Persistant application changes within template across all vm types?

It may seem like an odd title, but I have a question.

Is it possible to adjust an application, such as a browser, by adding an extension and ensuring that the extension remains installed across all newly created virtual machines (VMs)? I suspect the answer will likely be no and if so why?

For example, with the Mullvad Browser, if you use Mullvad VPN, you can easily and quickly utilize the proxy extension**(with no extra effort)**. I prefer having templates with applications tailored for specific use cases, as well as other templates that may run the same operating system but serve entirely different purposes. While I appreciate the “added security” that may come from compartmentalizing templates, my primary motivation is convenience and customization.

Using the Mullvad Browser as an example, if I want to use IVPN, Surfshark, or ProtonVPN instead of Mullvad, I would like to create a similar proxy chain effect that I achieve with Mullvad and its extension with equal ease. I could use another AppVM for that additional layer and attach it to the template, but my goal is to have persistent configurations derived from a given template.

I am also curious about whether it would be possible to remain signed into an application across VMs.

My initial thought is that perhaps one could make the necessary configuration files persistent, but the issue of the keyring raises questions about achieving a persistent login for applications, such as VPN software, rather than relying on a single AppVM or having to constantly sign in whenever a new VM is generated. Another idea is to utilize a profile function to import configurations, but this typically applies only to browsers, and my goal is to extend this capability to multiple types of applications.

I want to create customizable templates that either fully support a “disposable” nature or have a persistent behavior. Flexibility is key and this is possible ofc but the goal is to improve efficiency and convenience. I am very focused on efficiency and understand the trade-offs involved in convenience when it comes to increased privacy and security. However, this feature would significantly enhance my experience with Qubes, and I am eager to explore ways to minimize resource usage while pursuing this goal.

Any guides or advice would be greatly appreciated.

Your post contains a lot of questions and I’m not understand most of them but I’ll try to give you a hint…

I think you know that you can already add what you want in the /etc/skel directory of the template, in order to configure the home directory of user in newly created qubes. Depending on how the application works, it could be sufficient.

You can also use salt to automate the process, run scripts and make sure everything stays in place after the creation process. There is a good community guide on this topic:

/error/

Hi,

To clarify what I am stating is achieving persistent configurations of applications within a template to reflect in vms created from that template.
As the examples I used with the browser, if I would want my browser to have additional extensions installed and have that automatically reflect in each other vm purely created from the template config that way, without the need to configure each vm again how would this be achieved. This same example was used with other application configurations to have persistent configuration to constantly reflect when done within the template.
The goal to summarize is to able to have vms created fully duplicate all the templates configurations, instead of just having installed additional installed applications, etc.

I have an understanding that one could create a persistent directory of choice to perhaps always have certain files persistent in any created vm in relation to its template, and other purposes of doing such. However no I do not know how to do this nor have I found an exact guide or information to do such.

Based on the salt guide you sent me I have read it and not entirely clear if it could even achieve what I want too.
I see the benefits of creating fine automation, quickly automating processes that might be annoying to achieve a specific Qube or template, etc but however not specifically covering what I want to achieve. Maybe some very basics that could lead to achieve creating some sort of automation to do this but however right now as mention this does not clearly provide if what I want to achieve is possible and I do believe there would be a less broad amount of information to simply achieve the minor persistent configurations.

The best way to look at it is as a question.

If I create vms that are able to have the same applications as the one installed on the template, then could the same be true with application adjustments on the template, additional saved files, etc ? and if not why? and if yes how?
As the default template behavior does not reflect all changes made to it which is great and not great for many reasons however the flexibility would be better and such how to achieve it.

You can use some application-specific features to do this, for example, for browsers you can use policies:

But not every application provides this functionality.
For a universal approach you can move the common application files to the template e.g. in /opt/app-data, create a script in your template that will move the files from /opt/app-data to the corresponding apps data location in app qube home directory and then create systemd service that will run this script on boot in the app qubes.