diff --git a/hosts/koi/containers/torrent.nix b/hosts/koi/containers/torrent.nix
index ad7fd86..94b5f69 100644
--- a/hosts/koi/containers/torrent.nix
+++ b/hosts/koi/containers/torrent.nix
@@ -1,13 +1,19 @@
-{ abs, lib, pkgs, ... }@inputs:
+{ abs, lib, pkgs, config, ... }@inputs:
 let
   containers = (import (abs "lib/containers.nix") inputs);
+  secrets = import (abs "lib/secrets.nix");
   vueTorrent = pkgs.fetchurl {
     url = "https://github.com/WDaan/VueTorrent/releases/download/v2.4.0/vuetorrent.zip";
     hash = "sha256-ZM2AAJVqlzCXxvWnWhYDVBXZqpe0NzkFfYLvUTyzlZM=";
   };
+
+  dlWebhook = secrets.mount config "qbt-dl-webhook";
 in
 {
   imports = [
+    (secrets.declare [
+      { name = "qbt-dl-webhook"; mode = "777"; }
+    ])
     (containers.mkNixosContainer {
       name = "torrent";
       ephemeral = false;
@@ -23,8 +29,10 @@ in
             serviceConfig = {
               AmbientCapabilities = "CAP_NET_BIND_SERVICE";
             };
-            setup = ''
+            setup = { config, ... }: ''
               mkdir -p /var/lib/qbittorrent/temp
+              dl_webhook=`cat ${dlWebhook.path}`
+              sed -i "s|%DL_WEBHOOK%|$dl_webhook|g" ${config}
             '';
             config = {
               Preferences = {
@@ -45,6 +53,10 @@ in
                 "Proxy\\Type" = "SOCKS5";
                 "Proxy\\HostnameLookupEnabled" = "true";
               };
+              AutoRun = {
+                enabled = "true";
+                program = "curl \\\"%DL_WEBHOOK%\\\" -X POST -d \\\"%N\\\"";
+              };
             };
           })
         ];
@@ -56,7 +68,7 @@ in
           hostPath = "/mnt/puffer/Downloads";
           isReadOnly = false;
         };
-      };
+      } // (dlWebhook.mounts);
     })
   ];
 
diff --git a/lib/secrets.nix b/lib/secrets.nix
index 203f1bd..a9449e6 100644
--- a/lib/secrets.nix
+++ b/lib/secrets.nix
@@ -21,11 +21,12 @@
   mount = config: name:
     let
       path = config.age.secrets.${name}.path;
+      localPath = "/mnt/secrets/${name}";
     in
     {
-      path = path;
+      path = localPath;
       mounts = {
-        ${path} = {
+        ${localPath} = {
           hostPath = path;
           isReadOnly = true;
         };
diff --git a/secrets/qbt-dl-webhook.age b/secrets/qbt-dl-webhook.age
new file mode 100644
index 0000000..09a1b94
--- /dev/null
+++ b/secrets/qbt-dl-webhook.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 sj88Xw 7DkrB33/l5p6R9b0FSQUXVfagN1dqUeJDfBrp5gVFUM
+AnDczrbwG6pYR8ReTyIbOfi8B4YbS2xgcc2Fc+KDEbo
+--- KosaQlB/8ZGXC+wavmN1G79YfiTgkPnNATZur/xHFOI
+�M�C���̹T�aڇ�yw���9x{�nh��X����&+�@N�9A����{~�~d|R�o_M��&U[���M�K���A����mڋ
diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix
index 81f0c61..fb037ca 100644
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@@ -70,7 +70,7 @@ in
 
       mkdir -p ${dataDir}/qBittorrent/config
       cp ${iniFile} ${dataDir}/qBittorrent/config/qBittorrent.conf
-      ${setup}
+      ${setup { inherit dataDir; config = "${dataDir}/qBittorrent/config/qBittorrent.conf"; }}
       ${package}/bin/qbittorrent-nox --webui-port=${toString port} --profile=${dataDir}
     '';
   };