That's more secure than most setups, the VPN with killswitch will defeat any and all attacks you're likely to encounter if you don't open files on that same VM.
What kind of firewall do you have? (Not on the VM, though something similar might work there also)
I use OPNSense and have an allow rule for the specific IP and port my VPN uses from that VM's IP. Then a block everything from the VM IP after the allow.
I can connect to the VPN no problem, updates and everything work through the VPN. When it goes down it trys to connect normally and fails.
DNS can be a problem when trying to connect to the VPN so make sure to use the IP
I can't speak to the paid ProtonVPN service, but their free tier doesn't allow torrenting. They'll disconnect you with a slap on the wrist error about it.
I'm trying to recreate this setup in my system. I'm running Ubuntu and I have everything in Docker. I have PIA running outside of Docker. I was also able to get Gluetun working in its own container, too. Does anyone have advice?
FDE is for physical attackers, it would have nothing to do with torrenting unless you're really intending on pissing off every single criminal legal authority and not just worried about civil suits from copyright holders.
Why would you need file encryption?
Not like having a drive full of movies is illegal...Except if OP has CSAM stuff inside. Than it should be very encrypted in case of loosing (or not depending if OP wants jail time).
file or disk encryption is only for protecting against attackers with physical access to the machine your VM is running on. Getting files from your server to local storage you should still use a secure connection and encrypted traffic to prevent ISP snooping, but going extreme on file encryption isn't necessary unless you're downloading actual heinous shit (CSAM) in which case you should go to jail.