Kicksecure for default template

I’m using debian-11 in QubesOS as my default template and it occurred to me that this would be more secure if it is kicksecure.
In that case, do I just distromorph in debian-11’s TEMPLATE?
Or should I clone the whonix-ws-16 template and name it kicksecure and set it as default?
Has anyone done the same thing? Did you encounter any problems?
Do you think this is a good idea?

Clone debian-11 (or debian-11-minimal) and morph the clone. You may still need the clean template.

Does it cause any problems if I use the kicksecure template for service qube like sys-net or sys-firewall?

I haven’t encountered any issues with ks on service vms. You should be ok.

thank you :smiley:

No problem mate, if the question is resolved please mark it as such (select a solution).

As far as I know kicksecure is experimental, pre-release, and has not been audited in
any way.