openvpn

Securing the Torrent Box

by
A Linux torrent box secured with a VPN, showing qBittorrent running only through an encrypted VPN connection for safe torrenting

This post covers how I secure my torrent box so it only runs torrents when the VPN is active. No firewall killswitch, no Docker, no pretending it’s more complicated than it is.

The goal is simple:

  • The VPN must be up before qBittorrent starts
  • If the VPN drops, qBittorrent must stop
  • qBittorrent should bind to the VPN interface/IP
  • PIA port forwarding should be applied automatically
  • Downloads should land on the drive with the most free space (for now)

This is a service-level enforcement model using systemd:

  • qbittorrent-vpn.service requires pia-vpn.service
  • If the PIA manual connection drops, the VPN service ends
  • When the VPN service ends, systemd stops qBittorrent immediately

Read more

Securing Your Indexers

by
Linux penguin protected by a shield and lock symbol representing securing your indexers with an always-on VPN for Prowlarr, Sonarr, and Radarr on Linux

Always-On VPN with Custom systemd Scripts

This post documents how I believe you should be securing your indexers; primarily Prowlarr, Sonarr and Radarr, along with the automation services that depend on it behind an always-on VPN using custom systemd scripts.

These services do not download torrents themselves, but they make constant outbound requests to indexers and third-party APIs. I don’t want that traffic coming directly from my home IP.

The goal is simple and strict: if the VPN isn’t up, the indexers should not be running.

Read more