Run Wireguard on your home server and select a port that you’d like to face externally.
Port forward that port in your router to your server. Let’s use port 12345.
Create public and private keys on your server.
Create conf file on your server.
Create keys and conf file on clients (phone, notebook, tablet, etc).
Enter keys in conf files.
Connect clients to home server.
Here is a sample which has confs for both a server and client. Ensure you enter your information as needed. Don’t forget your interface in the iptables commands.
# home server wg0.conf
PrivateKey = # server privkey here
Address = 192.168.2.1
ListenPort = 12345
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s31f6 -j MASQUERADE
PublicKey = # notebook pubkey here
AllowedIPs = 192.168.2.2
# notebook wg0.conf
PrivateKey = # notebook privkey here
Address = 192.168.2.3
DNS = 192.168.1.125 # dns server (pihole) address on my home network
PublicKey = # server pubkey here
Endpoint = 18.104.22.168:12345 # your home ip address and wireguard port
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21
So, in this case, port 12345 should be setup for port forwarding. You clients will connect back to port 12345 on your home IP address. If you have a dynamic IP address at home, you’ll need a solution for that like a custom script, DDNS, or even using a VPS as some sort of jump host.
If you can’t open a port, you could run the server on a Linode (with my referral of course, lol) instance that would be very cheap. A nanode is $5 a month, and now you can use it for other stuff too. Then connect everything to it. Now your phone and home server are on the same network.
This docker-compose-yml file will run all of these services. This post assumes that you have a little technical knowledge already and that you have Docker and Docker Compose installed. This will run all the downloading with qBittorrent and encrypted over PIA VPN.
Here is the directory structure that this compose file needs.
/home └── user ├── data │ ├── movies │ ├── music │ └── television └── data2 ├── config ├── data ├── jackett ├── lidarr ├── radarr └── sonarr └── prowlarr /var └── docker └── plex ├── config └── transcode
You’ll need to update the docker-compose file with your username. My username is user, so that is what you see in the structure above.
You can make these directories and set permissions with the following commands on Linux.
In the docker-compose file, you’ll need to enter your PIA username and password. The Plex service is set up for Plex Pass usage, so you’ll need to enter your plex claim. Once everything is rolling, you’ll need to update path mappings in Sonarr, Radarr, and Lidarr. You do this in settings > download clients in each application.
You also need to setup the downloaders in Sonarr, Radarr, and Lidarr. You can do this through settings > download clients and then click the big plus button to add a client. If you’re not using SSL for your qBittorrent instance, you won’t need to check that box. The same goes for the password protection. If you’re looking to use SSL, you can check out this post of mine.
Now you need to set up Jackett with your indexers. This will be different for everybody, so follow the instructions that are widely available.
As promised, here is the docker-compose.yml file. You may need to change your UID/GID to what is applicable to your installation/user. Please read it thoroughly – especially the comments. There are things you will need to change.
Now you should be able to cd into the directory that contains this docker compose file, and then run
sudo docker compose up
# or the following, so output isn't printed to screen
sudo docker compose up -d
This post should point you in the right direction, at least. I’m not responsible for any errors. Things may have been updated since I wrote this post. Special thanks to linuxserver.io and binhex for the images.