Skip to content

Instantly share code, notes, and snippets.

@p120ph37
Forked from tylerwalts/setupOSX.sh
Last active February 25, 2020 04:42
Show Gist options
  • Save p120ph37/706554ff759c683eaabc0ea56839306f to your computer and use it in GitHub Desktop.
Save p120ph37/706554ff759c683eaabc0ea56839306f to your computer and use it in GitHub Desktop.
This is a bash script to setup Mac OS X defaults on a new mac.
#!/bin/bash
#
# Set up OSX preferences
#
# Inspired by: https://github.com/mathiasbynens/dotfiles/blob/master/.macos
###########################################
# CONFIG
if [ "$#" -lt 2 ]; then
echo -e "Usage: $0 {hostname} {timezone}\nExample: $0 machiavellia America/New_York"
exit 1
else
HOSTNAME=$1
TIMEZONE=$2
fi
###########################################
# MAIN
echo "This script will set properties on OSX"
echo " Ask for the administrator password for the duration of this script"
sudo -v
echo " Keep-alive: update existing sudo time stamp until .osx has finished"
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
echo " Set computer name to $HOSTNAME (as done via System Preferences → Sharing)"
sudo scutil --set ComputerName $HOSTNAME
sudo scutil --set HostName $HOSTNAME
sudo scutil --set LocalHostName $HOSTNAME
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string $HOSTNAME
echo " Enable firewall"
sudo /usr/libexec/ApplicationFirewall/socketfilterfw \
--setblockall off \
--setallowsigned on \
--setallowsignedapp on \
--setloggingmode on \
--setstealthmode on \
--setglobalstate on
echo " Block external VNC/ARD connections"
echo -e '# Block external VNC/ARD\nblock in proto tcp to any port 5900\npass in proto tcp from self to any port 5900' | sudo tee /etc/pf.conf > /dev/null
sudo pfctl -f /etc/pf.conf
echo " Enable SSH"
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
echo " Enable ARD but not old-VNC"
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-configure \
-allowAccessFor -allUsers -privs -all \
-clientopts \
-setreqperm -reqperm no \
-setvnclegacy -vnclegacy no \
-activate \
-restart \
-agent \
-console
echo " Show IP address, hostname, OS version when clicking the clock in the login window"
sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
echo " Never go into computer sleep mode"
systemsetup -setcomputersleep Off > /dev/null
echo " Enable the automatic update check"
defaults write com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true
echo " Check for software updates daily, not just once per week"
defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1
echo " Download newly available updates in background"
defaults write com.apple.SoftwareUpdate AutomaticDownload -int 1
echo " Install System data files & security updates"
defaults write com.apple.SoftwareUpdate CriticalUpdateInstall -int 1
echo " Turn on app auto-update"
defaults write com.apple.commerce AutoUpdate -bool true
echo " Allow the App Store to reboot machine on macOS updates"
defaults write com.apple.commerce AutoUpdateRestartRequired -bool true
echo " Set the timezone to $TIMEZONE"
systemsetup -settimezone $TIMEZONE > /dev/null
echo " Require password immediately after sleep or screen saver begins"
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
echo " Finder: show hidden files by default"
defaults write com.apple.finder AppleShowAllFiles -bool true
echo " Finder: show all filename extensions"
defaults write NSGlobalDomain AppleShowAllExtensions -bool true
echo " Disable the warning before emptying the Trash"
defaults write com.apple.finder WarnOnEmptyTrash -bool false
echo " Empty Trash securely by default"
defaults write com.apple.finder EmptyTrashSecurely -bool true
echo " Install homebrew (and XCode command-line tools)"
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
echo " Install JDK11 via homebrew"
brew tap homebrew/cask-versions
brew cask install java11
echo " Creating jenkins user, and dev group"
sudo dscl . -create /Groups/dev PrimaryGroupID 500
sudo dseditgroup -o edit -a dev -t group com.apple.access_ssh
sudo dscl . -create /Users/jenkins UniqueID 1002
sudo dscl . -create /Users/jenkins UserShell /bin/bash
sudo mkdir -m 755 /Users/jenkins
sudo dscl . -create /Users/jenkins NFSHomeDirectory /Users/jenkins
sudo dscl . -create /Users/jenkins PrimaryGroupID 500
sudo dscl . -create /Groups/dev GroupMembership jenkins
sudo chown jenkins:dev /Users/jenkins
cd /
sudo su jenkins <<END
mkdir -p -m 700 /Users/jenkins/.ssh
touch /Users/jenkins/.ssh/authorized_keys
chmod 644 /Users/jenkins/.ssh/authorized_keys
END
###########################################
echo "Done. Place SSH public key into /Users/jenkins/.ssh/authorized_keys like this:"
echo "echo 'ssh-rsa ...pubkey-goes-here...' >>/Users/jenkins/.ssh/authorized_keys"
echo "Then restart computer to see all changes"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment