Set up a RPi seedbox and media server

2 minute read

Raspberry Pis are cheap and extremely useful for computing small tasks. You can set up one of those with an HDD as a seedbox to download legal torrents such as Linux distributions and videos from the Internet Archive (wink wink).

A VPN for downloading torrents is always recommended, in my case I use NordVPN.

I thought it might be useful to write this down. I based my configuration on the Transmission Arch wiki, for more configurations head there.

Versions of software used

Software Version
OS Raspbian GNU/Linux 10 (buster)
nordvpn 3.8.6
transmission-daemon 2.94-2+deb10u1
minidlna 1.2.1+dfsg-1+b1

Install software

We need to install the missing software:

wget -O /tmp/nordvpn.deb https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn-release_1.0.0_all.deb
apt install /tmp/nordvpn.deb
apt update
apt install -y nordvpn transmission-cli transmission-daemon

Configure software

(as root)
systemctl enable --now nordvpnd
(as pi)
nordvpn login
nordvpn whitelist add subnet 192.168.1.0/24
nordvpn set killswitch on
nordvpn set autoconnect on [countrycode] p2p
nordvpn connect --group p2p

It is extremely important to set the whitelist on your local subnet, in my case 192.168.1.0/24, yours can be different. If you don’t do so, you’ll lose connectivity and it will become quite difficult to login with SSH on your Raspberry.

Moreover you won’t be able to stream content on your local network.

If you are not using NordVPN you can configure your iptables not to use the VPN on the local network. If you use an OpenVPN text file for config, it’s as easy as adding to it:

push "route <network> <subnet>"

In my case it would be:

push "route 192.168.1.0 255.255.255.0"

Edit .config/transmission-daemon/settings.json to your liking, it is important to enable RCP and add your IP to the RCP whitelist. To allow access only from your subnet set RCP whitelist to something like:

"rpc-whitelist": "127.0.0.1,192.168.1.*"

Manage privileges

Separating privileges and groups is an important security feature. Create a new group to access your HDD download location and a user for transmission:

groupadd torrents
useradd --create-home --groups torrents transmission

Change the transmission service to run with dedicated user:

# cat /lib/systemd/system/transmission-daemon.service
[Unit]
Description=Transmission BitTorrent Daemon
After=network.target

[Service]
User=transmission
#User=debian-transmission
Type=notify
ExecStart=/usr/bin/transmission-daemon -f --log-error
ExecStop=/bin/kill -s STOP $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID
[Install]
WantedBy=multi-user.target   

Then restart the Transmission daemon.

systemctl restart transmission-daemon.service

You now can reach the RCP interface on your local network with a browser (at http://RPi_IP:9091/transmission/web/) or an app such as Tremotesf with the same IP.

On the interface or on the .config/transmission-daemon/settings.json set the download location of your torrents on your HDD, mine is mounted on /media/hdd/.

"download-dir": "/media/hdd/torrents/complete",
"incomplete-dir": "/media/hdd/torrents/incomplete",   

Stream torrents on your local network

The UNIX tool minidlna (Arch wiki) allows you to broadcast on your local network (i.e. smart TV, tablets (VLC) and other PCs) the media content you downloaded. Install minidlna and assign right permissions to the HDD folder (in my case mounted on /media/hdd/) and start it.

apt install minidlna
usermod -aG torrents minidlna
cd /media/
chown -R pi:torrents hdd/
chmod -R g+rwx hdd/

Configure minidlna modifying /etc/minidlna.conf.

user=minidlna
media_dir=/media/hdd/torrents/complete
merge_media_dirs=yes
inotify=yes
network_interface=eth0
friendly_name=your preferred name

Then start minidlna and you are ready to go:

systemctl enable --now minidlna

Nice to have tools

  • Using the tTorrent search (F-Droid) app you can search and add torrents to the seedbox through Tremotesf (F-Droid).
  • Port forwarding (not covered here) allows you to access the seedbox controls remotely (set a strong authentication method!)

Comments