Anonymize hostname hardened template automatic installation of browser revisions

Go back to topic: Anonymize hostname hardened template automatic installation of browser

Revision #4

Edited on: 2026-03-03
Edited by user: dkzkz

The name of the file doesn't matter you can name the file ex.sls it will ~~work~~	The name of the file doesn't matter you can name the file ex.sls it will work
If you do not have enough ram the installation process will abort so don't open too much vm at the same time.	Information needed to know : 1. If you do not have enough ram the installation process will abort so don't open too much vm at the same time 2. This is possible codeberg block your Tor or VPN IP address in that case the installation will fail you will have to delete the template then restart sys-whonix or change your VPN ip and re-start the command. 3. The installation packages with apt or dnf could fail because of Tor or your vpn you will have to do the steps 2 to solve the issue 4. I could move the repository to somewhere else to avoid the n2 issue but this will be useless i think a lot of tor/vpn ip is blocked in famous hosting services like gitlab, github etc..
:white_check_mark: Anonymize hostname at boot for Template, Appvm, Dispvm ~~(works only for deb/kicksecure template for now.. the script doesn't work in fedora template i don't know why..)~~	:white_check_mark: Anonymize hostname at boot for Template, Appvm, Dispvm

Revision #3

Edited on: 2026-03-03
Edited by user: dkzkz

```qvm-run --pass-io <src-vm> 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0```	``` qvm-run --pass-io <src-vm> 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 ```
```qvm-run --pass-io fedora-43 'cat /home/user/Downlods/firefox.sls' > firefox.sls``` Then do ```sudo mv (name of the file) /srv/salt/```	``` qvm-run --pass-io fedora-43 'cat /home/user/Downlods/firefox.sls' > firefox.sls ``` Then do ``` sudo mv (name of the file) /srv/salt/ ```
In dom0 open a terminal and do ```sudo qubesctl state.apply librewolf``` (don't put "sls" at the end of the command) ```sudo qubesctl state.apply x``` where x = the name of the file in /srv/salt/	In dom0 open a terminal and do ``` sudo qubesctl state.apply librewolf ``` (don't put "sls" at the end of the command) ``` sudo qubesctl state.apply x ``` where x = the name of the file in /srv/salt/
	:white_check_mark: Kernel hardening from Tails & Secureblue :white_check_mark: Selinux automatic installation & enabled
To get the fedora version [go on my codeberg repo](https://codeberg.org/dkzkz/apparmor-qubes/src/branch/main/install/salt/fedora/fedora)	To get the fedora version [go on my codeberg repo](https://codeberg.org/dkzkz/apparmor-qubes/src/branch/main/install/salt/fedora/fedora) To get the fedora Selinux version [go on my codeberg repo](https://codeberg.org/dkzkz/apparmor-qubes/src/branch/main/install/salt/fedora-selinux)
1. Update the original template , shutdown the original template clone the ~~template~~	1. Update the original template , shutdown the original template clone the template , install packages and config inside the cloned template , shutdown the cloned template , create dvm
5. Debian ~~andd~~ kicksecure is using the unstable version of apparmor [because of this issue](https://gitlab.com/apparmor/apparmor/-/issues/592)	5. Debian and kicksecure is using the unstable version of apparmor [because of this issue](https://gitlab.com/apparmor/apparmor/-/issues/592)
8. IMCP request will not work due to the qvm-firewall rules i ~~applied~~ 9. In debian template i removed xterm in favor of Alacritty ~~terminal~~	8. IMCP request will not work due to the qvm-firewall rules i applied (90% of software doesn't need it anyway) 9. In debian template i removed xterm in favor of Alacritty terminal because xterm is ugly , slow , and hard to deal with. But you can remove alacritty in the installation process if you want
:x: I didn't enable selinux for fedora to avoid any problem for users. Fedora-43 seems unstable for now nautilus doesn't launch properly. I replaced nautilus by thunar for fedora :x: Hostname anonymize feature doesn't work on fedora i will need help for make the script work in fedora
:x: I'm not really sure if the qvm-features anon-timezone 1 is properly working in my testing i get the same issue as https://forum.qubes-os.org/t/anon-timezone-doesnt-work-for-me/39539 i enabled anon-timezone 1 for every salt file but my timezone didn't change when i tested on website like https://browserleaks.com/	:x: I'm not really sure if the qvm-features anon-timezone 1 is properly working in my testing i get the same issue as https://forum.qubes-os.org/t/anon-timezone-doesnt-work-for-me/39539 i enabled anon-timezone 1 for every salt file but my timezone didn't change when i tested on website like https://browserleaks.com/

Revision #2

Edited on: 2026-02-23
Edited by user: dkzkz

~~<div data-theme-toc="true">~~The ~~public target</div> The public target of this~~ guide is advanced Qubes users (for now) i will provide the same setup for noob users soon ~~<div data-theme-toc="true">Template needed</div>~~	The guide target advanced Qubes users (for now) i will provide the same setup for noob users soon
<div data-theme-toc="true">How to install ?</div>
If you do not have enough ram the installation process will abort so don't open too much vm at the same time. ~~<div data-theme-toc="true">Features of the installation</div>~~ Features ~~provided by the installation~~ :	If you do not have enough ram the installation process will abort so don't open too much vm at the same time. Features :
~~<div data-theme-toc="true">~~Technical details information~~</div>~~	Technical details information
~~<div data-theme-toc="true">~~Know ~~issue</div>~~	Know issue :
~~<div data-theme-toc="true">If you want to contact me to improve the guide</div>~~ Feel free to contact me on element @aatrfs76519:nope.chat for any suggestion about the guide ~~<div data-theme-toc="true">Thanks to</div>~~	Feel free to contact me on element @aatrfs76519:nope.chat for any suggestion about the guide