Do your part for the global "Linux distribution network" by building a dedicated, secure, torrent-downloading megalith that barely uses 10W of power. It is possible, and it will, of course, be based on a Raspberry Pi.
Downloading and seeding (you do seed, right? Good people seed to at least a 2.0 ratio) is an arduous task for any regular computer, and means you're sucking down far more electricity than you ought to be by having to leave it on overnight. What if you could offload that task to a low-powered Raspberry Pi, small enough to stuff under a floorboard and barely breaking 10W of power to do it all. That's exactly what I'll show you how to do today.
Here's the plan:
- Set up a Raspberry Pi with some USB storage, and move the system drive over to USB to extend the life of our SD card.
- Share that over the network.
- Configure a VPN so that all traffic is routed over the VPN, securely - and everything stops if that connection fails. We don't want out ISP knowing which Linux distro we favour.
- Install a remotely-manageable torrent client, Transmission.
Sounds complicated, doesn't it? No more than a few hundred Terminal commands, I assure you. A lot of this overlaps with our Raspberry Pi NAS tutorial, so if you're not so interested in the torrenting and VPN side of things, you might want to check that out instead.
USB Storage
Begin with a fresh Raspian install and connect the Ethernet interface, and plug in your USB storage (through a powered USB hub, or it's likely you'll face errors later as I did) - it needn't be formatted yet. Log in remotely with the default pi /raspberry username and password combination, then run:
sudo raspi-config
Change the amount of memory given over graphics to 16 megabytes - we'll be running this completely headless, so you don't need graphic memory. Exit, and let's setup some partitions on the USB. We're going to setup at least two - one to use for the system so as to preserve the life of our SD card, and the other one for downloads to be stored. Figure out first which drive is your USB.
tail /var/log/messages
In my case, it was easy to identify as "sda". With that in mind, adjust the following command to enter the fdisk utility on the appropriate device.
sudo fdisk /dev/sda
Press p to list current partitions. To delete any existing ones, press d. Create a new primary partition, with n, then p. When it asks you for size, enter +8G. Now go ahead and create another partition for your torrent data (again, primary), or more partitions too if you wish. W will write the new partition map to the drive when you're done.
Once the new table has been written, use the following commands to format the drives as linux ext4. Use additional commands if you partitioned your drive with more than two partitions.
sudo mkfs.ext4 /dev/sda1
sudo mkfs.ext4 /dev/sda2
sudo mkdir /mnt/systemdrive
sudo mkdir /mnt/torrents
sudo mount /dev/sda1 /mnt/systemdrive
sudo mount /dev/sda2 /mnt/torrents
df -h
The last command will confirm that you've got the partitions mounted correctly. Next, we want to copy the SD card data to the drive - this will extend its life by avoiding constant read/write operations to caches etc. Install rsync to do this:
sudo apt-get install rsync
sudo rsync -axv / /mnt/systemdrive
This will initiate a long series of file copying, so twiddle your fingers for a bit.
sudo cp /boot/cmdline.txt /boot/cmdline.orig
sudo nano /boot/cmdline.txt
Adjust this to read:
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/sda1 rootfstype=ext4 elevator=deadline rootwait rootdelay=5
Next, modify fstab to mount them on start up.
sudo nano /etc/fstab
Add the following lines:
/dev/sda1 / ext4 defaults,noatime 0 1
/dev/sda2 /mnt/torrents ext4 defaults 0 2
Comment out the following line which refers to the SD card:
#/dev/mmcblk0p2 / ext4 defaults,noatime 0 1
Reboot the Pi with
sudo reboot
Sorted! Your Pi will now mount a both a root data partition and your torrents partition
Share The Drive: Samba
Make sure we're updated first, remove Wolfram Mathematica packages which have always caused me trouble when doing absolutely anything on the Pi (something to do with math-kernel), then install the required packages
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get remove wolfram-engine
sudo apt-get install samba samba-common-bin
sudo nano /etc/samba/smb.conf
Hit CTRL-W and type "security" to find the following line, and uncomment it.
security = user
Add the following to define our torrents shared folder:
[torrents]
comment = torrents
path = /mnt/torrents
valid users = @users
force group = users
create mask = 0775
force create mode = 0775
security mask = 0775
force security mode = 0775
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775
browseable = yes
writeable = yes
guest ok = no
read only = no
Restart the Samba service:
sudo service samba restart
Next we need to add a user to the system. Replace "jamie" with your desired username which you'll be logging in with to access the shared folder. The following commands then ask you to create your passwords, the first at a system level and the next for Samba. Modify the last commands if you called your data drive something else (and here's a primer on file ownership in linux).
sudo useradd jamie -m -G users
sudo passwd jamie
sudo smbpasswd -a jamie
sudo chown pi:users /mnt/torrents
chmod g+w /mnt/torrents
Test - you should be able to connect from another machine on your network, and read/write files to the new share. Check they appear on the Pi too with ls from within the /mnt/torrents folder.
VPN Setup
Install the required packages
sudo apt-get install openvpn resolvconf
Download the OpenVPN config files from your provider. You can check out a list of the best VPNs here, but be sure to find one that's torrent-friendly. I use privacy.io myself, but Private Internet Access is another popular option within torrent communities. Either way, you should be able to grab a ZIP file of configurations and a certificate. Put these into your torrents folder, within a directory called openvpn. Modify the following command so it points to your config file, which will almost certainly differ from privacyIO.ovpn
sudo openvpn --client --config /mnt/torrents/openvpn/privacyIO.ovpn --ca /mnt/torrents/openvpn/privacy.ca.crt --script-security 2
If you get an output like this, you're good. Hit CTRL-C to terminate it. It's annoying having to type the password in though, and we need a few modifications to add start and stop scripts. Edit the config file (again, replace privacyIO.ovpn with the .ovpn file your provider gave you)
nano /mnt/torrents/openvpn/privacyIO.ovpn
Modify the following line first. Basically we're saying we'll store the username and password in a file called pass.txt
auth-user-pass /mnt/torrents/openvpn/pass.txt
Save, and type:
nano /mnt/torrents/pass.txt
Enter your username on the first line, and password on the next. Save, and try connecting again:
sudo openvpn --client --config /mnt/torrents/openvpn/privacyIO.ovpn --ca /mnt/torrents/openvpn/privacy.ca.crt --script-security 2
You shouldn't be bugged to log in this time. Yay! Next, open up the config file again, and add the following lines:
route-up /mnt/torrents/openvpn/route-up.sh
down-pre
down /mnt/torrents/openvpn/down.sh
This specifies some scripts we're going to create later to perform tasks when the connection either comes up successfully, or goes down. Make sure you're in the mnt/torrents/openvpn directory, then run the following:
nano route-up.sh
Add the following which ensures traffic is sent out over the VPN:
#!/bin/sh
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE
Next, create the down.sh script
nano down.sh
Add:
#!/bin/sh
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE
Finally, we want a script to open the connection, instead of starting it from the command line as we just did.
nano vpn.sh
Paste in the VPN launch command from before. In case you've forgotten:
sudo openvpn --client --config /mnt/torrents/openvpn/privacyIO.ovpn --ca /mnt/torrents/openvpn/privacy.ca.crt --script-security 2
Now, make all those scripts executable, and launch the VPN script at startup.
chmod +x down.sh
chmod +x route-up.sh
chmod +x vpn.sh
sudo nano /etc/rc.local
Add the following line before the exit 0 line. We're just telling it to start this script at startup.
/mnt/torrents/openvpn/vpn.sh
Finally, reboot your system again.
Log in again, and run ifconfig. You'll know it's working if you see an entry for tap0 (or tun0), and are able to successful curl a webpage:
curl https://www.makeuseof.com
The Torrent Client
Nearly there now. Finally, we're going to install Transmission, which is lightweight and has a nice web GUI. The following commands install, then stops the daemon - since we need to configure it first - then opens up the settings file for editing.
sudo apt-get install transmission-daemon
sudo /etc/init.d/transmission-daemon stop
sudo nano /etc/transmission-daemon/settings.json
Change "rpc-authentication-required" to false; change "rpc-whitelist" to include your local subnet - for example:
"rpc-whitelist": "127.0.0.1,10.0.1.*",
Add or adjust the following if already present:
"download-dir": "/mnt/torrents",
"watch-dir": "\/mnt\/torrents\/",
"watch-dir-enabled": true,
"umask": 2,
Next, edit the daemon startup file itself to deal with some permission problems.
sudo nano /etc/init.d/transmission-daemon
Change the USER=transmission-daemon to USER=root. Reload the daemon.
sudo service transmission-daemon reload
Finally, we'll install avahi-daemon to setup bonjour/zeroconf networking, which means we won't need to use the IP address of the Pi to access it from a browser - instead we'll be able to use the raspberrypi.local address.
sudo apt-get install avahi-daemon
Assuming your hostname is the default (raspberrypi, but can be changed using raspi-config), navigate to:
http://raspberrypi.local:9091/transmission/web/
First, check your torrent IP is being correctly disguised through the VPN. Download the test torrent file from TorGuard - the download graphic looks like an advertisement, but it isn't - and drop it in the torrents shared folder.
We've already configured Transmission to watch this folder for new torrents, so it should be added immediately. Go ahead and drop some legal Linux distro torrents in there as well.
The IP checking torrent should return an error, along with the IP address it detected. Make sure that isn't your home IP - if it is, the VPN hasn't been set up right. By default, any torrents you drop in the folder will be renamed to .added, and a .part file should be created until the transfer is finished. Verify this is the case in your shared folder.
That's it! You now have a super low-powered, secure, torrent-downloading Pi - leaving your workstation available for better things. You might now want to look at adding a UPnP server to for streaming media around the network, or using BitTorrent Sync to create your own cloud storage. What features will you be adding in?