-
-
Save p120ph37/706554ff759c683eaabc0ea56839306f to your computer and use it in GitHub Desktop.
This is a bash script to setup Mac OS X defaults on a new mac.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Set up OSX preferences | |
# | |
# Inspired by: https://github.com/mathiasbynens/dotfiles/blob/master/.macos | |
########################################### | |
# CONFIG | |
if [ "$#" -lt 2 ]; then | |
echo -e "Usage: $0 {hostname} {timezone}\nExample: $0 machiavellia America/New_York" | |
exit 1 | |
else | |
HOSTNAME=$1 | |
TIMEZONE=$2 | |
fi | |
########################################### | |
# MAIN | |
echo "This script will set properties on OSX" | |
echo " Ask for the administrator password for the duration of this script" | |
sudo -v | |
echo " Keep-alive: update existing sudo time stamp until .osx has finished" | |
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null & | |
echo " Set computer name to $HOSTNAME (as done via System Preferences → Sharing)" | |
sudo scutil --set ComputerName $HOSTNAME | |
sudo scutil --set HostName $HOSTNAME | |
sudo scutil --set LocalHostName $HOSTNAME | |
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string $HOSTNAME | |
echo " Enable firewall" | |
sudo /usr/libexec/ApplicationFirewall/socketfilterfw \ | |
--setblockall off \ | |
--setallowsigned on \ | |
--setallowsignedapp on \ | |
--setloggingmode on \ | |
--setstealthmode on \ | |
--setglobalstate on | |
echo " Block external VNC/ARD connections" | |
echo -e '# Block external VNC/ARD\nblock in proto tcp to any port 5900\npass in proto tcp from self to any port 5900' | sudo tee /etc/pf.conf > /dev/null | |
sudo pfctl -f /etc/pf.conf | |
echo " Enable SSH" | |
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist | |
echo " Enable ARD but not old-VNC" | |
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ | |
-configure \ | |
-allowAccessFor -allUsers -privs -all \ | |
-clientopts \ | |
-setreqperm -reqperm no \ | |
-setvnclegacy -vnclegacy no \ | |
-activate \ | |
-restart \ | |
-agent \ | |
-console | |
echo " Show IP address, hostname, OS version when clicking the clock in the login window" | |
sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName | |
echo " Never go into computer sleep mode" | |
systemsetup -setcomputersleep Off > /dev/null | |
echo " Enable the automatic update check" | |
defaults write com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true | |
echo " Check for software updates daily, not just once per week" | |
defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1 | |
echo " Download newly available updates in background" | |
defaults write com.apple.SoftwareUpdate AutomaticDownload -int 1 | |
echo " Install System data files & security updates" | |
defaults write com.apple.SoftwareUpdate CriticalUpdateInstall -int 1 | |
echo " Turn on app auto-update" | |
defaults write com.apple.commerce AutoUpdate -bool true | |
echo " Allow the App Store to reboot machine on macOS updates" | |
defaults write com.apple.commerce AutoUpdateRestartRequired -bool true | |
echo " Set the timezone to $TIMEZONE" | |
systemsetup -settimezone $TIMEZONE > /dev/null | |
echo " Require password immediately after sleep or screen saver begins" | |
defaults write com.apple.screensaver askForPassword -int 1 | |
defaults write com.apple.screensaver askForPasswordDelay -int 0 | |
echo " Finder: show hidden files by default" | |
defaults write com.apple.finder AppleShowAllFiles -bool true | |
echo " Finder: show all filename extensions" | |
defaults write NSGlobalDomain AppleShowAllExtensions -bool true | |
echo " Disable the warning before emptying the Trash" | |
defaults write com.apple.finder WarnOnEmptyTrash -bool false | |
echo " Empty Trash securely by default" | |
defaults write com.apple.finder EmptyTrashSecurely -bool true | |
echo " Install homebrew (and XCode command-line tools)" | |
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" | |
echo " Install JDK11 via homebrew" | |
brew tap homebrew/cask-versions | |
brew cask install java11 | |
echo " Creating jenkins user, and dev group" | |
sudo dscl . -create /Groups/dev PrimaryGroupID 500 | |
sudo dseditgroup -o edit -a dev -t group com.apple.access_ssh | |
sudo dscl . -create /Users/jenkins UniqueID 1002 | |
sudo dscl . -create /Users/jenkins UserShell /bin/bash | |
sudo mkdir -m 755 /Users/jenkins | |
sudo dscl . -create /Users/jenkins NFSHomeDirectory /Users/jenkins | |
sudo dscl . -create /Users/jenkins PrimaryGroupID 500 | |
sudo dscl . -create /Groups/dev GroupMembership jenkins | |
sudo chown jenkins:dev /Users/jenkins | |
cd / | |
sudo su jenkins <<END | |
mkdir -p -m 700 /Users/jenkins/.ssh | |
touch /Users/jenkins/.ssh/authorized_keys | |
chmod 644 /Users/jenkins/.ssh/authorized_keys | |
END | |
########################################### | |
echo "Done. Place SSH public key into /Users/jenkins/.ssh/authorized_keys like this:" | |
echo "echo 'ssh-rsa ...pubkey-goes-here...' >>/Users/jenkins/.ssh/authorized_keys" | |
echo "Then restart computer to see all changes" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment