LMDE 6 Setup
The unusual thing happened today. You know, the thing where you notice that your BIOS is out of date and you upgrade it but it wipes out your install in a way where it is quicker, and more trustworthy, to reinstall from backup than to fix. That thing. Anyway, I thought I should document it, mainly for myself but it might be of interest to others.
Almost everything is the result of personal choice so I admit this isn't the way that most people set up their Linux Mint Debian Edition installation so beware. :)
Table of Contents
Remove unwanted programs
This is, of course a personal choice. There is nothing wrong with the applications, it is just that after years of using different distro's I have become used to a certain mix of programs.
sudo apt remove celluloid drawing hexchat hypnotix pix sticky redshift rhythmbox xed transmission-gtk warpinator
Install native programs
Again, this is personal choice. You can read a list of programs I have liked over the years here.
sudo apt install filezilla geany gedit git krita remmina transgui vorta
Vorta
It is nearly always the same problem with Vorta. The ssh key does not have the right permissions and Vota throws a strange "Connection refused, is borg running on server" error. That isn't exact but close enough. It isn't the server, it isn't borg, it is the permissions on your ssh keys.
You want them to be....
Item | Sample | Numeric | Bitwise |
---|---|---|---|
SSH folder | ~/.ssh | 700 | drwx------ |
Public key | ~/.ssh/id_rsa.pub | 644 | -rw-r--r-- |
Private key | ~/.ssh/id_rsa | 600 | -rw------- |
And you can do that fairly easily with,
chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && chmod 644 ~/.ssh/*.pub
Install Flatpaks
As above, so below. You'll note I use the flatpak of digikam instead of the native version. This is because the Debian Bookworm version of digikam was compiled without video support. Bloody annoying.
flatpak install bitwarden TuxGuitar playitslowly Flacon Flatseal FreeTube ytdn flatsweep Ferdium iotas digikam torbrowser-launcher
Install Mullvad applications
Original or updated instructions here.
I like Mullvad. I am not keen on the amount of tracking that goes on and they provide a good service. It is always nice to see what works and what doesn't and where it doesn't. Also it is good to see your own websites from anothers point of view. Generally the only place they do stuff me up is if I am changing the DNS of a website as their servers don't refresh as often or some file transfers. Otherwise, all good.
Download the Mullvad signing key
sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc
Add the Mullvad repository server to apt
echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
Install the packages
sudo apt update
sudo apt install mullvad-vpn mullvad-browser
Possible problems
Mullvad apt error
You may get an error when updating the Mullvad apt repository with LMDE because the command automatically inserts the release name expecting a Debian release name (bookworm, bullseye, etc...) but the release name of LMDE 6 is faye so it errors with,
Err:8 https://repository.mullvad.net/deb/stable faye Release
404 Not Found [IP: 45.149.104.1 443]
Reading package lists... Done
E: The repository 'https://repository.mullvad.net/deb/stable faye Release' does not have a Release file.
This can be easily fixed by editing the file source file and changing the release name from faye to bookworm.
sudo
nano /etc/apt/sources.list.d/mullvad.list
Syncthing
Original or updated instructions here.
Add the release PGP keys
sudo mkdir -p /etc/apt/keyrings
sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
Add the stable channel to apt
echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
Install
sudo apt update && sudo apt install syncthing
Enable at startup
You will need to replace the <username> part with your actual username.
sudo systemctl enable syncthing@<username>.service
Check service is running
You will need to replace the <username> part with your actual username.
sudo systemctl status syncthing@<username>.service
Possible problems
Encrypted home folder
If you have an encrypted home folder or drive that is unencrypted after syncthing is started then you either need to restart syncthing after the unencryption or, as in the case of an encrypted home folder, add syncthing to the startup list instead of starting it at boot. Otherwise it will error as the files are not yet accessible.
Force resync
Original or updated instructions here.
To force a resync of selected files you can update the modification timestamp (mtime) of each file using,
find /path/to/folder/to/force/sync -type f -print0 | xargs -0 -n1 touch
It's a bit blunt, but it works.
Inotify - To many files
If you have a lot of files then you may get an inotify limit error. To increase the inotify limit after reboot,
echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.conf
To make it increase immediatly,
echo 204800 | sudo tee /proc/sys/fs/inotify/max_user_watches
Firewall ports
22000/TCP - TCP based sync protocol traffic
22000/UDP - QUIC based sync protocol traffic
21027/UDP - for discovery broadcasts on IPv4 and multicasts on IPv6
You can open these ports on the UFW firewall using the command.
sudo ufw allow syncthing
Original or updated instructions here.