I love using minimal templates. To be specific debian-12-minimal templates. And I love using whonix as part of my networking setup. So I wrote up a little script to prepare fresh debian-12-minimal templates for different use cases (currently: BASIC, NETWORKING, VPN, APP, FLATPAK and WAYDROID; further explained in the menu when running the script).
I am not an IT expert - just an interested user of one of the most powerful and versatile linux projects out there - so I am sure there are better ways to write up the code for this script. Feel free to test it and to give feedback. If you do not like my package selection you can very easily change it in the script. **Please checkout my references to other community guides (highlighted when running the script)!**
This script is written to be used with QubesOS R4.2. Run **d12m-meta-installer.sh** script as root in debian-12-minimal template:
| I love using minimal templates. To be specific debian-12-minimal templates. And I love using whonix as part of my networking setup. So I wrote up a little script to prepare fresh debian-12-minimal templates and whonix-17 templates for different use cases (currently: BASIC, NETWORKING, VPN, APP, FLATPAK and WAYDROID; further explained in the menu when running the script).
I am not an IT expert - just an interested user of one of the most powerful and versatile linux projects out there. I am sure there are better ways to write up the code for this script. Feel free to test it and to give feedback. If you do not like my package selection you can very easily change it in the script. **Please checkout my references to other community guides (highlighted when running the script)!**
This script is written to be used with QubesOS R4.2. Run **meta-installer.sh** script as root in debian-12-minimal template:
|
echo -e "\e[32;1mWelcome to the debian-12-minimal setup script. Choose option to proceed:
\r 1) Basic TEMPLATE install
\r 2) Advanced TEMPLATE installs
\r 3) Exit"
| echo -e "\e[32;1mWelcome to meta-installer. This script is meant to help you set up debian-12-minimal and whonix templates. Choose option to proceed:
\r 1) Basic debian-12-minimal install
\r 2) Basic whonix-17 setup (works for workstation and gateway)
\r 3) Advanced debian-12-minimal installs
\r 4) Exit"
|
echo -e "\e[33;1mPreparing BASIC TEMPLATE. The following steps will take place:
| echo -e "\e[33;1mPreparing basic debian-12-minimal template install. The following steps will take place:
|
read
| read
|
| ##preparing basic template.
echo -e "\e[33;1mBasic Whonix-17 setup (works for workstation and gateway). The following steps will take place:
\r- APT will be configured to not install recommended and suggested packages
\r- Template will be onionized
\r- Template will be upgraded through tor
\r- Automatic deletion of empty QubesIncoming folders will be set up
\rPress Enter to continue or Strg+C to quit... \e[0m"
read
##configuring apt to not install recommended and suggested packages.
echo -e "\e[33;1mConfiguring APT to install without recommended/suggested packages. Press ENTER to continue or Strg+C to quit... \e[0m"
read
cat <<-EOF > /etc/apt/apt.conf
APT::Install-Recommends "0";
APT::Install-Suggests "0";
EOF
##oninizing debian repositories. change according to your preferences.
echo -e "\e[33;1mOnionizing template. Press ENTER to continue or Strg+C to quit... \e[0m"
read
cat <<-EOF > /etc/apt/sources.list.d/qubes-r4.list
# Main qubes updates repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] https://deb.qubes-os.org/r4.2/vm bookworm main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] https://deb.qubes-os.org/r4.2/vm bookworm main
# Qubes updates candidates repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] https://deb.qubes-os.org/r4.2/vm bookworm-testing main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] https://deb.qubes-os.org/r4.2/vm bookworm-testing main
# Qubes security updates testing repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] https://deb.qubes-os.org/r4.2/vm bookworm-securitytesting main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] https://deb.qubes-os.org/r4.2/vm bookworm-securitytesting main
# Qubes experimental/unstable repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] https://deb.qubes-os.org/r4.2/vm bookworm-unstable main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] https://deb.qubes-os.org/r4.2/vm bookworm-unstable main
# Qubes Tor updates repositories
# Main qubes updates repository
deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm main
# Qubes updates candidates repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm-testing main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm-testing main
# Qubes security updates testing repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm-securitytesting main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm-securitytesting main
# Qubes experimental/unstable repository
#deb [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm-unstable main
#deb-src [arch=amd64 signed-by=/usr/share/keyrings/qubes-archive-keyring-4.2.gpg ] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.2/vm bookworm-unstable main
EOF
cat <<-EOF > /etc/apt/sources.list.d/debian.list
#deb tor+https://deb.debian.org/debian bullseye main contrib non-free
#deb tor+https://deb.debian.org/debian bullseye-updates main contrib non-free
#deb tor+https://deb.debian.org/debian-security bullseye-security main contrib non-free
#deb tor+https://deb.debian.org/debian bullseye-backports main contrib non-free
deb tor+https://fasttrack.debian.net/debian bullseye-fasttrack main contrib non-free
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main contrib non-free
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-updates main contrib non-free
deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main contrib non-free
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main contrib non-free
## No onion for fasttrack yet:
## https://salsa.debian.org/fasttrack-team/support/-/issues/27
EOF
repository-dist --enable --transport onion
##updating template through onionized repositories.
apt update
echo
#upgrading template
echo -e "\e[33;1mUpgrading template. Press ENTER to continue or Strg+C to quit... \e[0m"
read
apt upgrade -y
echo
##setting up automatic deletion of empty QubesIncoming folders.
echo -e "\e[33;1mConfiguring template to delete empty folders in QubesIncoming. Press ENTER to continue or Strg+C to quit... \e[0m"
read
cat <<-EOF > /root/delete_empty_incoming.sh
#!/bin/sh
test ! -d /home/user/QubesIncoming || find '/home/user/QubesIncoming/' -mindepth 1 -type d -exec rmdir '{}' \;
EOF
chmod +x /root/delete_empty_incoming.sh
cat <<-EOF > /etc/systemd/system/delete_empty_incoming.service
[Unit]
Description=Empty QubesIncoming
[Service]
ExecStart=/root/delete_empty_incoming.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl enable delete_empty_incoming
systemctl start delete_empty_incoming
echo
##finishing WHONIX setup.
echo -e "\e[32;1mBasic whonix-12 setup successful! For reference follow this link:
\r\e[35;5;1mhttps://www.whonix.org/
\rhttps://www.whonix.org/wiki/Onionizing_Repositories\e[0m
\r\e[32;1mPress ENTER to continue or Strg+C to quit... \e[0m"
read
mainmenu
;;
3)
|
3)
| 4)
|
echo -e "\e[36;1mYou have successfully installed your basic TEMPLATE. Now choose an advanced TEMPLATE install. You can combine the installs. Just rerun the advanced TEMPLATE install:
| echo -e "\e[36;1mYou have successfully installed your basic debian-12-minimal. Now choose an advanced debian-12-minimal install. You can combine the installs. Just rerun the script:
|
echo
| echo
|
echo -e "\e[33;1mPreparing NETWORKING TEMPLATE. The following will happen:
\r- Networking packages will be installed
| echo -e "\e[33;1mPreparing NETWORKING TEMPLATE. The following will happen:
\r- Networking packages will be installed
|
echo -e "\e[33;1mPreparing APP TEMPLATE! The following will happen:
| echo -e "\e[33;1mPreparing APP TEMPLATE! The following will happen:
|
echo -e "\e[33;1mPreparing FLATPAK TEMPLATE! The following will happen:
\r- Nescessary packages will be installed
| echo -e "\e[33;1mPreparing FLATPAK TEMPLATE! The following will happen:
\r- Nescessary packages will be installed
|
read
| read
|
| mainmenu
| mainmenu
|