01〉 Copy the operating system to a Micro SD Card using
dd if=2017-08-16-raspbian-stretch-lite.img of=/dev/mmcblk0 bs=4M
02〉 Create an empty file named ssh at /boot
03〉 In /boot/config.txt, add
# Enable the activity LED when the micro SD card is accessed dtparam=act_led_activelow=on
04〉 Copy the files ca.rsa.2048.crt and crl.rsa.2048.pem (provided by the PIA VPN service) to /home/pi
05〉 In /etc/hostname and /etc/hosts, replace raspberrypi by micro
06〉 In /etc/wpa_supplicant/wpa_supplicant.conf, change the country code to PT and add
network={ ssid="<WiFi network SSID>" psk="<password>" }
07〉 Power ON
08〉 Access the Raspberry Pi through SSH (user: pi, password: raspberry)
09〉 Update old packages , if any, using
sudo apt-get update
followed by
sudo apt-get upgrade
10〉 Install Deluge (including the Web UI), openVPN and Samba using
sudo apt-get install deluged deluge-web openvpn samba
11〉 Create the deluge user using
sudo adduser --system --group --disabled-password --home /var/lib/deluge deluge
12〉 Remove the init.d scripts related to Deluge using
sudo /etc/init.d/deluged stop
followed by
sudo rm /etc/init.d/deluged
and
sudo update-rc.d deluged remove
13〉 In /etc/systemd/system, create an empty file named deluge-web.service and add
[Unit] Description=Deluge BitTorrent client web interface #After=deluged.service #Requisite=deluged.service StartLimitIntervalSec=0 [Service] Type=simple User=deluge Group=deluge UMask=0022 ExecStart=/usr/bin/deluge-web RestartSec=10 Restart=always [Install] WantedBy=multi-user.target
14〉 In the same directory, create an empty file named deluged.service and add
[Unit] Description=Deluge BitTorrent client daemon After=network-online.target #BindsTo=firewall.service StartLimitIntervalSec=0 [Service] Type=simple User=deluge Group=deluge UMask=0022 ExecStart=/usr/bin/deluged -d RestartSec=10 Restart=always [Install] WantedBy=multi-user.target
15〉 Start these services using
sudo systemctl start deluged.service deluge-web.service
16〉 Once the folder /var/lib/deluge/.config/deluge is populated, stop these services using
sudo systemctl stop deluged.service deluge-web.service
17〉 Uncomment the commented lines (#) in deluged.service and deluge-web.service
18〉 In /var/lib/deluge/.config/deluge, edit the file core.conf and change
"max_active_limit": 10 "max_active_downloading": 10 "max_active_seeding": 10
19〉 Similarly, edit the file web.conf and change
"sidebar_show_zero": true "session_timeout": 43200 "default_daemon": "127.0.0.1:58846" "port": 8000
20〉 Backup these files using
for f in /var/lib/deluge/.config/deluge/{core,web}.conf; do sudo cp $f{,.backup}; done
21〉 In /etc/openvpn, create an empty file named pia.conf and add
client dev tun remote nl.privateinternetaccess.com 1198 proto udp resolv-retry infinite nobind cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass credentials.txt comp-lzo verb 1 reneg-sec 0 crl-verify crl.rsa.2048.pem ca ca.rsa.2048.crt tls-exit ping-exit 600 auth-retry none
22〉 In the same directory, create an empty file named credentials.txt with permissions 0600 and add
<PIA VPN username> <PIA VPN password>
23〉 In /etc/systemd/system, create the directory openvpn@pia.service.d
24〉 Inside this new directory, create an empty file named override.conf and add
[Unit] After=firewall.service BindsTo=firewall.service StartLimitIntervalSec=0 [Service] RestartSec=10 Restart=always
25〉 Move the files ca.rsa.2048.crt and crl.rsa.2048.pem from /home/pi to /etc/openvpn
26〉 In /etc/samba, clear the file smb.conf and add
[global] create mask = 0744 directory mask = 0755 disable netbios = yes disable spoolss = yes dns proxy = no force create mode = 0600 force directory mode = 0755 guest account = deluge load printers = no log file = /var/log/samba/samba.log log level = 0 map to guest = Bad User max log size = 5000 printcap name = /dev/null printing = bsd security = user server string = SMB workgroup = GROUP [shared] browseable = no guest ok = yes max connections = 5 only guest = yes path = /var/lib/deluge/Downloads writable = no
27〉 In /etc, create an empty file named resolv.conf.head and add
nameserver 84.200.69.80 nameserver 84.200.70.40
28〉 In /etc/systemd/system, create an empty file named firewall.service and add
[Unit] Description=Firewall rules for VPN Before=network-pre.target Wants=network-pre.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE ExecStart=/sbin/iptables -A OUTPUT -o tun+ -j ACCEPT ExecStart=/sbin/iptables -A OUTPUT -o lo -j ACCEPT ExecStart=/sbin/iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT ExecStart=/sbin/iptables -A OUTPUT -p udp -m udp --dport 1198 -j ACCEPT ExecStart=/sbin/iptables -A OUTPUT -j DROP [Install] WantedBy=multi-user.target
29〉 Enable the relevant services to automatically start at boot time using
sudo systemctl enable firewall.service openvpn@pia.service deluged.service deluge-web.service
30〉 Power-off the Raspberry Pi using
sudo poweroff
Installation concluded, the Raspberry Pi is ready to roll.