I’m using debian-11 in QubesOS as my default template and it occurred to me that this would be more secure if it is kicksecure.
In that case, do I just distromorph in debian-11’s TEMPLATE?
Or should I clone the whonix-ws-16 template and name it kicksecure and set it as default?
Has anyone done the same thing? Did you encounter any problems?
Do you think this is a good idea?
Clone debian-11 (or debian-11-minimal) and morph the clone. You may still need the clean template.
Does it cause any problems if I use the kicksecure template for service qube like sys-net or sys-firewall?
I haven’t encountered any issues with ks on service vms. You should be ok.
thank you 
No problem mate, if the question is resolved please mark it as such (select a solution).
As far as I know kicksecure is experimental, pre-release, and has not been audited in
any way.