansible
+---
+- name: Create XFTP server volume directories
+  ansible.builtin.file:
+    name: "{{ services.simplexmq_xftp.volume }}/{{ dir }}"
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+    state: directory
+  loop:
+    - config
+    - logs
+    - files
+  loop_control:
+    loop_var: dir
+
+- name: Deploy XFTP server Docker container
+  community.docker.docker_container:
+    name: xftp-server
+    state: "{{ 'absent' if stop is defined and stop else 'started' }}"
+    restart: "{{ stop is undefined or not stop }}"
+    image: simplexchat/xftp-server:{{ services.simplexmq_xftp.version }}
+    restart_policy: always
+    default_host_ip: ''
+    networks:
+      - name: tor
+        aliases:
+          - xftp-server
+    env:
+      ADDR: "{{ services.simplexmq_xftp.domain }}"
+      QUOTA: "{{ services.simplexmq_xftp.quota }}"
+    volumes:
+      - "{{ services.simplexmq_xftp.volume }}/config:/etc/opt/simplex:rw"
+      - "{{ services.simplexmq_xftp.volume }}/logs:/var/opt/simplex:rw"
+      - "{{ services.simplexmq_xftp.volume }}/files:/srv/xftp:rw"
+    published_ports:
+      - 5443:443/tcp
+    labels:
+      com.centurylinklabs.watchtower.stop-signal: SIGINT
diff --git a/roles/docker_services/tasks/services/tor.yml b/roles/docker_services/tasks/services/tor.yml
index 29b7c4e..a2f58f7 100644
--- a/roles/docker_services/tasks/services/tor.yml
+++ b/roles/docker_services/tasks/services/tor.yml
@@ -8,7 +8,7 @@
     image: goldy/tor-hidden-service:{{ services.tor.version }}
     restart_policy: always
     env:
-      # Required by SMP server (we're not hosting anonymous services anyway)
+      # Required by SMP/XFTP server (we're not hosting anonymous services anyway)
       TOR_EXTRA_OPTIONS: |
         HiddenServiceNonAnonymousMode 1
         HiddenServiceSingleHopMode 1
@@ -28,5 +28,9 @@
       SMPSERVER_TOR_SERVICE_HOSTS: 5223:smp-server:5223
       SMPSERVER_TOR_SERVICE_VERSION: '3'
       SMPSERVER_TOR_SERVICE_KEY: "{{ secrets.tor.simplexmq_smp_key }}"
+
+      XFTPSERVER_TOR_SERVICE_HOSTS: 443:xftp-server:443
+      XFTPSERVER_TOR_SERVICE_VERSION: '3'
+      XFTPSERVER_TOR_SERVICE_KEY: "{{ secrets.tor.simplexmq_xftp_key }}"
     networks:
       - name: tor
diff --git a/roles/os_config/tasks/firewall.yml b/roles/os_config/tasks/firewall.yml
index d2c73d3..ebf24d2 100644
--- a/roles/os_config/tasks/firewall.yml
+++ b/roles/os_config/tasks/firewall.yml
@@ -9,7 +9,8 @@
     - port: '22'    # SSH
     - port: '80'    # HTTP
     - port: '443'   # HTTPS
-    - port: '5223'  # SimpleXMQ
+    - port: '5223'  # SMP server
+    - port: '5443'  # XFTP server
     - port: '10000' # Jitsi Videobridge
       proto: udp