Pre-guide (before install):
# Port Forward the Port we will be using for Wireguard in our router (Port: 51820)
# Set up your Raspberry Pi 4 following the guide with default settings (or at least know what you are doing when you set it up) and disable IPv6 because it's stupid.
# Recommended to use Ethernet for better performance and speeds and for external storage use at the very least a USB 3.0 HDD or USB-SSD.
# After RPi 4 Dietpi first installation, you can now follow these steps:# NB! Keep a SEPARATE USB of at least 4GB in size which will be used for backups and which will be formatted as ext4 which will be UNREADABLE in Windows unless you use e.g. ext2fsd but then make sure to NEVER write files to the USB from Windows or you risk serious issues! (Reading and copying FROM is okay). Saving backups to the Micro SD or External HDD is NOT a good idea. You have been warned!
# Update repositories
Code: Select all
apt update
Code: Select all
apt upgrade
Code: Select all
apt autoremove
Code: Select all
reboot now
----------------------------# NB! To back up everything (and not have to do all the below s*** again) run this after each steps success
# You can run this command later with a 1 at the end to quickly run the backup with your last used config# Configure your backup location to an EMPTY directory on a SEPARATE USB formatted as ext4 using the above commandCode: Select all
dietpi-backup
# Then run the backup after each fill stage has been completed or you risk having to do everything all over from the beginning
# Install ufw "Uncomplicated Firewall" (it's better than fail2ban, don't install fail2ban)
# Make sure we also allow SSH (duhh, so we don't get locked out) and Wireguard to pass through
Code: Select all
apt install ufw
ufw allow 22/tcp
ufw allow 51820/udp
ufw enable
# Use the drive manager to automatically set up your external drive and automatically install any necessary and missing drivers (don't attempt to edit fstab directly)
# Pick the options and mount location you want yourself and format as necessary
Code: Select all
dietpi-drive_manager
Code: Select all
cd /mnt/<yourdrive>
Code: Select all
reboot now
# Set up Samba
Code: Select all
nano /etc/samba/smb.conf
# Requires username (root) and your password to open
# If having issues, access the share with the direct IP from windows --> mine is: \\192.168.2.130
# then map it to Z:\ (or what-ever drive letter you wish)
Code: Select all
[storage]
comment = USB HDD
path = /mnt/<external_hdd_drive_directory>
browseable = yes
create mask = 0775
directory mask = 0775
valid users = root
public = no
writeable = yes
Code: Select all
service smbd restart
# Set up Wireguard (use this over OpenVPN if you want less resource usage and better speeds)
# Use the Mullvad Wireguard config creator to make a conf to a server you wish to use. Don't use the killswitch option because it isn't supported in the Dietpi kernel. If you want to play with that, do it at your own risk. Also uncheck IPv6 (because it sucks) or at the very least if you are stupid enough to use that, make sure you are actually using IPv6 and have it enabled on your device and router lol... otherwise errors.
# Copy the Mullvad config file from Network storage to Wireguard folder
Code: Select all
cp /mnt/<yourdrive>/<yourconfig>.conf /etc/wireguard
Code: Select all
wg-quick up <yourconfig>.conf
Code: Select all
wg show
Code: Select all
curl ifconfig.me
Code: Select all
systemctl enable wg-quick@<yourconfig>
Code: Select all
reboot now
----------------------------
# Install and set up qBittorrent with SOCKS5 for added security (this is also how we still get a working kill switch)
# Install qBittorrent with the dietpi-software tool
Code: Select all
dietpi-software
# Remember to use 10.64.0.1 for SOCKS5 because we're on Wireguard
# Then test with the magnet link at (also can test with some others): https://torguard.net/checkmytorrentipaddress.php
# Also test DL speeds with a good seedboxed torrent like from a private tracker with many seeds on seedboxes.
# Do your own tests to make sure that you are 'connectable' for seeding
# Probably also a good idea to use htop to check your average resource usage now and make sure everything looks normal or install a monitor like in the below stage
Code: Select all
htop
# Install R-Pi Monitor so we can easily check CPU usage and temps, RAM usage, storage usage and for newly available packages to update all from a browser
# (Optional) Enable basic Network monitoring (total up/down) by uncommenting the entries with "#' in
Code: Select all
nano /etc/rpimonitor/template/network.conf
Code: Select all
service rpimonitor restart
# Install Pi-Hole (use the dietpi-software tool for this)
# Ensure your dietpi is on a static IP and in setup, set the default gateway as your router
# Add these URLS to the Blacklist (only those green and with check mark unless you want lots of problems)
https://wally3k.github.io/
# (IMPORTANT!!!) Add these (as needed) to the Whitelist: https://discourse.pi-hole.net/t/commonl ... omains/212
# Set Pi-Hole DNS to 1.1.1.1 (don't be stupid and use Google's, Quad-9 is also okay (9.9.9.9))
# Enable the Pi-Hole by setting your router's DNS as the dietpi's I.P. address (check your router manual or Youtube for help)
# Go to some sites with loads of ads and verify that it's working. Then spend a few hours tweaking your blacklist as you see fit, but make sure to whitelist important domains or you WILL face a bad experience
----------------------------
# Additional Stuffs
# iptables commands: https://www.digitalocean.com/community/ ... wall-rules
This is good for information om allowing things through ufw which is necessary for other services.
# Speedtest command:
Code: Select all
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -