This guide assumes you’ll be using some sort of upstream HTTP proxy to provide secure connections (SSL).
Before we get started I want to explain how I setup my environment otherwise these instructions may not make a lot of sense.
All “servers” (like this one) are virtual machines which run inside a Hyper-V environment. The physical host runs Windows Server which also acts as a domain controller. Data downloaded is shared on my network via the physical host using a network share. User validation is performed using AD and each virtual machine is assigned a unique AD account. The network share source is x4 Hitachi 10TB 7200RPM HDD’s configured in a RAID 5 array powered by an LSI card.
Effectively data is downloaded via SABNzbd, saved on the local virtual machine for post-processing (eg: extraction and validation), then copied to the network share located on the physical host.
- This setup keeps things clean, secure and encrypted.
- Allows me for format, change, or upgrade the host OS at any time.
- Provides an excellent balance of performance vs. price vs. maintenance.
- Keeps me in complete control – no automation which break things.
We should ensure our system is up to date:
apt-get update apt-get dist-upgrade
Let’s install some basic software:
apt-get install vnstat net-tools ntp build-essential
Although not required, I prefer to install the latest version of cifs-utils, I did note some odd error messages in terminal when using v6.2 (obtained via apt-get install on Debian 9.6):
cd /tmp wget --no-check-certificate https://download.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-6.8.tar.bz2 tar xvjf cifs-utils-6.8.tar.bz2 cd cifs-utils-6.8 ./configure make && make install
Because we are going save downloaded content on another machine (a folder shared on the network) we can instruct Linux to mount the other machine upon boot. To keep thing secure we can create a file as the user root (cannot be read by other users):
nano /root/.smbauth
Populate with the required network share login information:
username=download-vm password=password domain=your-domain
Create a group called “mediaservices”; which will give read and write access to downloaded content:
groupadd mediaservices
Now we need to create a user “mediaservice”:
adduser --gecos --disabled-password --disabled-login mediaservice
Using
--gecos
instructs the adduser command not to prompt for additional info.
Add the newly created user to the mediaservices group:
usermod -a -G mediaservices mediaservice
Create a directory called downloaded:
mkdir -p /media/downloaded
Edit the file fstab which allows us to automatically mount the network share upon boot:
nano /etc/fstab
Populate with either the DNS name or IP address and the name of the network share (connecting to Windows Server 2008 R2):
//192.168.24.49/Downloaded /media/downloaded cifs uid=1001,gid=1001,credentials=/root/.smbauth,vers=2.1,x-systemd.automount 0 0
In the example above, I’ve defined the user in which a connection should be made, I have also defined what user (uid=1001) and group gid=1001 the files written are used.
vers=2.1
defines the SMB version. I noted a huge performance gains!x-systemd.automount
allows the network to automatically activate the share when requested.
We now need to setup a “scratch disk”, a place where downloads can be repaired and extracted (doing this over CIFS is crazy slow – believe me, I’ve tried). Let’s start by downloading a few software requirements / dependencies:
apt-get install xfsprogs gdisk
Create a partition:
gdisk /dev/sdb
I prefer to format using XFS as it’s designed to handle larger files:
mkfs.xfs -f /dev/sdb1
Give it a volume name:
xfs_admin -L scratch /dev/sdb1
Get the ID of the new partition:
blkid /dev/sdb1
Ensure the new volume is mounted upon boot:
nano /etc/fstab
UUID=23e4e74e-9253-4686-b194-635112cf75af /media/scratch xfs defaults 0 0
Give your machine a reboot:
reboot
Create associated directories called scratch:
mkdir -p /media/scratch/completed mkdir -p /media/scratch/incomplete
Set correct ownership:
chown -R mediaservice:mediaservices /media/scratch
I always install the latest version of unRAR:
cd /tmp wget --no-check-certificate http://www.rarlab.com/rar/unrarsrc-5.5.8.tar.gz tar xzf unrarsrc-5.5.8.tar.gz cd unrar make && make install
Now we can install
apt-get install qbittorrent-nox
Create a startup file:
nano /etc/systemd/system/qbittorrent.service
Populate the startup file as required:
[Unit] Description=qBittorrent Daemon Service After=network.target [Service] User=mediaservice Group=mediaservices ExecStart=/usr/bin/qbittorrent-nox ExecStop=/usr/bin/killall -w qbittorrent-nox [Install] WantedBy=multi-user.target
Enabled the startup file you created:
systemctl enable qbittorrent
We need to agree to the license terms, run qbittorent-nox as the user mediaservice and agree to the terms. You also need to change the port number from :8080 to :8081 (as :8080 is also used by SABNzbd):
su - mediaservice -c "qbittorrent-nox"
We can now install SABNZbd, but we need to add the latest version into our local repositories. Let’s install a prerequisite:
apt-get install dirmngr apt-transport-https
Now add the repository to our sources and update:
echo "deb http://ppa.launchpad.net/jcfp/nobetas/ubuntu artful main" | tee /etc/apt/sources.list.d/sabnzbdplus.list echo "deb http://ppa.launchpad.net/jcfp/sab-addons/ubuntu artful main" | tee /etc/apt/sources.list.d/sab-addons.list apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F13930B14BB9F05F apt-get update
Install the latest stable version of SABNzbd:
apt-get install sabnzbdplus python-sabyenc par2-tbb
Instruct SABNZbd to run as the user mediaservice and allow access on any local IP:
sed -i 's/USER=/USER=mediaservice/g' /etc/default/sabnzbdplus sed -i 's/HOST=/HOST=0.0.0.0/g' /etc/default/sabnzbdplus
Add Sonarr to your local machines sources:
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FDA5DFFC echo "deb http://apt.sonarr.tv/ master main" | tee /etc/apt/sources.list.d/sonarr.list
Add the latest version of Mono to your local machines sources:
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF echo "deb https://download.mono-project.com/repo/debian stable-stretch main" | tee /etc/apt/sources.list.d/mono-official-stable.list apt-get update
Install Sonarr (which will also install the newer version of Mono):
apt-get install nzbdrone
Create a startup file:
nano /etc/systemd/system/sonarr.service
Populate as required:
[Unit] Description=Sonarr Daemon After=network.target [Service] User=mediaservice Group=mediaservices Type=simple ExecStart=/usr/bin/mono --debug /opt/NzbDrone/NzbDrone.exe -nobrowser TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target
Enable to startup file:
systemctl enable sonarr
Download and install Lidarr:
cd /tmp wget https://github.com/lidarr/Lidarr/releases/download/v0.5.0.583/Lidarr.develop.0.5.0.583.linux.tar.gz tar xzf Lidarr.develop.0.5.0.583.linux.tar.gz cp -R /tmp/Lidarr /opt
Create a startup file:
nano /etc/systemd/system/lidarr.service
Populate as required:
[Unit] Description=Lidarr Daemon After=network.target [Service] User=mediaservice Group=mediaservices Type=simple ExecStart=/usr/bin/mono --debug /opt/Lidarr/Lidarr.exe -nobrowser TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target
Enable the startup file:
systemctl enable lidarr
Download and install Radarr:
cd /tmp wget https://github.com/Radarr/Radarr/releases/download/v0.2.0.1217/Radarr.v0.2.0.1217.linux.tar.gz tar xzf Radarr.v0.2.0.1217.linux.tar.gz cp -R Radarr /opt/
Create a startup file:
nano /etc/systemd/system/radarr.service
Populate as required:
[Unit] Description=Radarr Daemon After=syslog.target network.target [Service] User=mediaservice Group=mediaservices Type=simple ExecStart=/usr/bin/mono --debug /opt/Radarr/Radarr.exe -nobrowser TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target
Enable the startup file:
systemctl enable radarr
Change ownership from root to mediaservice (mediaservices) of the Sonarr, Radarr, and Lidarr installations:
chown -R mediaservice:mediaservices /opt/
I usually install some sort of Internet traffic manager on any server which downloads / uploads:
apt-get install darkstat
Edit the Darkstat configuration file:
nano /etc/darkstat/init.cfg
Populate as required:
START_DARKSTAT=yes
DIR="/var/lib/darkstat" PORT="-p 666"
LOCAL="-l 192.168.24.X/255.255.255.0"