What's the best way to set default Firefox settings for AppVMs based on a TemplateVM?

I typically create a new AppVM for each online service I interact with (to limit damage in case a serious vulnerability in Firefox is exploited by the website).

Unfortunately, this also means I spend a lot of time reconfiguring Firefox, since each new online service necessitates a new AppVM.

Is there a way to set the values once, and thereafter inherit those across multiple AppVMs? The solution doesn’t need to affect existing child VMs, just new ones.

FWIW, my TemplateVM is debian-12-xfce. ChatGPT’s suggestion was to choose the settings once in the TemplateVM. It claims that new AppVMs will inherit these settings. But, that didn’t turn out to work.

1 Like

That’s because browser settings are stored in user directories (~/.config) which isn’t copied from templatevm to appvm.

Proper way would be to copy firefox config directory to template /rw/bind-dirs/ and configure bind-dirs.
I’m not shure if it’s copied from template and it overwrite default firefox config durong initial start.
Can’t test it now.

1 Like

You can do any of the following:

  • use a disposable instead of a regular AppVM (and configure the disposable template)
  • clone an AppVM used only for this purpose
  • in the template: use /etc/skel, see: Templates | Qubes OS
  • in the template again, use Firefox AutoConfig (could be used to affect existing VMs too)

The first option is my favorite.

3 Likes

Looks like /etc/skel method is a good option. Thanks!

1 Like

Be aware that any configurations you do inside a running firefox will “fingerprint” you.

That’s because the first time you run firefox, it creates a random profile number and all your settings go under that profile number.

So if you run it in an AppVM, make all of your changes, then base disposables on that AppVM, every disposable run will obviously be the same individual.

If you don’t care about that, fine. Otherwise, there are methods of pre-configuring Firefox before you run it for the first time–the sort of things employers do to their employees’ provided systems. They’re complicated but not completely impenetrable.

Here is a setup that uses many of these methods, though you don’t have to do everything they do. (It’s an educational read, that’s for certain.) But with this method you can configure things in your template without ever running firefox and creating a fingerprint. Then disposables based off of it will have different identities, and so will persistent AppVMs.

[Guide] Automatically install extensions and configure new (dispvm) hardened Firefox profiles with arkenfox user.js and policies - Community Guides - Qubes OS Forum

4 Likes