This Weekend I decided to challenge myself, to setting a Tranmisson Server with Arch Linux on a KVM. For those of you not aware Arch Linux is a minimalist, with a lot of self config; a rolling release with latest packages.
These are the steps I followed:
Boot The KVM with install ISO, which can be downloaded from here: https://www.archlinux.org/download/
Follow this guide https://wiki.archlinux.org/index.php/installation_guide until Initramfs, Then:
edit /etc/mkinitcpio.conf: MODULES=(virtio virtio_blk virtio_pci virtio_net)
mkinitcpio -p linux
set root password with passwd
create new user:
useradd -m -g users -s /bin/bash *username*
passwd *username*
pacman -S grub grub-bios
grub-install –target=i386-pc –recheck /dev/vda
pacman -S os-prober
mkdir -p /boot/grub/locale
cp /usr/share/locale/en@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
grub-mkconfig > /boot/grub/grub.cfg
exit
umount -R /mnt
reboot 0
You should now having a working Arch Linux install, but no network; check this guide to resolve:
Being as this a server, it should use a static IP address. Method 2 for static IP works.
add a nameserver to to /etc/resolv.conf e.g:
# Resolver configuration file.
# See resolv.conf(5) for details.
nameserver 1.1.1.1
edit /etc/sudoers to add user to sudo or drop sudo from the below commands and run as root instead.
Packages:
sudo pacman -S mlocate openvpn wget unzip python transmission-cli autofs nfs-utils intel-ucode polkit haveged iptables
update grub configuration for intel-ucode:
sudo grub-mkconfig -o /boot/grub/grub.cfg
The following is needed so ssh works on startup, without having to login in to the console first:
sudo systemctl enable haveged
iptables:
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i ens3 -o tun0 -j ACCEPT
sudo iptables -A OUTPUT -o tun0 -m comment --comment "vpn" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p icmp -m comment --comment "icmp" -j ACCEPT
sudo iptables -A OUTPUT -d 192.168.1.0/24 -o ens3 -m comment --comment "lan" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p udp -m udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p tcp -m tcp --sport 22 -m comment --comment "ssh" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p udp -m udp --dport 123 -m comment --comment "ntp" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p udp -m udp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -p tcp -m tcp --dport 53 -m comment --comment "dns" -j ACCEPT
sudo iptables -A OUTPUT -o ens3 -j DROP
replace 192.168.1.0/24 with your IP Range.
sudo su
iptables-save > /etc/iptables/iptables.rules
Openvpn configuration will vary depending on the provider, essentailly though provider will provide .opvn files for each server. This needs copying to a *.vpn, for example vpn.conf. Now create /etc/pass.txt add your vpn credentials, username first line; password 2nd. Update the following in vpn.conf:
auth-user-pass /etc/openvpn/pass.txt
sudo systemctl start openvpn@vpn
sudo systemctl enable openvpn@vpn
You can confirm you are no longer using your ISPs IP with:
curl ipinfo.io/ip
Network share
I’m assuming like me you downloading torrents to a network share, if not skip to Tranmssion Config
Using Autofs and /mnt/Transmission as the mount point:
sudo mkdir /mnt/Transmission
edit: /etc/autofs/auto.master
/- /etc/autofs/auto.server_name –timeout 15 browse
edit: /- /etc/autofs/auto.server_name
/mnt/Transmission IP of *server1*:*/path/to/share1*
sudo systemctl restart autofs
Tranmssion Config
sudo systemctl start transmisson
sudo systemctl stop transmisson
edit: /var/lib/transmission/.config/transmission-daemon/settings.json
You will want to update:
“download-dir”: “/mnt/Transmission/complete”,
“incomplete-dir”: “/mnt/Transmission/incomplete”,
“incomplete-dir-enabled”: true,
“rpc-password”: “password*,
“rpc-username”: “*username”,
optional limit to your network:
“rpc-whitelist”: “127.0.0.1,192.168.1.*”,
update 192.168.1 to your subnet.
sudo systemctl start transmisson
sudo systemctl enable transmisson
That’s it, like me you should now have a openvpn torrent server arch linux KVM.
Thanks Tom.
PS Feel Free to comment.
Sources:
https://wiki.archlinux.org/index.php/installation_guide
https://gist.github.com/tlatsas/5005963
http://allskyee.blogspot.com/2013/12/over-weekend-i-decided-to-give-arch.html
https://wiki.archlinux.org/index.php/Microcode
https://bbs.archlinux.org/viewtopic.php?id=241346
https://www.ostechnix.com/configure-static-dynamic-ip-address-arch-linux/
https://gist.github.com/superjamie/ac55b6d2c080582a3e64
https://wiki.archlinux.org/index.php/sysctl
https://wiki.archlinux.org/index.php/iptables
https://wiki.archlinux.org/index.php/autofs#Manual_NFS_configuration
https://discourse.osmc.tv/t/how-to-mounting-network-shares-with-autofs-alternative-to-fstab/74228
https://wiki.archlinux.org/index.php/transmission#Configuring_the_daemon
great