Hi!
I think it's non-ideal to modify config files using cat/sed/echo. That breaks sooner or later. And if later settings are supposed to be changed in the same file, things get messy. Some suggestions...
It would be better to put the config files into (debian) packages.
Want to disable popcon? Have some package that ships a config file that disables it. What if an existing package owns that config file? Use config-package-dev's [1] displace feature. Or have a package that conflicts/replaces popcon.
Then have packages such as hidden-service-wordpress depend on popcon-disable package.
Please consider to set timezone to UTC. Perhaps use the timezone-utc [2] package?
What about disabling tcp timestamps? Perhaps use tcp-timestamps-disable for [3] that?
There is some more functionality that might be useful. List: [4]
You're sure you're not inventing a new linux distribution here? :)
Cheers, Patrick
[1] http://debathena.mit.edu/config-packages/ [2] https://github.com/Whonix/timezone-utc [3] https://github.com/Whonix/tcp-timestamps-disable [4] https://github.com/Whonix