macbook-playbook

Ansible playbook to prepare and maintain macOS for development and desktop use.

Table of Contents

• Tested on
• Configuring machine
  • Install Developer Tools (xcode-select)
  • Clone repository
  • Create an Ansible Vault password
  • Encrypted files (using Ansible Vault)
  • Prepare machine to run the Ansible playbooks
  • Provision machine
  • Manual steps post make converge
    • Enable assistive access for Divvy
    • Enable assistive access for Terminal
    • Enable assistive access for Emacs
    • Set up Spotify Last.fm connect
• Roles
  • Installs
    • Desktop Applications
    • Text Editors
    • Communication
    • Configuration
    • Multimedia
    • Browser Plugins
    • Programming Languages
    • Virtualization, Provisioning, Containers and System Tools
    • Package Managers and Build Tools
    • Shell
    • Programming Utilities
    • Security
    • GNU Command Line Tools
    • Data Systems
    • Configuration, Monitoring and Debugging (tag: observability)
    • Document Processors and Plotting
    • Markup Tools
    • Command line tools
    • Miscellaneous
  • Configures
    • Passwordless sudo
    • Remaps Caps-Lock to Control
    • Puts SSH keys in place
    • Makes Google Chrome the default browser
• Author
• License

Tested on

I’ve been using macbook-playbook for 6 years now. I’ve used it on at least four MacBookPros with different macOS versions. The macOS version on my current MacBookPros is 10.14.4 as of [2020-01-03 Fri].

Please let me know if you try macbook-playbook out and bump into something.

Configuring machine

Install Developer Tools (xcode-select)

Open the Terminal application and type `git` into the shell.

Clone repository

git clone https://github.com/mpereira/macbook-playbook.git

Create an Ansible Vault password

This password will be used to encrypt and decrypt the files referenced in the Encrypted files section. Please make sure to use a strong password.

echo 'SomePassword123$' > .ansible_vault_password

Encrypted files (using Ansible Vault)

The files currently checked into this git repository are encrypted with my personal Ansible Vault password. Unless you have my password, roles referencing these files will fail to run.

Description	File	Role
AWS CLI credentials	awscli/files/credentials	awscli
BetterTouchTool license	better-touch-tool/files/license.xml	better-touch-tool
Enviroment variables for dotfiles	dotfiles/vars/environment.yml	dotfiles
Prey API key	prey/vars/api_key.yml	prey
Private SSH key	ssh-keys/files/id_rsa	ssh-keys
s3cmd configuration	s3cmd/files/.s3cfg	s3cmd

You have two choices: skip these roles, and/or overwrite the encrypted files with your own.

To overwrite them first run

make truncate-sensitive-files

And then you’ll be able to overwrite them with your own files (for example your own ~/.ssh/id_rsa) and then encrypt them with make encrypt.

Prepare machine to run the Ansible playbooks

This installs the macOS Command Line Developer tools and Ansible.

make bootstrap

Provision machine

This runs all roles under roles.

make converge

ansible-playbook arguments can be passed via the ARGS environment variable. For example, --tags can be passed so that only matching roles are run.

make converge ARGS='--tags google-chrome'

--skip-tags can also be passed to avoid running certain roles.

make converge ARGS='--skip-tags unity'

All role tags can be seen in =main.yml=.

Manual steps post make converge

These are steps that are currently not automated either because: a) it would be difficult b) it would be impossible c) or I just didn’t have the time

Change keyboard layout to U.S. international

1. System Preferences -> Keyboard -> Input Sources
2. Click +
3. Select “English” on left column
4. Select “U.S. International - PC” on right column
5. Click “Add”
6. Remove other keyboard layouts from the left column

PDF Expert

Register license

Sound Control

Check “Check for updates automatically”

Register license

Preferences > Priority Devices > Output and Input

• Check “Switch to device when” “Device is attached”
• Reorder devices in priority list

BetterTouchTool

Register license

Terminal

Preferences > Profiles > Pro > Font

Set to Hack Regular 18 pt.

System Preferences > Security & Privacy > Privacy > Accessibility

• BetterTouchTool.app
• Dropbox
• Emacs.app
• Persephone.app
• RescueTime
• VLC

System Preferences > Keyboard > Shortcuts > Mission Control

Uncheck:

• Mission Control
• Move left a space
• Move right a space
• Switch to desktop 1

Roles

Installs

Desktop Applications

• Android File Transfer
• BitBar
• Cursorcerer
• Dash
• Divvy
• Dropbox
• Elgato Dock
• f.lux
• Firefox
• Google Chrome
• Google Photos
• Grammarly
• iStat Menus
• LICEcap
• PDF Expert
• Persephone
• RescueTime
• Skype
• Slack
• Sound Control
• Spotify
• Steam
• Teensy Loader
• ToggleDarkMode
• Unity
• Unity Hub
• VLC
• XQuartz
• YNAB (disabled by default, I use the online version)

Text Editors

• Emacs 27.1
• Emacs 28.0.50
• MacVim
• Neovim
• Vim
• VSCode

Configuration

• dotemacs
• dotfiles

Programming Languages

• Clojure
• GNU Octave
• Go
• Haskell
• Java (AdoptOpenJDK)
• Lua
• LuaJIT
• Node.js
• PureScript
• Python 3
• R
• Ruby
• Rust

Multimedia

• Beets
• FFmpeg
• gifsicle
• ImageMagick
• mpc
• mpd
• mpdscribble
• mpg123
• mplayer
• shpotify
• TagLib

Fonts

• Consolas
• Hack

Browser Plugins

• Firefox Adblock Plus

Virtualization, Provisioning, Containers and System Tools

• Docker
• krew
• kubectl
• kubectl-tree
• OpenZFS
• Terraform
• Vagrant
• Vagrant vagrant-vbguest plugin
• VirtualBox

Package Managers and Build Tools

• bundler
• CMake
• GraalVM
• Homebrew
• leiningen
• MacPorts
• Make
• Maven
• pulp
• Yarn

Shell

• Babashka
• Bash
• fish
• fish-foreign-env
• iTerm
• tmux
• tmuxinator
• Zsh

Programming Utilities

• Black
• clojure-lsp
• Ctags
• gron
• ktlint
• node-cljfmt
• Prettier
• Pyre
• rust-analyzer
• ShellCheck
• shfmt
• YAPF
• yq

Data Systems

• Apache Hadoop

Configuration, Monitoring and Debugging (tag: observability)

• Apache JMeter
• Glances
• htop
• ngrep
• vtop

Document Processors and Plotting

• gnuplot
• MacTeX

Markup Tools

• Grip
• Hugo
• Markdown
• Pandoc
• wkhtmltopdf

Command line tools

• AWS CLI
• defaultbrowser
• delta
• delta
• git
• jq
• p7zip
• pgsanity
• pngpaste
• ripgrep
• s3cmd (disabled by default, I use the AWS CLI now)
• tealdeer
• terminal-notifier
• tree
• websocat
• wrk
• xz

Security

• Prey
• GnuPG
• vault

GNU Command Line Tools

• binutils
• coreutils
• diffutils
• ed
• findutils
• gawk
• gnu-indent
• gnu-sed
• gnu-tar
• gnu-which
• gnutls
• grep
• gzip
• screen
• watch
• wdiff
• wget

Miscellaneous

• FontForge
• Qt 5 (disabled by default)
• WordNet

Configures

Makes Google Chrome the default browser

Passwordless sudo

Puts SSH keys in place

Remaps Caps-Lock to Control

Author

Murilo Pereira

License

MIT