Hi,
Recently, I found a way to reduce debian-12-minimal template even more, so I thought I should share the info for those who may consider it useful. Here is how to do it.
It is possible to remove the following non-essential packages (apt-get autopurge them):
aptitude
cpio
cron
cron-daemon-common
debconf-i18n
eatmydata
fdisk
gnupg
gpgv
haveged
ifupdown
iproute2
iputils-ping
isc-dhcp-client
isc-dhcp-common
less
libbpf1
libcap2-bin
libglib2.0-bin
libglib2.0-data
libjansson4
libmnl0
libnewt0.52
libnftables1
libnftnl11
libregexp-ipv6-perl
libtext-charwidth-perl
libxtables12
logrotate
mawk
nano
netbase
nftables
perl
perl-modules-5.36
tasksel
vim-common
vim-tiny
whiptail
xterm
After that, the administrative tasks, e.g. installing software, can be done through qvm-console-dispvm.
It is important to note that if the template will be used for networking AppVMs, netbase must be installed (qubes-core-agent-networking will not work without it). It is not required in the template itself (for package installation).
For non-networked qubes, it is also possible to deactivate unnecessary network services:
root@debian-12-mini: systemctl mask systemd-networkd.service
root@debian-12-mini: systemctl mask systemd-networkd.socket
root@debian-12-mini: systemctl mask systemd-networkd-wait-online.service
For headless service VMs, which don't need audio or graphics stuff, disable audiovm and guivm:
user@dom0: qvm-prefs <your-qube> audiovm ''
user@dom0: qvm-prefs <your-qube> guivm ''
In this case, qvm-run will need to be run with the --no-gui option.
Additionally, you can even disable unused kernel modules, e.g. sound-related:
root@debian-12-mini: cat << EOF | tee /etc/modprobe.d/blacklist.conf
blacklist snd
blacklist snd_pcm
blacklist snd_timer
blacklist soundcore
blacklist pcspkr
blacklist snd_pcsp
EOF
After rebooting the template, its RAM usage is 144 MiB only. The AppVMs use about 100 MiB more.