systemd

Securing the Torrent Box

by
A Linux torrent box secured with a VPN, showing qBittorrent running only through an encrypted VPN connection for safe torrenting

This post covers how I secure my torrent box so it only runs torrents when the VPN is active. No firewall killswitch, no Docker, no pretending it’s more complicated than it is.

The goal is simple:

  • The VPN must be up before qBittorrent starts
  • If the VPN drops, qBittorrent must stop
  • qBittorrent should bind to the VPN interface/IP
  • PIA port forwarding should be applied automatically
  • Downloads should land on the drive with the most free space (for now)

This is a service-level enforcement model using systemd:

  • qbittorrent-vpn.service requires pia-vpn.service
  • If the PIA manual connection drops, the VPN service ends
  • When the VPN service ends, systemd stops qBittorrent immediately

Read more

Securing Your Indexers

by
Linux penguin protected by a shield and lock symbol representing securing your indexers with an always-on VPN for Prowlarr, Sonarr, and Radarr on Linux

Always-On VPN with Custom systemd Scripts

This post documents how I believe you should be securing your indexers; primarily Prowlarr, Sonarr and Radarr, along with the automation services that depend on it behind an always-on VPN using custom systemd scripts.

These services do not download torrents themselves, but they make constant outbound requests to indexers and third-party APIs. I don’t want that traffic coming directly from my home IP.

The goal is simple and strict: if the VPN isn’t up, the indexers should not be running.

Read more

How to Install Prowlarr

by
Linux penguin using a terminal to install Prowlarr, with the Prowlarr web interface displayed on screen

On a Linux-Based System

If you’re running a media automation stack on Linux, Prowlarr is one of those tools that quietly makes everything else less painful. It centralizes indexer management for Sonarr, Radarr, Lidarr, and friends, so you’re not reconfiguring the same indexers over and over again.

This post walks through how I install Prowlarr on a Linux-based system using the official method. I’m assuming you already have a basic Linux install up and running. If not, start with A Beginner’s Guide to Linux before continuing.

Read more