A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.
Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub: https://mikemcquaid.com/2016/06/15/replacing-boxen/
- Enables
sudo
using TouchID - Disables Java in Safari (for better security)
- Enables the macOS screensaver password immediately (for better security)
- Enables the macOS application firewall (for better security)
- Adds a
Found this computer?
message to the login screen (for machine recovery) - Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
- Installs the Xcode Command Line Tools (for compilers and Unix tools)
- Agree to the Xcode license (for using compilers without prompts)
- Installs Homebrew (for installing command-line software)
- Installs Homebrew Bundle (for
bundler
-likeBrewfile
support) - Installs Homebrew Services (for managing Homebrew-installed services)
- Installs Homebrew Cask (for installing graphical software)
- Installs the latest macOS software updates (for better security)
- Installs dotfiles from a user's
https://github.com/username/dotfiles
repository. If they exist and are executable: runsscript/setup
to configure the dotfiles andscript/strap-after-setup
after setting up everything else. - Installs software from a user's
Brewfile
in theirhttps://github.com/username/homebrew-brewfile
repository or.Brewfile
in their home directory. - A simple web application to set Git's name, email and GitHub token (needs authorised on any organisations you wish to access)
- Idempotent
- Enabling any network services by default (instead enable them when needed)
- Installing Homebrew formulae by default for everyone in an organisation (install them with
Brewfile
s in project repositories instead of mandating formulae for the whole organisation) - Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
- Disabling security features (these are a minimal set of best practises)
- Add phone number to security screen message (want to avoid prompting users for information on installation)
Open https://strap.mikemcquaid.com/ in your web browser.
Instead, to run Strap locally run:
git clone https://github.com/MikeMcQuaid/strap
cd strap
bash bin/strap.sh # or bash bin/strap.sh --debug for more debugging output
Instead, to run the web application locally run:
git clone https://github.com/MikeMcQuaid/strap
cd strap
./script/bootstrap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server
Strap is also available as a Docker image on Docker Hub (mikemcquaid/strap
) and GitHub Packages (ghcr.io/mikemcquaid/strap
).
GITHUB_KEY
: the GitHub.com Application Client ID.GITHUB_SECRET
: the GitHub.com Application Client Secret.SESSION_SECRET
: the secret used for cookie session storage.WEB_CONCURRENCY
: the number of Unicorn (web server) processes to run (defaults to 3).STRAP_ISSUES_URL
: the URL where users should file issues (defaults to no URL).STRAP_BEFORE_INSTALL
: instructions displayed in the web application for users to follow before installing Strap (wrapped in<li>
tags).CUSTOM_HOMEBREW_TAP
: an optional Homebrew tap to install withbrew tap
. Specify multiple arguments to brew tap by separating values with spaces.CUSTOM_BREW_COMMAND
: a singlebrew
command that is run after all other stages have completed.
Stable and in active development.
Licensed under the MIT License. The full license text is available in LICENSE.txt.