-
-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathinstall.sh
executable file
·485 lines (347 loc) · 18.4 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
#!/usr/bin/env bash
source "./public.bash"
# Current User
user=$(id -un)
# Keep-alive: update existing `sudo` time stamp until script has finished
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
echo ""
headline " Let's secure your Mac and install basic applications."
echo ""
echo "Modifying settings for user: $user."
# Close any open System Preferences panes, to prevent them from overriding
# settings we’re about to change
osascript -e 'tell application "System Preferences" to quit'
# Ask for the administrator password upfront
if [ $(sudo -n uptime 2>&1|grep "load"|wc -l) -eq 0 ]
then
step "Some of these settings are system-wide, therefore we need your permission."
sudo -v
echo ""
fi
step "Setting your computer name (as done via System Preferences → Sharing)."
echo "What would you like it to be? $bold"
read computer_name
echo "$reset"
run sudo scutil --set ComputerName "'$computer_name'"
run sudo scutil --set HostName "'$computer_name'"
run sudo scutil --set LocalHostName "'$computer_name'"
run sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "'$computer_name'"
# Files
echo "Enable bash autocomplete"
run sudo cp ./files/.inputrc ~/.inputrc
echo "Disable startup chime sound."
run sudo nvram SystemAudioVolume=" "
# UX And Performance Improvements
echo "Disable sudden motion sensor. (Not useful for SSDs)."
run sudo pmset -a sms 0
echo "Use 24-hour time. Use the format EEE MMM d H:mm:ss"
run defaults write com.apple.menuextra.clock DateFormat -string 'EEE MMM d H:mm:ss'
echo "Disable press-and-hold for keys in favor of key repeat."
run defaults write NSGlobalDomain ApplePressAndHoldEnabled -bool false
echo "Set a fast keyboard repeat rate, after a good initial delay."
run defaults write NSGlobalDomain KeyRepeat -int 1
run defaults write NSGlobalDomain InitialKeyRepeat -int 25
echo "Disable auto-correct."
run defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false
echo "Speed up mission control animations."
run defaults write com.apple.dock expose-animation-duration -float 0.1
echo "Remove the auto-hiding dock delay."
run defaults write com.apple.dock autohide-delay -int 0
echo "Use the dark theme."
run defaults write ~/Library/Preferences/.GlobalPreferences AppleInterfaceStyle -string "Dark"
echo "Save screenshots in PNG format."
run defaults write com.apple.screencapture type -string png
echo "Save screenshots to user screenshots directory instead of desktop."
run mkdir ~/screenshots
run defaults write com.apple.screencapture location -string ~/screenshots
echo "Disable shadow in screenshots."
defaults write com.apple.screencapture disable-shadow -bool true
echo "Disable menu transparency."
run defaults write com.apple.universalaccess reduceTransparency -int 1
echo "Turn off increased contrast. macOS 10.14 causes ugly white borders."
run defaults write com.apple.universalaccess increaseContrast -int 0
echo "Disable mouse enlargement with jiggle."
run defaults write ~/Library/Preferences/.GlobalPreferences CGDisableCursorLocationMagnification -bool true
echo "Disable annoying UI error sounds."
run defaults write com.apple.systemsound com.apple.sound.beep.volume -int 0
run defaults write com.apple.sound.beep feedback -int 0
run defaults write com.apple.systemsound com.apple.sound.uiaudio.enabled -int 0
run osascript -e 'set volume alert volume 0'
echo "Show all filename extensions."
run defaults write NSGlobalDomain AppleShowAllExtensions -bool true
echo "Disable the warning when changing a file extension."
run defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
echo "Use list view in all Finder windows by default."
run defaults write com.apple.finder FXPreferredViewStyle -string '"Nlsv"'
echo "Show the ~/Library folder."
run chflags nohidden ~/Library
echo "Show the /Volumes folder."
run sudo chflags nohidden /Volumes
echo "Show hidden files (whose name starts with dot) in finder."
run defaults write com.apple.finder AppleShowAllFiles -int 1
echo "Show full file path in finder windows."
run defaults write _FXShowPosixPathInTitle com.apple.finder -int 1
echo "Don't write DS_Store files to network shares."
run defaults write DSDontWriteNetworkStores com.apple.desktopservices -int 1
echo "Don't ask to use external drives as a Time Machine backup."
run defaults write DoNotOfferNewDisksForBackup com.apple.TimeMachine -int 1
echo "Disable natural scrolling."
run defaults write ~/Library/Preferences/.GlobalPreferences com.apple.swipescrolldirection -bool false
echo "Always show scrollbars."
run defaults write NSGlobalDomain AppleShowScrollBars -string "Always"
echo "Expand save panel by default."
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode2 -bool true
echo "Expand print panel by default."
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint2 -bool true
echo "Disable automatic capitalization."
defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false
echo "Disable smart dashes."
defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
echo "Disable automate period substitution."
defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false
echo "Disable smart quotes."
defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
echo "Enable subpixel font rendering on non-Apple LCDs."
# Reference: https://github.com/kevinSuttle/macOS-Defaults/issues/17#issuecomment-266633501
defaults write NSGlobalDomain AppleFontSmoothing -int 1
# Security And Privacy Improvements
echo "Disable Safari from auto-filling sensitive data."
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillCreditCardData -bool false
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillFromAddressBook -bool false
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillMiscellaneousForms -bool false
run defaults write ~/Library/Preferences/com.apple.Safari AutoFillPasswords -bool false
echo "Enable Do Not Track in Safari."
defaults write com.apple.Safari SendDoNotTrackHTTPHeader -bool true
echo "Disable Safari from automatically opening files."
run defaults write ~/Library/Preferences/com.apple.Safari AutoOpenSafeDownloads -bool false
echo "Always block cookies and local storage in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari BlockStoragePolicy -bool false
echo "Enable Safari warnings when visiting fradulent websites."
run defaults write ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites -bool true
echo "Disable javascript in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool false
run defaults write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled -bool false
echo "Block popups in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool false
run defaults write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool false
echo "Disable plugins and extensions in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled -bool false
run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool false
run defaults write ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled -bool false
run defaults write ~/Library/Preferences/com.apple.Safari ExtensionsEnabled -bool false
run defaults write ~/Library/Preferences/com.apple.Safari PlugInFirstVisitPolicy PlugInPolicyBlock
run defaults write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false
run defaults write ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled -bool false
echo "Safari should treat SHA-1 certificates as insecure."
run defaults write ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure -bool true
echo "Disable pre-loading websites with high search rankings."
run defaults write ~/Library/Preferences/com.apple.Safari PreloadTopHit -bool false
echo "Disable Safari search engine suggestions."
run defaults write ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions -bool true
echo "Enable Do-Not-Track HTTP header in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader -bool true
echo "Disable pdf viewing in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari WebKitOmitPDFSupport -bool true
echo "Display full website addresses in Safari."
run defaults write ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool true
echo "Disable loading remote content in emails in Apple Mail."
run defaults write ~/Library/Preferences/com.apple.mail-shared DisableURLLoading -bool true
echo "Send junk mail to the junk mail box in Apple Mail."
run defaults write ~/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail JunkMailBehavior -int 2
echo "Disable spotlight universal search (don't send info to Apple)."
run defaults write com.apple.safari UniversalSearchEnabled -int 0
echo "Disable Spotlight Suggestions, Bing Web Search, and other leaky data."
run python ./fix_leaky_data.py
echo "Disable Captive Portal Hijacking Attack."
run defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false
echo "Set screen to lock as soon as the screensaver starts."
run defaults write com.apple.screensaver askForPassword -int 1
run defaults write com.apple.screensaver askForPasswordDelay -int 0
echo "Don't default to saving documents to iCloud."
run defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
echo "Disable crash reporter."
run defaults write com.apple.CrashReporter DialogType none
echo "Enable Stealth Mode. Computer will not respond to ICMP ping requests or connection attempts from a closed TCP/UDP port."
run defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true
echo "Enable AirDrop over Ethernet."
defaults write com.apple.NetworkBrowser BrowseAllInterfaces -bool true
echo "Set all network interfaces to use Cloudflare DNS (1.1.1.1)."
run bash ./use_cloudflare_dns.sh
echo "Disable wake on network access."
run systemsetup -setwakeonnetworkaccess off
echo "Disable Bonjour multicast advertisements."
run defaults write /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements -bool YES
# This is disabled by default, but sometimes people turn it on and forget to turn it back off again.
echo "Turn off remote desktop access."
run sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
echo "Enable Mac App Store automatic updates."
run defaults write com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true
echo "Check for Mac App Store updates daily."
run defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1
echo "Download Mac App Store updates in the background."
run defaults write com.apple.SoftwareUpdate AutomaticDownload -int 1
echo "Install Mac App Store system data files & security updates."
run defaults write com.apple.SoftwareUpdate CriticalUpdateInstall -int 1
echo "Turn on Mac App Store auto-update."
run defaults write com.apple.commerce AutoUpdate -bool true
# Blocklists
echo "Block all Facebook domains."
if ! grep --quiet facebook /etc/hosts; then
run cat block_facebook | sudo tee -a /etc/hosts
else
echo "${dim}▹ Facebook domains already blocked. $reset"
fi
# Download Packaged Software
# Some software comes packaged directly from the vendor
# Eventually we'll automate the installs of each of these
# But the biggest challenege is just remembering
# Which apps you need to download, so let's do that for now
download_file "https://download.mozilla.org/?product=firefox-latest-ssl&os=osx&lang=en-US" "firefox-latest.dmg"
download_file "https://app-updates.agilebits.com/download/OPM7" "1password-latest.pkg"
download_file "https://iterm2.com/downloads/stable/iTerm2-3_2_9.zip" "iTerm2-3_2_9.zip"
download_file "https://discordapp.com/api/download?platform=osx" "discord-latest.dmg"
download_file "https://dl.iina.io/IINA.v1.0.4.dmg" "IINA.v1.0.4.dmg"
download_file "https://cdn-fastly.obsproject.com/downloads/obs-mac-23.2.1-installer.pkg" "obs-mac-23.2.1-installer.pkg"
download_file "https://www.kaleidoscopeapp.com/download" "kaleidoscope-latest.zip"
download_file "https://github.com/transmission/transmission-releases/raw/master/Transmission-2.94.dmg" "Transmission-2.94.dmg"
download_file "https://d2oxtzozd38ts8.cloudfront.net/audiohijack/download/AudioHijack.zip" "AudioHijack.zip"
download_file "https://github.com/pje/WavTap/releases/download/0.3.0/WavTap.0.3.0.pkg" "WavTap.0.3.0.pkg"
download_file "https://central.github.com/deployments/desktop/desktop/latest/darwin" "github-latest.dmg"
download_file "https://steamcdn-a.akamaihd.net/client/installer/steam.dmg" "steam-latest.dmg"
download_file "https://updates.signal.org/desktop/signal-desktop-mac-1.25.3.zip" "signal-desktop-mac-1.25.3.zip"
# Blackmagic uses expiring keys to force you through their registration dialog
# *sigh* Manual download for now I guess... https://sw.blackmagicdesign.com/DesktopVideo/v11.2/Blackmagic_Desktop_Video_Macintosh_11.2.zip
# Install Applications
# Note: Before installing Homebrew, set the following settings in your .bash_profile for increased privacy.
# export HOMEBREW_NO_ANALYTICS=1
# export HOMEBREW_NO_INSECURE_REDIRECT=1
echo "Install Homebrew."
which -s brew
if [[ $? != 0 ]] ; then
run '/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"'
else
run brew update
fi
echo "Install and configure git."
run brew install git
run git config --global user.email "[email protected]"
git config --global user.name "echohack"
echo "Prevent iTunes from taking backups of iPhone."
run defaults write com.apple.iTunes DeviceBackupsDisabled -bool true
echo "Install jq."
run brew install jq
echo "Install tldr."
run brew install tldr
echo "Install mas (Mac App Store Command Line)."
run brew install mas
echo "Prevent Google Chrome from Syncing automatically."
run defaults write com.google.Chrome SyncDisabled -bool true
run defaults write com.google.Chrome RestrictSigninToPattern -string ".*@example.com"
echo "Install Shadowfox (dark theme for Firefox)."
run brew install srkomodo/tap/shadowfox-updater
# This requires some gui interaction and firefox pre-installed...
# shadowfox-updater -generate-uuids -profile-index 0 -set-dark-theme
echo "Install youtube-dl."
run brew install youtube-dl
run brew upgrade youtube-dl
run brew install ffmpeg
run brew upgrade ffmpeg
echo "Install keyboard flashing tool for Nightfox Mechanical keyboard."
run brew install dfu-util
# Flash with dfu-util -a 0 -R -D kiibohd.dfu.bin
echo "Install exercism CLI."
run brew install exercism
run brew upgrade exercism
echo "Install shellcheck."
run brew install shellcheck
echo "Install pre-commit"
run brew install pre-commit
echo "Install docker."
run brew cask install docker
echo "Install VLC."
run brew cask install vlc
echo "Install LiceCap."
run brew cask install licecap
echo "Install Visual Studio Code."
run brew cask install visual-studio-code
echo "Install Visual Studio Code Extensions."
vscode_install_ext(){
run code --install-extension $@
}
vscode_install_ext bungcip.better-toml
vscode_install_ext mauve.terraform
vscode_install_ext ms-python.python
vscode_install_ext ms-vscode.vscode-typescript-tslint-plugin
vscode_install_ext redhat.vscode-yaml
vscode_install_ext rust-lang.rust
echo "Install npm."
run brew install npm
# Trust a curl | bash? Why not.
echo "Install rust using Rustup."
rustc --version
if [[ $? != 0 ]] ; then
run curl https://sh.rustup.rs -sSf | sh
run rustup update
fi
# Install all the Mac App Store applications using mas. https://github.com/mas-cli/mas
mac_app_login=$(mas account | grep @)
if [ -z "$mac_app_login" ] ; then
chapter "Let's install Mac App Store applications. What is your Mac App Store email login? $bold"
read mac_app_login
run mas signin $mac_app_login
fi
echo "Install Decompressor."
run mas install 1033480833
echo "Install Divvy."
run mas install 413857545
echo "Install DrawnStrips Reader."
run mas install 473092872
echo "Install HEIC Converter."
run mas install 1294126402
echo "Install Keynote."
run mas install 409183694
echo "Install Microsoft Remote Desktop."
run mas install 1295203466
echo "Install Pixelmator Pro."
run mas install 1289583905
echo "Install Reeder."
run mas install 880001334
echo "Install Slack."
run mas install 803453959
echo "Install Speedtest."
run mas install 1153157709
echo "Install Things3."
run mas install 904280696
echo "Install Tweetdeck."
run mas install 485812721
# Transmission.app
echo "Transmisson: Don’t prompt for confirmation before downloading."
defaults write org.m0k.transmission DownloadAsk -bool false
defaults write org.m0k.transmission MagnetOpenAsk -bool false
echo "Transmisson: Don’t prompt for confirmation before removing non-downloading active transfers."
defaults write org.m0k.transmission CheckRemoveDownloading -bool true
echo "Transmisson: Trash original torrent files."
defaults write org.m0k.transmission DeleteOriginalTorrent -bool true
echo "Transmisson: Hide the donate message."
defaults write org.m0k.transmission WarningDonate -bool false
echo "Transmisson: Hide the legal disclaimer."
defaults write org.m0k.transmission WarningLegal -bool false
echo "Transmisson: IP block list."
defaults write org.m0k.transmission BlocklistNew -bool true
defaults write org.m0k.transmission BlocklistURL -string "http://john.bitsurge.net/public/biglist.p2p.gz"
defaults write org.m0k.transmission BlocklistAutoUpdate -bool true
echo "Transmisson: Randomize port on launch."
defaults write org.m0k.transmission RandomPort -bool true
# Final updates
echo "Upgrade any Mac App Store applications."
run mas upgrade
echo "Run one final check to make sure software is up to date."
run softwareupdate -i -a
run killall Dock
run killall Finder
run killall SystemUIServer
chapter "Some settings will not take effect until you restart your computer."
headline " Your Mac is setup and ready!"
#https://itunes.apple.com/us/app/pixelmator-pro/id1289583905?mt=12