diff --git a/docs/TODO.md b/docs/TODO.md index 305ac3f9..ff798fbf 100644 --- a/docs/TODO.md +++ b/docs/TODO.md @@ -9,7 +9,6 @@ adobe-creative-cloud curl: (18) HTTP/2 stream 1 was reset * NGINX /opt/homebrew/etc/nginx/nginx.conf, on port 8080 so no sudo required, nginx will load all files in /opt/homebrew/etc/nginx/servers/, brew services might require sudo if port 443 is used, Docroot /opt/homebrew/var/www * Full disk access to Terminal required for Parallels -* Reset up YubiKeys # TODOs @@ -236,3 +235,9 @@ The following items have been reviewed but need to be revisited due to complexit ## Windows - https://github.com/DDoSolitary/LxRunOffline + +## Notes + +* This might not be easily achievable since macOS encourages user input during setup but it would be nice to come up with a script that updates macOS from version 13 to 14 if an update is available (or 14 to 15 etc.). Normally, `softwareupdate` CLI command can handle 13.5 to 13.7 etc. but not major versions. +* Configure firewall on macOS with `m firewall` on non-corp laptop +* Link to CUPS printers (http://localhost:631/printers) \ No newline at end of file diff --git a/home/.chezmoi.yaml.tmpl b/home/.chezmoi.yaml.tmpl index 40922122..e4f2bcf6 100644 --- a/home/.chezmoi.yaml.tmpl +++ b/home/.chezmoi.yaml.tmpl @@ -216,6 +216,7 @@ data: holdSudoPrivileges: true locale: "{{ $locale }}" name: "{{ $name }}" + ntpServer: "time.apple.com" snapcraft: username: "{{ $snapcraftEmail }}" surgesh: diff --git a/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl b/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl index fbfa3cd0..c91f20ae 100644 --- a/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl @@ -21,29 +21,6 @@ {{ includeTemplate "universal/profile-before" }} {{ includeTemplate "universal/logg-before" }} -### Configure hostname -# Source: https://www.tecmint.com/set-hostname-permanently-in-linux/ -if [ -d /Applications ] && [ -d /System ]; then - # Source: https://apple.stackexchange.com/questions/287760/set-the-hostname-computer-name-for-macos - logg info 'Setting macOS hostname / local hostname / computer name' - sudo scutil --set HostName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Changed HostName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' - sudo scutil --set LocalHostName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}' && logg success 'Changed LocalHostName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}' - sudo scutil --set ComputerName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}' && logg success 'Changed ComputerName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}' - logg info 'Flushing DNS cache' - dscacheutil -flushcache -elif [ -f /etc/passwd ]; then - logg info 'Setting Linux hostname' - hostname '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Changed hostname to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' - if command -v hostnamectl > /dev/null; then - logg info 'Ensuring hostname persists after reboot' - sudo hostnamectl set-hostname '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Permanently changed hostname to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' - else - logg warn 'hostnamectl was not available in the PATH - this operating system type might be unsupported' - fi -else - logg warn 'Could not configure hostname because system type was not detectable' -fi - ### Configure Firewall # TODO: If this is required, notes should be added describing the pros / cons of the security # if [ -d /Applications ] && [ -d /System ]; then @@ -52,6 +29,7 @@ fi # fi ### System upgrade on macOS +# Note: If a shutdown is required and the `softwareupdate` command restart command does not work then `m shutdown -f` might be useful or `m restart -f` if [ -d /Applications ] && [ -d /Library ] && [ -z "$NO_RESTART" ]; then if [ ! -f "$HOME/.zshrc" ] || ! cat "$HOME/.zshrc" | grep '# TEMPORARY FOR INSTALL DOCTOR MACOS' > /dev/null; then echo 'bash <(curl -sSL https://install.doctor/start) # TEMPORARY FOR INSTALL DOCTOR MACOS' >> "$HOME/.zshrc" diff --git a/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl b/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl index 45d8046c..858b6449 100644 --- a/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl @@ -75,7 +75,7 @@ decryptKey() { else installExpect expect -c "set timeout -1 - spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "/usr/local/src/install.doctor/home/key.txt.age" + spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "${XDG_DATA_HOME:-$HOME/.local/share}/home/key.txt.age" expect \"Enter passphrase:\" send \"${AGE_PASSWORD}\r\" expect eof" > /dev/null || EXIT_CODE=$? diff --git a/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl index 62e7ada0..420a5273 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_98-cleanup.sh.tmpl @@ -30,3 +30,10 @@ fi if [ -d "$HOME/.wrangler" ]; then rm -rf "$HOME/.wrangler" fi + +if [ -d /Applications ] && [ -d /System ]; then + ### Empty trash + if command -v m > /dev/null; then + logg info 'Emptying trash' && m trash clean + fi +fi \ No newline at end of file diff --git a/home/.chezmoiscripts/universal/run_onchange_before_10-system-tweaks.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_10-system-tweaks.sh.tmpl index 6554dba1..2609dc02 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_10-system-tweaks.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_10-system-tweaks.sh.tmpl @@ -8,24 +8,98 @@ {{ includeTemplate "universal/profile-before" }} {{ includeTemplate "universal/logg-before" }} -### Set hostname (if redefined) -if command -v hostnamectl > /dev/null; then - # Betelgeuse is the default hostname so only change when it is different - if [ '{{ .host.hostname }}' != 'Betelgeuse' ]; then - logg info "Setting hostname to {{ .host.hostname }}" - sudo hostnamectl set-hostname {{ .host.hostname }} +# @description Sets the hostname using `scutil` on macOS and using `hostname` and `hostnamectl` on Linux. On macOS, the HostName, LocalHostName, and ComputerName +# are set equal to the value stored in `.host.hostname` (in `.chezmoi.yaml.tmpl`) but with the `.host.domain` stripped off. On Linux, the same is done +# but only the hostname is set. On Linux, the hostname is set with the `hostname` command and then also with the `hostnamectl` command if it is available. +# +# ## Sources +# +# * [Changing Linux hostname permanently](https://www.tecmint.com/set-hostname-permanently-in-linux/) +setHostname() { + if [ -d /Applications ] && [ -d /System ]; then + # Source: https://apple.stackexchange.com/questions/287760/set-the-hostname-computer-name-for-macos + logg info 'Setting macOS hostname / local hostname / computer name' + sudo scutil --set HostName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Changed HostName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' + sudo scutil --set LocalHostName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}' && logg success 'Changed LocalHostName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}' + sudo scutil --set ComputerName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}' && logg success 'Changed ComputerName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}' + logg info 'Flushing DNS cache' + dscacheutil -flushcache + elif [ -f /etc/passwd ]; then + logg info 'Setting Linux hostname' + hostname '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Changed hostname to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' + if command -v hostnamectl > /dev/null; then + logg info 'Ensuring hostname persists after reboot' + sudo hostnamectl set-hostname '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Permanently changed hostname to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' + else + logg warn 'hostnamectl was not available in the PATH - this operating system type might be unsupported' + fi + else + logg warn 'Could not configure hostname because system type was not detectable' fi -fi +} -### Set timezone -if command -v timedatectl > /dev/null; then - logg info 'Setting timezone to {{ .user.timezone }}' - sudo timedatectl set-timezone {{ .user.timezone }} -fi +# @description Sets the system timezone using `timedatectl` on Linux and `m` on macOS. If neither commands are available +# then a warning message is printed. +setTimezone() { + if command -v timedatectl > /dev/null; then + ### Linux + logg info 'Setting timezone to {{ .user.timezone }}' + sudo timedatectl set-timezone {{ .user.timezone }} + elif command -v m > /dev/null; then + ### macOS + logg info 'Setting timezone to {{ .user.timezone }}' && m timezone set {{ .user.timezone }} + else + logg warn 'Neither timedatectl (Linux) or m (macOS) were found on the system' +} -### Modify vm.max_map_count -if command -v sysctl > /dev/null; then - logg info 'Increasing vm.max_map_count size to 262144' - sudo sysctl -w vm.max_map_count=262144 > /dev/null -fi +# @description Sets the NTP server using `m` on macOS +setNtpServer() { + if command -v m > /dev/null; then + ### macOS + m ntp set {{ .user.ntpServer}} + else + logg warn 'Skipped setting the NTP server' + fi +} + +# @description Increases the amount of memory a process can consume on Linux. In the case of `netdata` and other programs, many systems will suggest +# increasing the `vm.max_map_count`. According to a [RedHat article](https://access.redhat.com/solutions/99913), the default value is `65530`. +# This function increases that value to `262144` if `sysctl` is available on the system. +increaseMapCount() { + if command -v sysctl > /dev/null; then + logg info 'Increasing vm.max_map_count size to 262144' + sudo sysctl -w vm.max_map_count=262144 > /dev/null + fi +} + +# @description Configures macOS to enable the notification center +showNotificationCenter() { + if command -v m > /dev/null; then + logg info 'Configuring macOS to show notification center' && m notification showcenter YES + fi +} + +# @description Disable the creation of `.DS_Store` files on macOS. +disableDStoreFileCreation() { + if command -v m > /dev/null; then + logg info 'Disabling creation of .DS_Store files' + echo y | m dir dsfiles off + fi +} + +# @description Enables transparent dark-mode on macOS +enableDarkTransparentMode() { + if command -v m > /dev/null; then + logg info 'Enabling dark mode' && m appearance darkmode YES + logg info 'Enabling theme transparency' && m appearance transparency YES + fi +} + +setHostname +setTimezone +setNtpServer +increaseMapCount +showNotificationCenter +disableDStoreFileCreation +enableDarkTransparentMode {{ end -}} diff --git a/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.sh.tmpl index 8fa5168d..706ddd7a 100644 --- a/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.sh.tmpl @@ -192,11 +192,11 @@ if [ ! -d /Applications ] || [ ! -d /System ]; then # Create /etc/docker/daemon.json logg info 'Creating /etc/docker' sudo mkdir -p /etc/docker - if [ -f /usr/local/src/install.doctor/home/dot_config/docker/daemon.json ]; then + if [ -f "${XDG_DATA_HOME:-$HOME/.local/share}/home/dot_config/docker/daemon.json" ]; then logg info 'Creating /etc/docker/daemon.json' - sudo cp "/usr/local/src/install.doctor/home/dot_config/docker/daemon.json" /etc/docker/daemon.json + sudo cp "${XDG_DATA_HOME:-$HOME/.local/share}/home/dot_config/docker/daemon.json" /etc/docker/daemon.json else - logg warn '/usr/local/src/install.doctor/home/dot_config/docker/daemon.json is not available so the /etc/docker/daemon.json file cannot be populated' + logg warn "${XDG_DATA_HOME:-$HOME/.local/share}/home/dot_config/docker/daemon.json is not available so the /etc/docker/daemon.json file cannot be populated" fi # Restart / enable Docker diff --git a/home/Library/Scripts/disable-automatic-login.scpt b/home/Library/Scripts/disable-automatic-login.scpt new file mode 100644 index 00000000..600a60c5 --- /dev/null +++ b/home/Library/Scripts/disable-automatic-login.scpt @@ -0,0 +1,13 @@ +#!/usr/bin/osascript +-- AppleScript to set Security settings "Disable automatic login" unchecked +# @file Disable macOS Automatic Login +# @brief Disables macOS automatic login via AppleScript +# @description +# This script disables the macOS automatic login feature in the system settings. The script was found +# on [StackOverflow](https://apple.stackexchange.com/questions/307482/enabling-automatic-login-via-terminal). + +tell application "System Events" + tell security preferences + set properties to { automatic login: true } + end tell +end tell \ No newline at end of file diff --git a/scripts/src/provision.sh.tmpl b/scripts/src/provision.sh.tmpl index af5e65ce..8f4995c3 100644 --- a/scripts/src/provision.sh.tmpl +++ b/scripts/src/provision.sh.tmpl @@ -319,7 +319,7 @@ runChezmoi() { logg info 'Running chezmoi apply forcefully' if command -v unbuffer > /dev/null; then if command -v caffeinate > /dev/null; then - unbuffer -p caffeinate chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "$LOG_FILE" + caffeinate unbuffer -p chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "$LOG_FILE" else unbuffer -p chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "$LOG_FILE" fi diff --git a/software.yml b/software.yml index 26f7c99e..805c601c 100644 --- a/software.yml +++ b/software.yml @@ -1436,6 +1436,7 @@ softwarePackages: github: github.com/bitwarden/desktop snap: bitwarden yay: bitwarden-git + mas: 1352778147 bitwarden-cli: _bin: bw _desc: '[Bitwarden CLI](https://github.com/bitwarden/cli) (i.e. bw) is a free and open-source official CLI for the [Bitwarden](https://bitwarden.com/) password manager. bw is available on Linux, macOS, and Microsoft Windows.' @@ -3385,6 +3386,7 @@ softwarePackages: _name: Hidden Bar _when:cask: '! test -d "/Applications/Hidden Bar.app" && ! test -d "$HOME/Applications/Hidden Bar.app"' cask: hiddenbar + mas: 1452453066 flameshot: _bin: flameshot _desc: Powerful yet simple to use screenshot software @@ -3497,6 +3499,7 @@ softwarePackages: _name: Eul _when:cask: '! test -d /Applications/eul.app && ! test -d $HOME/Applications/eul.app' cask: eul + mas: 1537133867 linkliar: _bin: null _desc: Menu bar application for macOS that allows you to spoof your MAC address @@ -3522,8 +3525,9 @@ softwarePackages: _github: https://github.com/leits/MeetingBar _home: https://apps.apple.com/app/id1532419400 _name: Meeting Bar - _when:brew: test -d /Applications/MeetingBar.app - brew:darwin: meetingbar + _when:cask: test -d /Applications/MeetingBar.app + cask: meetingbar + mas: 1532419400 crunch-app: _bin: null _desc: The macOS companion app for the crunch CLI tool that compresses PNG images. @@ -3772,6 +3776,7 @@ softwarePackages: cask: telegram choco: telegram flatpak: org.telegram.desktop + mas: 747648890 google-assistant: _bin: g-assist _desc: '[Google Assistant for Desktop](https://github.com/Melvin-Abraham/Google-Assistant-Unofficial-Desktop-Client) is a cross-platform unofficial Google Assistant Client for Desktop.' @@ -4838,6 +4843,7 @@ softwarePackages: flatpak: org.inkscape.Inkscape pacman: inkscape snap: inkscape + mas: 2146510460 intellij-idea-ce: _bin: intellij-idea-community _desc: '[IntelliJ IDEA](https://www.jetbrains.com/idea/) is an integrated development environment written in Java for developing computer software. It is developed by JetBrains, and is available as an Apache 2 Licensed community edition, and in a proprietary commercial edition. Both can be used for commercial development.' @@ -5486,6 +5492,7 @@ softwarePackages: dnf: libreoffice flatpak: org.libreoffice.LibreOffice pacman: libreoffice + mas: 1630474372 license: _bin: license _desc: Command-line license text generator @@ -5873,6 +5880,7 @@ softwarePackages: ansible: professormanhattan.microsofttodo cask: ao snap: microsoft-todo-unofficial + mas: 1274495053 hyperkit: _deps:darwin: - xcode @@ -6139,6 +6147,7 @@ softwarePackages: _name: Profile Creator _when:cask: '! test -d /Applications/ProfileCreator.app && ! test -d $HOME/Applications/ProfileCreator.app' cask: profilecreator + mas: 2141249187 vagrant-manager: _bin: null _desc: Status bar menu application that allows you to manage Vagrant available on macOS and Windows @@ -6620,6 +6629,7 @@ softwarePackages: _when:cask: '! test -d /Applications/Notion.app && ! test -d $HOME/Applications/Notion.app' cask: notion choco: notion + mas: 1559269364 zaproxy: _bin: zaproxy _desc: The world’s most widely used web app scanner. Free and open source. Actively maintained by a dedicated international team of volunteers. A GitHub Top 1000 project. @@ -7110,6 +7120,7 @@ softwarePackages: _notes: For Homebrew Cask, this requires the terminal to have full disk access ansible:darwin: professormanhattan.parallels cask: parallels + mas: 1085114709 gnome-passwords-keys: _bin: seahorse flatpak: org.gnome.seahorse.Application @@ -7904,6 +7915,7 @@ softwarePackages: _when:cask: '! test -d /Applications/RedisInsight.app && ! test -d $HOME/Applications/RedisInsight.app' cask: redisinsight flatpak: com.redis.RedisInsight + mas: 2142946629 recoverpy: _deps: - coreutils @@ -7983,6 +7995,7 @@ softwarePackages: _name: Microsoft Remote Desktop _when:cask: '! test -d "/Applications/Microsoft Remote Desktop.app" && ! test -d "$HOME/Applications/Microsoft Remote Desktop.app"' cask: microsoft-remote-desktop + mas: 1295203466 aiac: _bin: aiac _github: https://github.com/gofireflyio/aiac @@ -8706,6 +8719,7 @@ softwarePackages: choco: slack flatpak: com.slack.Slack snap: slack + mas: 803453959 slack-term: _bin: slack-term _desc: '[slack-term](https://github.com/erroneousboat/slack-term) features a colorful interface as well as keyboard shortcuts. It is one of, if not the, most well-received [Slack](https://slack.com/) client available on GitHub.' @@ -9354,6 +9368,7 @@ softwarePackages: go: tailscale.com/cmd/tailscale{,d}@main pacman: tailscale port: tailscale + mas: 1475387142 task: _bin: task _desc: A task runner / simpler Make alternative written in Go @@ -10924,6 +10939,7 @@ softwarePackages: choco: yubico-authenticator flatpak: com.yubico.yubioath script:darwin: curl -sSL https://developers.yubico.com/yubioath-flutter/Releases/yubico-authenticator-latest-mac.dmg > "/tmp/Yubico Authenticator.dmg" && hdiutil attach "/tmp/Yubico Authenticator.dmg" && sudo cp -R "/Volumes/Yubico Authenticator/Yubico Authenticator.app" /Applications && sudo hdiutil detach "/Volumes/Yubico Authenticator" && rm -f "/tmp/Yubico Authenticator.dmg" + mas: 1497506650 yubikey-manager: _bin: ykman _desc: Use the YubiKey Manager to configure FIDO2, OTP and PIV functionality on your YubiKey on Windows, macOS, and Linux operating systems.