I know what i asking is quite risky, but if this one liner template/script is openly at git we all can work together hardened those template right? and the most important is having those auto template in official community watch lists… so we know reviewed one and unreviewed one the open port risk, etc.
for example 1 liner to create a gaming one, including for nvidia or amd gpu after run that 1 liner user can just open it and start gaming without headache setting this and that in result quitting qubes-os
or maybe we want just office, you know those nasty office comms with dirty unclean viruses /malware infected documents lurking in an everyday low paid offices… like dude help me write simple website for this documents open up then virus inside, we can just kill that one and reuse the auto backup before virus hit…
It’s harder with gaming vm if you want GPU passthrough. First you must configure grub for this.
I have a repository for setting up accelerated qubes if you have your machine ready for passthrough, but even that requires some configuration (if you want it to create qubes for you, not just configure existing ones), mainly because you need to tell it what PCI device to use.
Overall there are plenty more salt and ansible in the community. Here is some stuff people here haven’t mentioned yet:
neowutran’s GPU config script for arch templates is written in bash. No salt required. If you struggle with salt you could adapt this for your purpose even if you don’t use arch.
Gonzalo’s user salt formulas mostly notable for its excellent documentation, great way to figure out salt on Qubes.