Continuing the discussion from Automate debian-minimal based template creation:

Betterbird

KeePassXC (with Yubikey)

LibreOffice

Signal, Session, Element …

Thunderbird

Yubikey U2F

Yubikey Manager

@whoami feel free to edit that wiki. I’ve created a post and moved ownership to you.

Just a quick note that you could instead download the key in a disposable, then copy/paste it into the template, so curl does not have to be installed in the template itself.

In my current automated script I install curl / wget download the apt key and remove curl / wget afterwards.

As I understood @adw, it was about giving an idea to new users, not to argue your choice.

And if someone would ask me to be as picky as possible, once assured about the authenticity of the content of the key whenever that’s possible (in an online qube, of course), after that I’d copy the content to a new file in an offline qube over qrexec, saving it as a key, and then would copy the key from there to a template in order to import it.

I do not know where you have read that I argue against adw’s suggestion. I appreciated his contribution already with a .

Creating a dedicated displ. curl / wget AppVM for apt-key downloads could also be a solution but these are to early to discuss here in details.

First, I would like to fill the table with examples. Afterwards we can fine tune and discuss some improvements and options to get things done… more efficiently or more secure.

Well, i could answer the same way: I do not know where you have read that I wrote that you argued against adw’s suggestion. But i won’t.
Thanks for the rest of your post.

I guess, I found a structure that works. The hidden summary allows to collapse for better search and browsing and the details will only be shown when you click on the arrow.

Any missing attributes?

Hey I liked how you utilized those! Keeps it tidy but also extensible in its content.

@adw Who can modify the wiki? Only me and the mods?
Can we open it to other minimal template users to keep it vital (add new programs, improve, correct, verify …)?

I’m not certain. @deeplow?

Nope. Everybody with trust level 1, I think. See more here.

@tanky0u do you have the the minimal configuration for a Monero wallet? If yes, please share / add to the wiki. Thank you

Hmm… Not yet. But that would be a good addition to the wiki.

I did a quick test with:

qubes-core-agent-networking
qubes-core-agent-nautilus
nautilus
zenity

but this was not enough.

I found a lot about the wallet isolation but nothing on a minimal Debian setup.
Let me know when you have a working minimal template (maybe good to start with a non-isolated approach).

should --no-install-recommends be advised during installation of packages?

Yes, only the main dependencies are installed which is something you would like to do with minimal templates.

If you want to reduce (and customize) the terminal output you can add some additional commands and options. Currently, I am using this for my automated minimal template script:

# reduce terminal outputs
DEBIAN_FRONTEND=noninteractive \
  apt-get \
  -o Dpkg::Options::=--force-confold \
  -o Dpkg::Options::=--force-confdef \
  -y --allow-downgrades --allow-remove-essential --allow-change-held-packages


qvm-apt-install () # (${PROGRAM} is local; ${1} is the template name)
{
	qvm-run --no-gui --pass-io --quiet --user root ${1} \
	"apt install --no-install-recommends ${PROGRAM} --yes < /dev/null > /dev/null" || \
	{ echo -e "[${RED}FAILED${NC}] installation of ${YELLOW}${PROGRAM}${NC}" && exit 1; }
	
	echo -e "[ ${GREEN}OK${NC} ] ${YELLOW}${PROGRAM}${NC} has been successfully installed"
}

Thanks for the summary idea. I just shamelessly ripped it off for my post on split-veracrypt.

For debian-11-minimal, I followed this in order to install and enable sys-corridor

and in addition installed iptables in debian-11-minimal.

Such created NamedDisp sys-corridor works: I can ping both IP addresses and names from it, but still no other qube can’t get online through it. sys-whonix’s connecting to tor stuck at 5%

Any hint appreciated.