Last Updated:

LMDE 6 Setup

Tane Harre
Tane Harre LMDE6

The unusual thing happened today. You know, the thing where you notice that your BIOS is out of date and you upgrade it but it wipes out your install in a way where it is quicker, and more trustworthy, to reinstall from backup than to fix. That thing. Anyway, I thought I should document it, mainly for myself but it might be of interest to others.

Almost everything is the result of personal choice so I admit this isn't the way that most people set up their Linux Mint Debian Edition installation so beware. :)

Table of Contents

Remove unwanted programs

This is, of course a personal choice. There is nothing wrong with the applications, it is just that after years of using different distro's I have become used to a certain mix of programs.

sudo apt remove celluloid drawing hexchat hypnotix pix sticky redshift rhythmbox xed transmission-gtk warpinator

Install native programs

Again, this is personal choice. You can read a list of programs I have liked over the years here

sudo apt install filezilla geany gedit git krita remmina transgui vorta

Vorta

It is nearly always the same problem with Vorta. The ssh key does not have the right permissions and Vota throws a strange "Connection refused, is borg running on server" error. That isn't exact but close enough. It isn't the server, it isn't borg, it is the permissions on your ssh keys.

You want them to be....

ItemSampleNumericBitwise
SSH folder~/.ssh700drwx------
Public key~/.ssh/id_rsa.pub644-rw-r--r--
Private key~/.ssh/id_rsa600-rw-------

And you can do that fairly easily with,

chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && chmod 644 ~/.ssh/*.pub

Install Flatpaks

As above, so below. You'll note I use the flatpak of digikam instead of the native version. This is because the Debian Bookworm version of digikam was compiled without video support. Bloody annoying.

flatpak install bitwarden TuxGuitar playitslowly Flacon Flatseal FreeTube ytdn flatsweep Ferdium iotas digikam torbrowser-launcher

Install Mullvad applications

Original or updated instructions here.

I like Mullvad. I am not keen on the amount of tracking that goes on and they provide a good service. It is always nice to see what works and what doesn't and where it doesn't. Also it is good to see your own websites from anothers point of view. Generally the only place they do stuff me up is if I am changing the DNS of a website as their servers don't refresh as often or some file transfers. Otherwise, all good.

Download the Mullvad signing key

sudo curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc

Add the Mullvad repository server to apt

echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list

Install the packages

sudo apt update
sudo apt install mullvad-vpn mullvad-browser

Possible problems

Mullvad apt error

You may get an error when updating the Mullvad apt repository with LMDE because the command automatically inserts the release name expecting a Debian release name (bookworm, bullseye, etc...) but the release name of LMDE 6 is faye so it errors with,

Err:8 https://repository.mullvad.net/deb/stable faye Release
  404  Not Found [IP: 45.149.104.1 443]
Reading package lists... Done
E: The repository 'https://repository.mullvad.net/deb/stable faye Release' does not have a Release file.

This can be easily fixed by editing the file source file and changing the release name from faye to bookworm.

sudo nano /etc/apt/sources.list.d/mullvad.list

Syncthing

Original or updated instructions here.

Add the release PGP keys

sudo mkdir -p /etc/apt/keyrings
sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg

Add the stable channel to apt

echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

Install

sudo apt update && sudo apt install syncthing

Enable at startup

You will need to replace the <username> part with your actual username.

sudo systemctl enable syncthing@<username>.service

Check service is running

You will need to replace the <username> part with your actual username.

sudo systemctl status syncthing@<username>.service

Possible problems

Encrypted home folder

If you have an encrypted home folder or drive that is unencrypted after syncthing is started then you either need to restart syncthing after the unencryption or, as in the case of an encrypted home folder, add syncthing to the startup list instead of starting it at boot. Otherwise it will error as the files are not yet accessible.

Force resync

Original or updated instructions here.

To force a resync of selected files you can update the modification timestamp (mtime) of each file using,

find /path/to/folder/to/force/sync -type f -print0 | xargs -0 -n1 touch

It's a bit blunt, but it works.

Inotify - To many files

If you have a lot of files then you may get an inotify limit error. To increase the inotify limit after reboot,

echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.conf

To make it increase immediatly,

echo 204800 | sudo tee /proc/sys/fs/inotify/max_user_watches

Firewall ports

22000/TCP - TCP based sync protocol traffic

22000/UDP - QUIC based sync protocol traffic

21027/UDP - for discovery broadcasts on IPv4 and multicasts on IPv6

You can open these ports on the UFW firewall using the command.

sudo ufw allow syncthing

Original or updated instructions here.