diff --git a/secrets/ntfy.yaml b/secrets/ntfy.yaml
index a54d147..09a3dd3 100644
--- a/secrets/ntfy.yaml
+++ b/secrets/ntfy.yaml
@@ -2,6 +2,9 @@ ntfy:
     default:
         user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str]
         password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str]
+    tokens:
+        homeserver: ENC[AES256_GCM,data:nQlSIXKKzTX+Ucums5IPuBcn8va6GlfGQmRZrlQsleU=,iv:KD+PmttUmCt3l6cbjjRgp6IaF5WvfJ6oSHxpzbvtDA8=,tag:ZFSGY8gDu46GTYa59v0K+Q==,type:str]
+        tigor: ENC[AES256_GCM,data:zDFlF8aQFzMdmwKk0xwxMQxnCIXA0sy45jMKEzDNFzs=,iv:KWveN6sbH1NTCMK+XkVUPbIIR7L2e9y6sq/WiFY9bQA=,tag:sTpuFyQ9Hwuzjvem/DO3jw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -17,8 +20,8 @@ sops:
             VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0
             k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-05T02:52:58Z"
-    mac: ENC[AES256_GCM,data:CCLd4p+6V4P2ioE2lKoPctbQ9/d/DcS7m895l3+ty48JT0iZMx32gBubn0TGvdjp6x705uSYZySkM2YACFMhkifuLMxeGLGJu1rBfrXO2bYuHDAhni5fLP/XIsC+FlPbHEOXAnYpAO0y1TLBw7xKz8Tjl3yAC0L00LzIS6URir0=,iv:akFHjwnO9gtZ73NMI8pj0J87q5D6U9SiNLzfRfJUE90=,tag:CMNqOnREytCrEo+bh2l1BA==,type:str]
+    lastmodified: "2024-09-07T11:09:18Z"
+    mac: ENC[AES256_GCM,data:CcmQ0JFeuXMZ1VmBiGrLFw/8fiTOLervBtmlXmpl/GvfsDk3JeTTUqPV3RoVmw4yfQ/lCpjpXKrEOrVxO+/oc+NWcuQ9OGRuluDiFg7A2GLk9vniDEtrCbk/0oibL4Hu3P4K8oDcVuJkZhoqgTwN98suk3go7RCA9VhUDtejxTM=,iv:6gVmT1I5suLGG3nS4dX5S1v6bYPzxwZw08/yHkm75pU=,tag:f1wDeoFpFVWTU/HUah3Prw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/system/podman/qbittorrent.nix b/system/podman/qbittorrent.nix
index 4fe9f1d..32c2d68 100644
--- a/system/podman/qbittorrent.nix
+++ b/system/podman/qbittorrent.nix
@@ -1,10 +1,11 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   name = "qbittorrent";
   domain = "${name}.tigor.web.id";
   podman = config.profile.podman;
   qbittorrent = podman.qbittorrent;
   inherit (lib) mkIf;
+  inherit (lib.strings) optionalString;
   ip = "10.88.0.7";
   image = "lscr.io/linuxserver/qbittorrent:latest";
   volume = "/nas/torrents";
@@ -23,35 +24,80 @@ in
       chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
     '';
 
-    virtualisation.oci-containers.containers.${name} = {
-      inherit image;
-      hostname = name;
-      autoStart = true;
-      environment = {
-        PUID = uid;
-        PGID = gid;
-        TZ = "Asia/Jakarta";
-        WEBUI_PORT = "8080";
-        TORRENTING_PORT = "6881";
-      };
-      volumes = [
-        "${volume}/config:/config"
-        "${volume}/downloads:/downloads"
-        "${volume}/progress:/progress"
-        "${volume}/watch:/watch"
-      ];
-      ports = [
-        "6881:6881"
-        "6881:6881/udp"
-      ];
-      extraOptions = [
-        "--ip=${ip}"
-        "--network=podman"
-      ];
-      labels = {
-        "io.containers.autoupdate" = "registry";
+
+    sops = {
+      secrets =
+        let
+          opts = { sopsFile = ../../secrets/ntfy.yaml; };
+        in
+        {
+          "ntfy/tokens/homeserver" = opts;
+        };
+      templates = {
+        "qbittorrent-ntfy-env".content = /*sh*/ ''
+          NTFY_TOKEN=${config.sops.placeholder."ntfy/tokens/homeserver"}
+        '';
       };
     };
+
+    virtualisation.oci-containers.containers.${name} =
+      let
+        finish-notify-script = pkgs.writeScriptBin "notify-finish.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ ''
+          #!/bin/bash
+          # $1 = %N  | Torrent Name
+          # $2 = %L  | Category
+          # $3 = %G  | Tags
+          # $4 = %F  | Content Path
+          # $5 = %R  | Root Path
+          # $6 = %D  | Save Path
+          # $7 = %C  | Number of files
+          # $8 = %Z  | Torrent Size
+          # $9 = %T  | Current Tracker
+          # $10 = %I  | Info Hash v1
+          # $11 = %J | Info Hash v2
+          # $12 = %K | Torrent ID
+
+          curl -X POST \
+            -H "Authorization: Bearer $NTFY_TOKEN" \
+            -H "X-Title: '$1' finished downloading" \
+            -H "X-Tags: white_check_mark,$2" \
+            -d "Number of Files: $7, Size: $8" \
+            https://ntfy.tigor.web.id/qbittorrent-finish
+        '');
+      in
+      {
+        inherit image;
+        hostname = name;
+        autoStart = true;
+        environment = {
+          PUID = uid;
+          PGID = gid;
+          TZ = "Asia/Jakarta";
+          WEBUI_PORT = "8080";
+          TORRENTING_PORT = "6881";
+        };
+        volumes = [
+          "${volume}/config:/config"
+          "${volume}/downloads:/downloads"
+          "${volume}/progress:/progress"
+          "${volume}/watch:/watch"
+          "${finish-notify-script}/bin/notify-finish.sh:/bin/notify-finish"
+        ];
+        ports = [
+          "6881:6881"
+          "6881:6881/udp"
+        ];
+        extraOptions = [
+          "--ip=${ip}"
+          "--network=podman"
+        ];
+        environmentFiles = [
+          config.sops.templates."qbittorrent-ntfy-env".path
+        ];
+        labels = {
+          "io.containers.autoupdate" = "registry";
+        };
+      };
   };
 }