[Guide] Very basic Wireguard (Mullvad), qBittorrent, External Storage, Pi-Hole and Rpi Monitor setup

Guides and tutorials for various stuff. Posted by DietPi users.
Post Reply
ghettopi
Posts: 37
Joined: Tue Jul 30, 2019 8:17 pm

[Guide] Very basic Wireguard (Mullvad), qBittorrent, External Storage, Pi-Hole and Rpi Monitor setup

Post by ghettopi » Sat Sep 14, 2019 12:05 am

You'll need to replace anything in <> with your own specific requirements/file names/et cetera.

Pre-guide (before install):

# Port Forward the Port we will be using for Wireguard in our router (Port: 51820)

# Set up your Raspberry Pi 4 following the guide with default settings (or at least know what you are doing when you set it up) and disable IPv6 because it's stupid.
# Recommended to use Ethernet for better performance and speeds and for external storage use at the very least a USB 3.0 HDD or USB-SSD.
# NB! Keep a SEPARATE USB of at least 4GB in size which will be used for backups and which will be formatted as ext4 which will be UNREADABLE in Windows unless you use e.g. ext2fsd but then make sure to NEVER write files to the USB from Windows or you risk serious issues! (Reading and copying FROM is okay). Saving backups to the Micro SD or External HDD is NOT a good idea. You have been warned!
# After RPi 4 Dietpi first installation, you can now follow these steps:

# Update repositories

Code: Select all

apt update
# Upgrade any packages that have updates

Code: Select all

apt upgrade
# Remove any unneeded/unused packages

Code: Select all

apt autoremove
# Reboot

Code: Select all

reboot now
# NB! To back up everything (and not have to do all the below s*** again) run this after each steps success
# You can run this command later with a 1 at the end to quickly run the backup with your last used config

Code: Select all

dietpi-backup
# Configure your backup location to an EMPTY directory on a SEPARATE USB formatted as ext4 using the above command
# Then run the backup after each fill stage has been completed or you risk having to do everything all over from the beginning
----------------------------

# Install ufw "Uncomplicated Firewall" (it's better than fail2ban, don't install fail2ban)
# Make sure we also allow SSH (duhh, so we don't get locked out) and Wireguard to pass through

Code: Select all

apt install ufw
ufw allow 22/tcp
ufw allow 51820/udp
ufw enable
----------------------------

# Use the drive manager to automatically set up your external drive and automatically install any necessary and missing drivers (don't attempt to edit fstab directly)
# Pick the options and mount location you want yourself and format as necessary

Code: Select all

dietpi-drive_manager
# Check the drive mounted and contents (if any) are available

Code: Select all

cd /mnt/<yourdrive>
# Reboot

Code: Select all

reboot now
----------------------------

# Set up Samba

Code: Select all

nano /etc/samba/smb.conf
# Add the following entry to Samba, called 'storage' in Windows file system
# Requires username (root) and your password to open
# If having issues, access the share with the direct IP from windows --> mine is: \\192.168.2.130
# then map it to Z:\ (or what-ever drive letter you wish)

Code: Select all

[storage]
	comment = USB HDD
	path = /mnt/<external_hdd_drive_directory>
	browseable = yes
	create mask = 0775
	directory mask = 0775
	valid users = root
	public = no
	writeable = yes
# Restart Samba and check in Windows that that you can write/delete etc.

Code: Select all

service smbd restart
----------------------------

# Set up Wireguard (use this over OpenVPN if you want less resource usage and better speeds)

# Use the Mullvad Wireguard config creator to make a conf to a server you wish to use. Don't use the killswitch option because it isn't supported in the Dietpi kernel. If you want to play with that, do it at your own risk. Also uncheck IPv6 (because it sucks) or at the very least if you are stupid enough to use that, make sure you are actually using IPv6 and have it enabled on your device and router lol... otherwise errors.

# Copy the Mullvad config file from Network storage to Wireguard folder

Code: Select all

cp /mnt/<yourdrive>/<yourconfig>.conf /etc/wireguard
# Quickly test with

Code: Select all

wg-quick up <yourconfig>.conf
# Run also this to check your VPN is connected

Code: Select all

wg show
# Check your IP changed (exit with CTRL+C):

Code: Select all

curl ifconfig.me
# Enable the VPN on boot (make sure to run without the .conf at the end)

Code: Select all

systemctl enable [email protected]<yourconfig>
# Reboot and check that it's still working, and pray to the Linux gods you still have SSH access

Code: Select all

reboot now
# Seriously do a backup now... I'm not joking.

----------------------------

# Install and set up qBittorrent with SOCKS5 for added security (this is also how we still get a working kill switch)

# Install qBittorrent with the dietpi-software tool

Code: Select all

dietpi-software
# Follow instructions to properly configure qBittorrent here: https://mullvad.net/en/guides/socks5-proxy/
# Remember to use 10.64.0.1 for SOCKS5 because we're on Wireguard

# Then test with the magnet link at (also can test with some others): https://torguard.net/checkmytorrentipaddress.php
# Also test DL speeds with a good seedboxed torrent like from a private tracker with many seeds on seedboxes.
# Do your own tests to make sure that you are 'connectable' for seeding
# Probably also a good idea to use htop to check your average resource usage now and make sure everything looks normal or install a monitor like in the below stage

Code: Select all

htop
----------------------------

# Install R-Pi Monitor so we can easily check CPU usage and temps, RAM usage, storage usage and for newly available packages to update all from a browser

# (Optional) Enable basic Network monitoring (total up/down) by uncommenting the entries with "#' in

Code: Select all

nano /etc/rpimonitor/template/network.conf
# Restart the monitor with

Code: Select all

service rpimonitor restart
----------------------------

# Install Pi-Hole (use the dietpi-software tool for this)

# Ensure your dietpi is on a static IP and in setup, set the default gateway as your router

# Add these URLS to the Blacklist (only those green and with check mark unless you want lots of problems)
https://wally3k.github.io/

# (IMPORTANT!!!) Add these (as needed) to the Whitelist: https://discourse.pi-hole.net/t/commonl ... omains/212

# Set Pi-Hole DNS to 1.1.1.1 (don't be stupid and use Google's, Quad-9 is also okay (9.9.9.9))

# Enable the Pi-Hole by setting your router's DNS as the dietpi's I.P. address (check your router manual or Youtube for help)

# Go to some sites with loads of ads and verify that it's working. Then spend a few hours tweaking your blacklist as you see fit, but make sure to whitelist important domains or you WILL face a bad experience

----------------------------

# Additional Stuffs

# iptables commands: https://www.digitalocean.com/community/ ... wall-rules
This is good for information om allowing things through ufw which is necessary for other services.

# Speedtest command: curl -s https://raw.githubusercontent.com/sivel ... eedtest.py | python -
Nice for knowing your speeds whilst VPN is on/off without needing a browser![/code]
Last edited by ghettopi on Mon Sep 16, 2019 6:21 pm, edited 7 times in total.

ghettopi
Posts: 37
Joined: Tue Jul 30, 2019 8:17 pm

Re: [Guide] Very basic Wireguard (Mullvad), qBittorrent, External Storage, Pi-Hole and Rpi Monitor setup

Post by ghettopi » Mon Sep 16, 2019 3:38 pm

16/09/19 - v1.1 Updated and made a lot of the steps easier and reduced the chance you'll run into errors when setting up.

Edits to be made in the future:

1. Add optional steps to change file permissions on external drive and in Samba
2. Add additional links to helpful docs

Post Reply