forked from echohack/macbot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·450 lines (349 loc) · 17.3 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
#!/usr/bin/env bash
source "./public.bash"
# Current User
user=$(id -un)
# Keep-alive: update existing `sudo` time stamp until script has finished
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
echo
headline " "
headline " Let's secure your Mac and install basic applications. "
headline " "
echo
#---------------#
# User Settings #
#---------------#
chapter "Modifying settings for user: $user."
step "Closing any open System Preferences panes, to prevent them from overriding settings we’re about to change."
run osascript -e 'tell application "System Preferences" to quit'
# Ask for the administrator password upfront
if [ $(sudo -n uptime 2>&1|grep "load"|wc -l) -eq 0 ]
then
step "Some of these settings are system-wide, therefore we need your permission."
sudo -v
echo
fi
step "Setting your computer name (as done via System Preferences → Sharing)."
echo "What would you like it to be? $bold"
read computer_name
echo "$reset"
run sudo scutil --set ComputerName "'$computer_name'"
run sudo scutil --set HostName "'$computer_name'"
run sudo scutil --set LocalHostName "'$computer_name'"
run sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "'$computer_name'"
# Files
echo "Set bash autocomplete & preferences"
run sudo cp ./files/inputrc ~/.inputrc
#-----------------------#
# Install software deps #
#-----------------------#
echo
chapter "Installing system software dependencies."
# Note: Before installing Homebrew, set the following in your .bash_profile for increased privacy.
#export HOMEBREW_NO_ANALYTICS=1
#export HOMEBREW_NO_INSECURE_REDIRECT=1
echo "Install Homebrew."
which -s brew
if [[ $? != 0 ]] ; then
run '/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"'
else
run brew update
fi
echo "Add homerbew to PATH."
run sudo cp ./files/zprofile ~/.zprofile
run source ~/.zprofile
echo "Install Mac App Store CLI"
run brew install mas
run brew upgrade mas
#-----------------#
# UX Improvements #
#-----------------#
echo
chapter "Making UX and performance improvements."
#echo "Disable startup chime sound."
#run sudo nvram SystemAudioVolume=" "
echo "Disable sudden motion sensor. (Not useful for SSDs)."
run sudo pmset -a sms 0
echo "Use 24-hour time. Use the format EEE MMM d H:mm:ss"
run defaults write com.apple.menuextra.clock DateFormat -string "'EEE d MMM HH:mm:ss'"
echo "Set a fast keyboard repeat rate, after a good initial delay."
run defaults write NSGlobalDomain KeyRepeat -int 1
run defaults write NSGlobalDomain InitialKeyRepeat -int 25
echo "Disable auto-correct."
run defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false
echo "Speed up mission control animations."
run defaults write com.apple.dock expose-animation-duration -float 0.1
echo "Auto hide the dock."
run defaults write com.apple.dock autohide -bool true
echo "Remove the auto-hiding dock delay."
run defaults write com.apple.dock autohide-delay -int 0
echo "Magnify dock icons, but only a little."
run defaults write com.apple.dock largesize -int 90
echo "Save screenshots in PNG format."
run defaults write com.apple.screencapture type -string png
echo "Save screenshots to user screenshots directory instead of desktop."
run mkdir ~/Screenshots
run defaults write com.apple.screencapture location -string ~/Screenshots
echo "Disable shadow in screenshots."
run defaults write com.apple.screencapture disable-shadow -bool true
echo "Disable mouse enlargement with jiggle."
run defaults write ~/Library/Preferences/.GlobalPreferences CGDisableCursorLocationMagnification -bool true
#echo "Disable annoying UI error sounds."
#run defaults write com.apple.systemsound com.apple.sound.beep.volume -int 0
#run defaults write com.apple.sound.beep feedback -int 0
#run defaults write com.apple.systemsound com.apple.sound.uiaudio.enabled -int 0
#run osascript -e 'set volume alert volume 0'
echo "Show all filename extensions."
run defaults write NSGlobalDomain AppleShowAllExtensions -bool true
echo "Disable the warning when changing a file extension."
run defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
echo "Use list view in all Finder windows by default."
run defaults write com.apple.finder FXPreferredViewStyle -string '"Nlsv"'
echo "Show the ~/Library folder."
run chflags nohidden ~/Library
echo "Show the /Volumes folder."
run sudo chflags nohidden /Volumes
echo "Show hidden files (whose name starts with dot) in finder."
run defaults write com.apple.finder AppleShowAllFiles -int 1
echo "Show full file path in finder windows."
run defaults write _FXShowPosixPathInTitle com.apple.finder -int 1
echo "Don't write DS_Store files to network shares."
run defaults write DSDontWriteNetworkStores com.apple.desktopservices -int 1
echo "Don't ask to use external drives as a Time Machine backup."
run defaults write DoNotOfferNewDisksForBackup com.apple.TimeMachine -int 1
echo "Always show scrollbars."
run defaults write NSGlobalDomain AppleShowScrollBars -string "Always"
echo "Expand save panel by default."
run defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
run defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode2 -bool true
echo "Expand print panel by default."
run defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
run defaults write NSGlobalDomain PMPrintingExpandedStateForPrint2 -bool true
#echo "Disable automatic capitalization."
#run defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false
#echo "Disable smart dashes."
#run defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
echo "Disable automate period substitution."
run defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false
echo "Disable smart quotes."
run defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
#echo "Enable subpixel font rendering on non-Apple LCDs."
## Reference: https://github.com/kevinSuttle/macOS-Defaults/issues/17#issuecomment-266633501
#run defaults write NSGlobalDomain AppleFontSmoothing -int 1
echo "Use the dark theme."
run defaults write ~/Library/Preferences/.GlobalPreferences AppleInterfaceStyle -string "Dark"
#--------------------#
# Security & Privacy #
#--------------------#
echo
chapter "Making security and privacy improvements."
echo "Disable Safari from auto-filling sensitive data."
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillCreditCardData -bool false
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillFromAddressBook -bool false
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillMiscellaneousForms -bool false
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillPasswords -bool false
echo "Enable Do Not Track in Safari."
run defaults write com.apple.Safari SendDoNotTrackHTTPHeader -bool true
echo "Disable Safari from automatically opening files."
run defaults write ~/Library/Preferences/com.apple.Safari AutoOpenSafeDownloads -bool false
echo "Enable Safari warnings when visiting fradulent websites."
run defaults write ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites -bool true
echo "Block popups in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool false
run defaults write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool false
#echo "Always block cookies and local storage in Safari."
#run defaults write ~/Library/Preferences/com.apple.Safari BlockStoragePolicy -bool false
#echo "Disable javascript in Safari."
#run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool false
#run defaults write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled -bool false
#echo "Disable plugins and extensions in Safari."
#run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled -bool false
#run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool false
#run defaults write ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled -bool false
#run defaults write ~/Library/Preferences/com.apple.Safari ExtensionsEnabled -bool false
#run defaults write ~/Library/Preferences/com.apple.Safari PlugInFirstVisitPolicy PlugInPolicyBlock
#run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false
#run defaults write ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled -bool false
echo "Safari should treat SHA-1 certificates as insecure."
run defaults write ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure -bool true
echo "Disable pre-loading websites with high search rankings."
run defaults write ~/Library/Preferences/com.apple.Safari PreloadTopHit -bool false
echo "Disable Safari search engine suggestions."
run defaults write ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions -bool true
echo "Enable Do-Not-Track HTTP header in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader -bool true
#echo "Disable pdf viewing in Safari."
#run defaults write ~/Library/Preferences/com.apple.Safari WebKitOmitPDFSupport -bool true
echo "Display full website addresses in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool true
echo "Disable spotlight universal search (don't send info to Apple)."
run defaults write com.apple.safari UniversalSearchEnabled -int 0
echo "Disable Spotlight Suggestions, Bing Web Search, and other leaky data."
run python3 ./fix_leaky_data.py
echo "Set screen to lock almost as soon as the screensaver starts."
run defaults write com.apple.screensaver askForPassword -int 1
run defaults write com.apple.screensaver askForPasswordDelay -int 5
#echo "Don't default to saving documents to iCloud."
#run defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
echo "Disable crash reporter."
run defaults write com.apple.CrashReporter DialogType none
echo "Enable AirDrop over Ethernet."
run defaults write com.apple.NetworkBrowser BrowseAllInterfaces -bool true
#echo "Set all network interfaces to use Cloudflare DNS (1.1.1.1)."
#run bash ./use_cloudflare_dns.sh
#echo "Disable wake on network access."
#run sudo systemsetup -setwakeonnetworkaccess off
#echo "Disable Bonjour multicast advertisements."
#run defaults write /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements -bool YES
# This is disabled by default, but sometimes people turn it on and forget to turn it back off again.
echo "Turn off remote desktop access."
run sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
echo "Enable Mac App Store automatic updates."
run defaults write com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true
#echo "Check for Mac App Store updates daily."
#run defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1
#echo "Download Mac App Store updates in the background."
#run defaults write com.apple.SoftwareUpdate AutomaticDownload -int 1
echo "Install Mac App Store system data files & security updates."
run defaults write com.apple.SoftwareUpdate CriticalUpdateInstall -int 1
echo "Turn on Mac App Store auto-update."
run defaults write com.apple.commerce AutoUpdate -bool true
# Blocklists
#echo "Block all Facebook domains."
#if ! grep --quiet facebook /etc/hosts; then
# run cat block_facebook | sudo tee -a /etc/hosts
#else
# echo "${dim}▹ Facebook domains already blocked. $reset"
#fi
#-----------------------#
# Brew install software #
#-----------------------#
echo
chapter "Installing CLI applications with homebrew"
echo "Install and configure git."
run brew install git
run brew upgrade git
run git config --global user.email "george.miranda@gmail.com"
run git config --global user.name "gmiranda23"
# List of all brew packages to install
#-------------------------------------
# node - nodeJS (to get npm)
# ffmpeg - Play, record, convert, and stream audio and video
# jq - A lightweight and flexible command-line JSON processor
# shellcheck - Static analysis and lint tool, for (ba)sh scripts
# speedtest-cli - Command-line interface for https://speedtest.net bandwidth tests
# tldr - Simplified and community-driven man pages
# wget - Internet file retriever
# youtube-dl - Download YouTube videos from the command-line (deprecated, but still handy)
# yt-dlp - Fork of youtube-dl with additional features and fixes
brewcli="node ffmpeg jq shellcheck speedtest-cli tldr wget youtube-dl yt-dlp"
for i in $brewcli ; do
echo "Install $i"
run brew install $i
run brew upgrade $i
done
# List of all brew casks to install
#----------------------------------
# aerial - Apple TV Aerial screensaver
# atom - GitHub Atom Editor (discontinued upstream)
# audacity - Multi-track audio editor and recorder
# choosy - Open links in any browser
# dropbox - Client for the Dropbox cloud storage service
# iterm2 - Terminal emulator as alternative to Apple's Terminal app
# menumeters - Set of CPU, memory, disk, and network monitoring tools
# moom - Utility to move and zoom windows—on one display
# paintbrush - Simple MacOS image editor
# skype - Video chat, voice call and instant messaging application
# spotify - Music streaming service
# timer - Stopwatch, alarm clock, and clock utility
# vlc - Multimedia player
# visual-studio-code - Microsoft Visual Studio Code, open-source code editor
# zoom - Video communication and virtual meeting platform
# firefox - Mozilla Firefox web browser
# google-chrome - Google Chrome web browser
brewcasks="aerial atom audacity choosy dropbox iterm2 menumeters moom paintbrush
skype spotify timer vlc visual-studio-code zoom firefox google-chrome"
for ii in $brewcasks ; do
echo "Install $ii"
run brew install --cask $ii
done
# Configure brew software
#------------------------
echo
chapter "Configuring homebrew installed software"
#echo "Install Visual Studio Code Extensions."
#vscode_install_ext(){
# run code --install-extension $@
#}
#vscode_install_ext ms-python.python
#vscode_install_ext rust-lang.rust
echo "Prevent Google Chrome from Syncing automatically."
run defaults write com.google.Chrome SyncDisabled -bool true
run defaults write com.google.Chrome RestrictSigninToPattern -string ".*@example.com"
#echo "Install Shadowfox (dark theme for Firefox)."
#run brew install srkomodo/tap/shadowfox-updater
# This requires some gui interaction and firefox pre-installed...
# shadowfox-updater -generate-uuids -profile-index 0 -set-dark-theme
#----------------------------------#
# Configure Mac App Store software #
#----------------------------------#
# Install all the Mac App Store applications using mas. https://github.com/mas-cli/mas
echo
chapter "Installing Mac App Store applications."
#--------------------------------------
# List of all mas apps to install
# format: ["pkg_id"]="Descriptive name"
# (use 'mas search' to maintain)
#--------------------------------------
declare -a mas_array=(
["1333542190"]="1Password 7"
["808647808"]="Activity Timer"
["803453959"]="Slack"
["1153157709"]="Speedtest by Ookla"
["533696630"]="Webcam Settings"
)
for key in ${!mas_array[@]}
do
echo "Install ${mas_array[${key}]}"
run mas install ${key}
done
# App store updates
echo "Upgrade any Mac App Store applications."
run mas upgrade
#-------------------------#
# Install system software #
#-------------------------#
# Eventually we'll automate the installs of each of these, or they're older
# The biggest challenege is just remembering which apps you need
echo
chapter "Downloading some software for manual installation later."
download_file "https://central.github.com/deployments/desktop/desktop/latest/darwin" "github-latest.dmg"
download_file "https://updates.signal.org/desktop/signal-desktop-mac-1.25.3.zip" "signal-desktop-mac-1.25.3.zip"
download_file "https://www.telestream.net/download-files/screenflow/9-0/ScreenFlow-9.0.8.dmg" "ScreenFlow-9.0.8.dmg"
#-------------------#
# Install oh-my-zsh #
#-------------------#
echo "Install oh-my-zsh"
run 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"'
#---------------#
# Final updates #
#---------------#
echo
chapter "Final updates and restarts."
echo "Run one final check to make sure software is up to date."
run softwareupdate -i -a
echo "Restart System Services."
run killall Dock
run killall Finder
run killall SystemUIServer
echo
headline " "
headline " Your Mac is set up and ready!"
headline " Some settings will not take effect until you reboot."
headline " Automatic reboot in progress unless cancelled...
headline " "
echo
sec=60; while [ $sec -ge 0 ]; do
echo -ne "Rebooting in $sec\033[0K\r"
let "sec=sec-1"
sleep 1
done