├── .github └── workflows │ └── build.yml ├── .gitignore ├── LICENSE ├── README.md └── src ├── linux ├── README.md └── maintenance │ └── update.sh ├── macos ├── README.md ├── apple-notes │ ├── get-all-apple-notes-from-folder.sh │ ├── get-all-apple-notes.sh │ └── get-apple-note.sh ├── docs │ ├── gotchas.md │ └── single-commands.md ├── legacy │ ├── legacy-create-user.sh │ └── legacy-install-chrome.sh ├── macos_defaults.md ├── maintenance │ ├── dep-reset-high-sierra.sh │ ├── dep-reset-sierra.sh │ ├── enable-dark-mode.sh │ ├── print-device-info.sh │ ├── reset-screensharing.sh │ ├── too-many-corpses.sh │ ├── update-file-descriptor-limit.sh │ └── update-mac-name.sh ├── setup │ ├── companies │ │ ├── buyboxexperts │ │ │ └── deploy-bbe-mac.command │ │ └── easypost │ │ │ ├── add_user.command │ │ │ └── api-support-setup.command │ └── personal │ │ ├── README.md │ │ └── deploy-personal-mac.sh └── sms │ └── send_sms.scpt ├── raspberry-pi ├── README.md ├── install-docker-compose.sh ├── install-docker.sh ├── install-ssh.sh └── install-teamviewer.sh ├── ubios ├── README.md ├── backups │ └── download_config_backups.sh └── on-boot │ └── 15-add-root-ssh-keys.sh ├── vagrant ├── README.md ├── Vagrantfile └── scripts │ ├── install.bat │ ├── install.sh │ └── provision.sh └── windows ├── README.md ├── maintenance ├── spring-clean.ps1 └── update-windows.ps1 ├── other └── program-healthcheck.bat ├── pranks └── blow-up-cmd.bat └── setup ├── setup-windows.ps1 ├── setup-wsl-shell.sh └── setup-wsl.ps1 /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: [push, pull_request] 4 | 5 | jobs: 6 | sh-checker: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/checkout@v4 10 | - uses: luizm/action-sh-checker@master 11 | env: 12 | SHFMT_OPTS: -i 4 -d 13 | # windows-scripts: 14 | # runs-on: windows-latest 15 | # steps: 16 | # - uses: actions/checkout@v4 17 | # - name: Run Powershell scripts 18 | # run: | 19 | # Set-ExecutionPolicy -ExecutionPolicy RemoteSigned 20 | # src/windows/setup/setup-windows 21 | # src/windows/maintenance/spring-clean 22 | # src/windows/maintenance/update-windows 23 | # shell: powershell 24 | # vagrant-install-macos: 25 | # runs-on: macos-latest 26 | # steps: 27 | # - uses: actions/checkout@v4 28 | # - uses: Homebrew/actions/setup-homebrew@master 29 | # - run: ./src/vagrant/scripts/install.sh 30 | # vagrant-install-windows: 31 | # runs-on: windows-latest 32 | # steps: 33 | # - uses: actions/checkout@v4 34 | # - run: src/vagrant/scripts/install.bat 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .idea 3 | venv 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Justin Hammond 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 | 3 | # OS Scripting 4 | 5 | A collection of macOS, Linux, Windows, and other operating system scripts that can be used to automate deploying and administering computers. 6 | 7 | [![Build Status](https://github.com/Justintime50/os-scripting/workflows/build/badge.svg)](https://github.com/Justintime50/os-scripting/actions) 8 | [![Licence](https://img.shields.io/github/license/justintime50/os-scripting)](LICENSE) 9 | 10 | Showcase 11 | 12 |
13 | 14 | This project is intended to save IT professionals valuable hours, reduce user error, and provide consistency configuring computers. OS Scripting contains scripts to troubleshoot typical OS problems, configure and deploy new machines, and administer other machines - perfect for a fleet of devices or just as a template to script for your own device. 15 | 16 | ## Usage 17 | 18 | Each operating system has a separate folder in the `src` directory with its own `README` file describing the available scripts and how to use them. 19 | 20 | **Note:** Some of the macOS and Linux scripts can be used on either OS. 21 | 22 | * [Linux Scripting](src/linux/README.md) 23 | * [macOS Scripting](src/macos/README.md) 24 | * [Raspberry Pi Scripting](src/raspberry-pi/README.md) 25 | * [UbiOS Scripting](src/ubios/README.md) 26 | * [Vagrant Scripting](src/vagrant/README.md) 27 | * [Windows Scripting](src/windows/README.md) 28 | -------------------------------------------------------------------------------- /src/linux/README.md: -------------------------------------------------------------------------------- 1 | # Linux Scripts 2 | 3 | A collection of Linux scripts that can be used to automate deploying and administering Linux devices. 4 | 5 | ## Scripts 6 | 7 | ## Maintenance 8 | 9 | Scripts to administer and maintain a Linux system. 10 | -------------------------------------------------------------------------------- /src/linux/maintenance/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This script updates all packages and reboots the system. Intended to be setup on a cron in the middle of the night 4 | 5 | main() { 6 | echo "Updating Linux... the system will reboot once complete." 7 | update 8 | } 9 | 10 | update() { 11 | sudo apt-get update 12 | sudo apt-get upgrade 13 | sudo reboot 14 | } 15 | 16 | main 17 | -------------------------------------------------------------------------------- /src/macos/README.md: -------------------------------------------------------------------------------- 1 |
2 | 3 | # macOS Scripts 4 | 5 | A collection of macOS scripts that can be used to automate deploying and administering macOS devices. 6 | 7 | Showcase 8 | 9 |
10 | 11 | ## Scripts 12 | 13 | ### Companies 14 | 15 | The `companies` folder contains scripts I built at the companies I've worked with either for deploying machines or troubleshooting issues. 16 | 17 | ### Legacy 18 | 19 | The `legacy` folder contains depricated scripts replaced elsewhere. 20 | 21 | ### Personal 22 | 23 | The `personal` folder contains opinionated scripts I've used for re-deploying my personal machine and server. 24 | 25 | **NOTE:** Personal scripts should be used in conjuction with my [Dotfiles project](https://github.com/Justintime50/dotfiles) as no configuration happens in these personal scripts. 26 | 27 | ### Troubleshooting 28 | 29 | The `troubleshooting` folder contains scripts that can be used to troubleshoot macOS. 30 | 31 | ## Docs 32 | 33 | ### Single Commands 34 | 35 | See the [Single Commands](src/docs/single-commands.md) doc for info on useful terminal commands. 36 | 37 | ### Gotchas 38 | 39 | See the [Gotchas](src/docs/gotchas.md) doc for gotchas on administering macOS in enterprise. 40 | 41 | ## Usage 42 | 43 | To run a script without downloading this entire project, use the following. Change out the name/destination of the script in this repo in the command below: 44 | 45 | ```bash 46 | # NOTE: not all scripts in this project can be run this way, some require being downloaded which is the recommended approach 47 | bash <(curl -s https://raw.githubusercontent.com/Justintime50/os-scripting/refs/heads/main/src/linux/setup/deploy-ubuntu-server.sh) 48 | ``` 49 | 50 | ### Creating Scripts 51 | 52 | 1. When creating a new script, save the file with the `.sh` extension to execute from a terminal or `.command` for double click execution. 53 | 1. Make the file executable, replace FILENAME with the name of your file: 54 | 55 | ```bash 56 | chmod 755 FILENAME 57 | ``` 58 | 59 | ### Running Scripts 60 | 61 | If a script has the `.command` extension, the file can simply be double clicked like any program. 62 | 63 | If a script ends with the `.sh` extension, either drag the script file into the terminal or navigate to the directory it's housed in and run `./script-name.sh` and hit enter. 64 | 65 | ## Attribution 66 | 67 | * [Scripting the "Notes" Application](https://www.macosxautomation.com/applescript/notes/index.html) 68 | * [Export Notes via AppleScript](https://gist.github.com/jthigpen/5067358) 69 | -------------------------------------------------------------------------------- /src/macos/apple-notes/get-all-apple-notes-from-folder.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Grab all notes from the Apple Notes application in a specific folder 4 | # Returns all the notes as a single HTML blob 5 | # NOTE: This will not grab photos imbedded in notes 6 | # https://support.apple.com/guide/textedit/work-with-html-documents-txted0b6cd61/mac 7 | 8 | echo "Getting Apple Notes, this could take some time..." 9 | echo "DO NOT activate other windows during this process!" 10 | 11 | # Wrap in osascript so we can use bash echo above ^ 12 | osascript <\n" 27 | set noteText to noteText & "

" & (name of singleNote as string) & "

\n" 28 | set noteText to noteText & "

Creation Date: " & (creation date of singleNote as string) & "

\n" 29 | set noteText to noteText & "

Modification Date: " & (modification date of singleNote as string) & "

\n" 30 | set noteText to noteText & (body of singleNote as string) & "\n\n" 31 | 32 | # Save the output to TextEdit 33 | tell application "TextEdit" 34 | activate 35 | set oldText to text of document 1 36 | set text of document 1 to oldText & noteText 37 | end tell 38 | end repeat 39 | end tell 40 | end tell 41 | EOD 42 | -------------------------------------------------------------------------------- /src/macos/apple-notes/get-all-apple-notes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Grab all notes from the Apple Notes application, returns all the notes as a single HTML blob 4 | # NOTE: This will not grab photos imbedded in notes 5 | # https://support.apple.com/guide/textedit/work-with-html-documents-txted0b6cd61/mac 6 | 7 | echo "Getting all Apple Notes, this could take some time..." 8 | echo "DO NOT activate other windows during this process!" 9 | 10 | # Wrap in osascript so we can use bash echo above ^ 11 | osascript <\n" 26 | set noteText to noteText & "

" & (name of singleNote as string) & "

\n" 27 | set noteText to noteText & "

Creation Date: " & (creation date of singleNote as string) & "

\n" 28 | set noteText to noteText & "

Modification Date: " & (modification date of singleNote as string) & "

\n" 29 | set noteText to noteText & (body of singleNote as string) & "\n\n" 30 | 31 | # Save the output to TextEdit 32 | tell application "TextEdit" 33 | activate 34 | set oldText to text of document 1 35 | set text of document 1 to oldText & noteText 36 | end tell 37 | end repeat 38 | end tell 39 | end tell 40 | EOD 41 | -------------------------------------------------------------------------------- /src/macos/apple-notes/get-apple-note.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Grab an single note from the Apple Notes application, returns the note as HTML 4 | # NOTE: This will not grab photos imbedded in notes 5 | 6 | osascript < and with desired values. For a standard account, remove "-admin" 4 | 5 | ```bash 6 | sudo sysadminctl -addUser -password -fullName "Real Name Here" -admin 7 | ``` 8 | 9 | ## enables Secure Token required to unlock FileVault Disks in 10.13+ 10 | 11 | ```bash 12 | sysadminctl -adminUser -adminPassword - -secureTokenOn admin -password 13 | ``` 14 | 15 | ## Remove User 16 | 17 | ```bash 18 | sudo dscl . delete /Users/username # remove user 19 | sudo rm -rf /Users/username # remove home folder 20 | ``` 21 | 22 | ## Enable/Disable FileVault 23 | 24 | ```bash 25 | sudo fdesetup disable 26 | ``` 27 | 28 | ## Disable Filevault (requires restart, 0 for disabled, 1 for enabled) 29 | 30 | ```bash 31 | sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 0 32 | ``` 33 | 34 | ## Enable Remote Management (only works on 10.13 and earlier to have control, otherwise this must be enabled via GUI in System Preferences) 35 | 36 | ```bash 37 | sudo systemsetup -setremotelogin on 38 | 39 | sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu 40 | ``` 41 | 42 | ## Erase Touchbar Data 43 | 44 | ```bash 45 | xartutil --erase-all 46 | ``` 47 | 48 | ## Force Password Reset 49 | 50 | ```bash 51 | pwpolicy -a adminuser -u usertoforcechange -setpolicy "newPasswordRequired=1" 52 | ``` 53 | Replace "adminuser" with the user authenticating the policy and "usertoforcechange" to the user you want to force the password reset on 54 | 55 | ## Jamf Enrollment 56 | 57 | ```bash 58 | sudo profiles renew -type enrollment 59 | ``` 60 | 61 | ## Software Update 62 | 63 | ```bash 64 | sudo softwareupdate -l -i -a 65 | ``` 66 | 67 | ## View User Groups 68 | 69 | ```bash 70 | id -G USERNAME 71 | ``` 72 | 73 | ## Add admin permisisons 74 | 75 | ```bash 76 | dseditgroup -o edit -a USERNAME admin 77 | ``` 78 | 79 | ## Remove admin permissions 80 | 81 | ```bash 82 | dseditgroup -o edit -d USERNAME admin 83 | ``` 84 | -------------------------------------------------------------------------------- /src/macos/legacy/legacy-create-user.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This is a deprecated approach to creating a user and should only be used on Sierra and earlier. 4 | 5 | sudo dscl . -create /Users/username # swap username for the one-word username of the user 6 | sudo dscl . -create /Users/username UserShell /bin/bash # sets the default shell 7 | sudo dscl . -create /Users/username RealName "NAME HERE" # swap the name in quotes for the user's real name 8 | sudo dscl . -create /Users/username UniqueID 1001 # give the user a unique ID not used by another user 9 | sudo dscl . -create /Users/username PrimaryGroupID 20 # assign the group id to the user - 20 is staff, 80 is administrator. 20 is default 10 | sudo dscl . -create /Users/username NFSHomeDirectory /Users/username # creates a home folder, swap username for the real username, won't be created until first login 11 | sudo dscl . -passwd /Users/username password # swap password for the users password 12 | sudo dscl . -append /Groups/admin GroupMembership username # This gives the new user administrative privileges. To make the new account a limited user account, skip this step. 13 | -------------------------------------------------------------------------------- /src/macos/legacy/legacy-install-chrome.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This is a method to install Chrome without Homebrew. 4 | 5 | # Navigate to downloads 6 | cd Downloads || exit 7 | 8 | # Download Chrome 9 | wget https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg 10 | 11 | # Open and copy Chrome 12 | open googlechrome.dmg 13 | sudo cp -r /Volumes/Google\ Chrome/Google\ Chrome.app /Applications/ 14 | -------------------------------------------------------------------------------- /src/macos/macos_defaults.md: -------------------------------------------------------------------------------- 1 | # macOS Apple Defaults 2 | 3 | ```bash 4 | # The following are examples of `defaults` commands: 5 | defaults help 6 | defaults domains 7 | defaults read com.apple.finder 8 | defaults find ${word} 9 | defaults write com.apple.finder ShowHardDrivesOnDesktop -bool true 10 | ``` 11 | 12 | The following is a list of `defaults` that are standard from Apple: 13 | 14 | com.apple.AMPDevicesAgent 15 | com.apple.AMPLibraryAgent 16 | com.apple.Accessibility 17 | com.apple.ActivityMonitor 18 | com.apple.AdLib 19 | com.apple.AddressBook 20 | com.apple.AppStore 21 | com.apple.AppleMediaServices 22 | com.apple.AppleMediaServices.notbackedup 23 | com.apple.AppleMediaServicesUI 24 | com.apple.AppleMultitouchMouse 25 | com.apple.AppleMultitouchTrackpad 26 | com.apple.Automator 27 | com.apple.AvatarUI.Staryu 28 | com.apple.BKAgentService 29 | com.apple.BezelServices 30 | com.apple.CalendarAgent 31 | com.apple.CalendarNotification.CalNCService 32 | com.apple.CallHistorySyncHelper 33 | com.apple.CharacterPicker 34 | com.apple.CloudKit 35 | com.apple.CloudPhotosConfiguration 36 | com.apple.CommCenter.counts 37 | com.apple.Console 38 | com.apple.CoreDuet 39 | com.apple.CoreGraphics 40 | com.apple.DataDeliveryServices 41 | com.apple.DiagnosticExtensions.extensionTracker 42 | com.apple.Dictionary 43 | com.apple.DictionaryServices 44 | com.apple.EmojiCache 45 | com.apple.EmojiPreferences 46 | com.apple.FaceTime 47 | com.apple.FolderActionsDispatcher 48 | com.apple.FontRegistry.user 49 | com.apple.GEO 50 | com.apple.HIToolbox 51 | com.apple.MCX 52 | com.apple.Maps 53 | com.apple.Messages 54 | com.apple.MobileSMS 55 | com.apple.Music 56 | com.apple.Music.eq 57 | com.apple.NewDeviceOutreach 58 | com.apple.Preferences 59 | com.apple.Preview 60 | com.apple.Preview.ViewState 61 | com.apple.PubSubAgent 62 | com.apple.QuickLookDaemon 63 | com.apple.Safari.PasswordBreachAgent 64 | com.apple.Safari.SafeBrowsing 65 | com.apple.Safari.SandboxBroker 66 | com.apple.SafariBookmarksSyncAgent 67 | com.apple.ScreenTimeAgent 68 | com.apple.ServicesMenu.Services 69 | com.apple.SetupAssistant 70 | com.apple.SharedWebCredentials 71 | com.apple.Siri 72 | com.apple.Siri.SiriTodayExtension 73 | com.apple.SiriNCService 74 | com.apple.SocialPushAgent 75 | com.apple.SoftwareUpdate 76 | com.apple.SpeechRecognitionCore 77 | com.apple.Spotlight 78 | com.apple.SystemProfiler 79 | com.apple.TMHelperAgent 80 | com.apple.TTY 81 | com.apple.TV 82 | com.apple.TelephonyUtilities 83 | com.apple.Terminal 84 | com.apple.TextEdit 85 | com.apple.TextInputMenu 86 | com.apple.TextInputMenuAgent 87 | com.apple.UIKit 88 | com.apple.UserAccountUpdater 89 | com.apple.accessibility.universalAccessAuthWarn 90 | com.apple.accounts 91 | com.apple.accountsd 92 | com.apple.amp.mediasharingd 93 | com.apple.amsengagementd 94 | com.apple.animoji 95 | com.apple.ap.adprivacyd 96 | com.apple.appstore 97 | com.apple.appstore.commerce 98 | com.apple.appstored 99 | com.apple.assistant 100 | com.apple.assistant.backedup 101 | com.apple.assistant.support 102 | com.apple.assistantd 103 | com.apple.bird 104 | com.apple.bookstoreagent 105 | com.apple.calculateframework 106 | com.apple.classroom 107 | com.apple.cloudd 108 | com.apple.cloudpaird 109 | com.apple.cloudphotod 110 | com.apple.cmfsyncagent 111 | com.apple.commcenter 112 | com.apple.commcenter.callservices 113 | com.apple.commcenter.data 114 | com.apple.commerce 115 | com.apple.commerce.configurator 116 | com.apple.commerce.knownclients 117 | com.apple.configurator.ui.commerce 118 | com.apple.contacts.donation-agent 119 | com.apple.controlcenter 120 | com.apple.controlstrip 121 | com.apple.coreauthd 122 | com.apple.corerecents.recentsd 123 | com.apple.coreservices.UASharedPasteboardProgressUI 124 | com.apple.coreservices.uiagent 125 | com.apple.coreservices.useractivityd 126 | com.apple.coreservices.useractivityd.dynamicuseractivites 127 | com.apple.corespotlightui 128 | com.apple.dock 129 | com.apple.driver.AppleBluetoothMultitouch.mouse 130 | com.apple.driver.AppleBluetoothMultitouch.trackpad 131 | com.apple.driver.AppleHIDMouse 132 | com.apple.facetime.bag 133 | com.apple.fileproviderd 134 | com.apple.finder 135 | com.apple.frameworks.diskimages.diuiagent 136 | com.apple.gamecenter 137 | com.apple.gamed 138 | com.apple.helpviewer 139 | com.apple.homed 140 | com.apple.homed.notbackedup 141 | com.apple.iApps 142 | com.apple.iBooksX 143 | com.apple.iBooksX.commerce 144 | com.apple.iCal 145 | com.apple.iChat 146 | com.apple.iChat.AIM 147 | com.apple.iChat.Jabber 148 | com.apple.iPod 149 | com.apple.iTunes 150 | com.apple.iTunes.eq 151 | com.apple.iWork.Numbers 152 | com.apple.iWork.Pages 153 | com.apple.icloud.fmfd 154 | com.apple.icloud.fmfd.notbackedup 155 | com.apple.icloud.fmip.clientconfiguration 156 | com.apple.icloud.fmip.voiceassistantsync 157 | com.apple.icloud.fmip.voiceassistantsync.invalidation 158 | com.apple.icloud.searchpartyuseragent 159 | com.apple.identityservices.idstatuscache 160 | com.apple.identityservicesd 161 | com.apple.ids.deviceproperties 162 | com.apple.ids.subservices 163 | com.apple.imagecapture 164 | com.apple.imagent 165 | com.apple.imdpersistence.IMDPersistenceAgent 166 | com.apple.imessage 167 | com.apple.imessage.bag 168 | com.apple.imservice.ids.FaceTime 169 | com.apple.imservice.ids.iMessage 170 | com.apple.internal.ck 171 | com.apple.ipTelephony 172 | com.apple.itunescloud 173 | com.apple.itunescloud.daemon 174 | com.apple.itunesstored 175 | com.apple.keyboard 176 | com.apple.keyboardservicesd 177 | com.apple.keychainaccess 178 | com.apple.locationmenu 179 | com.apple.loginwindow 180 | com.apple.lookup 181 | com.apple.madrid 182 | com.apple.mediaanalysisd 183 | com.apple.menuextra.battery 184 | com.apple.menuextra.clock 185 | com.apple.messages.facetime 186 | com.apple.messages.nicknames 187 | com.apple.messageshelper.AlertsController 188 | com.apple.messageshelper.MessageController 189 | com.apple.mmcs 190 | com.apple.mobiletimer 191 | com.apple.ncplugin.calculator 192 | com.apple.ncplugin.stocks 193 | com.apple.ncplugin.weather 194 | com.apple.ncprefs 195 | com.apple.news.tag 196 | com.apple.news.widget 197 | com.apple.news.widgetintents 198 | com.apple.newscore 199 | com.apple.newscore2 200 | com.apple.notificationcenterui 201 | com.apple.parsecd 202 | com.apple.passd 203 | com.apple.photoanalysisd 204 | com.apple.photolibraryd 205 | com.apple.photos.shareddefaults 206 | com.apple.preference.general 207 | com.apple.preferences.extensions.ServicesWithUI 208 | com.apple.preferences.extensions.ShareMenu 209 | com.apple.preferences.softwareupdate 210 | com.apple.print.add 211 | com.apple.proactive.PersonalizationPortrait 212 | com.apple.protectedcloudstorage.protectedcloudkeysyncing 213 | com.apple.quicklook.QuickLookUIService 214 | com.apple.quicklook.ThumbnailsAgent 215 | com.apple.rapport 216 | com.apple.registration 217 | com.apple.remindd 218 | com.apple.remindd.babysitter 219 | com.apple.reminders 220 | com.apple.reminders.RemindersNC 221 | com.apple.routined 222 | com.apple.scheduler 223 | com.apple.screencapture 224 | com.apple.screencaptureui 225 | com.apple.screensaver 226 | com.apple.scriptmenu 227 | com.apple.security.KCN 228 | com.apple.security.cloudkeychainproxy3.keysToRegister 229 | com.apple.security.ctkd-db 230 | com.apple.security.pboxd 231 | com.apple.security.sosaccount 232 | com.apple.sharingd 233 | com.apple.siri.DialogEngine 234 | com.apple.siri.context.service 235 | com.apple.siri.embeddedspeech 236 | com.apple.siri.media-indexer 237 | com.apple.spaces 238 | com.apple.speakerrecognition 239 | com.apple.speech.recognition.AppleSpeechRecognition.prefs 240 | com.apple.speech.voice.prefs 241 | com.apple.stockholm 242 | com.apple.stocks 243 | com.apple.stocks.account 244 | com.apple.stocks.detailintents 245 | com.apple.stocks.widget 246 | com.apple.stocks2 247 | com.apple.storeagent 248 | com.apple.studentd 249 | com.apple.suggestd 250 | com.apple.suggestions 251 | com.apple.symbolichotkeys 252 | com.apple.syncdefaultsd 253 | com.apple.syncserver 254 | com.apple.systempreferences 255 | com.apple.systemuiserver 256 | com.apple.talagent 257 | com.apple.textInput.keyboardServices.textReplacement 258 | com.apple.touchbar.agent 259 | com.apple.tourist 260 | com.apple.touristd 261 | com.apple.translationd 262 | com.apple.triald 263 | com.apple.universalaccess 264 | com.apple.universalaccessAuthWarning 265 | com.apple.voicetrigger 266 | com.apple.weather.internal 267 | com.apple.wifi.keychain-format 268 | com.apple.xpc.activity2 269 | -------------------------------------------------------------------------------- /src/macos/maintenance/dep-reset-high-sierra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script resets the DEP Enrollment prompt for High Sierra and later. 4 | 5 | rm /volumes/Macintosh\ HD/var/db/.AppleSetupDone 6 | rm /volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Setup/.profileSetupDone 7 | cd /volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Store/ || exit 8 | rm -rf ./* 9 | cd /volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/ || exit 10 | rm -rf .[^.]* 11 | shutdown -r now 12 | -------------------------------------------------------------------------------- /src/macos/maintenance/dep-reset-sierra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script resets the DEP Enrollment prompt for Sierra and earlier. 4 | 5 | rm /volumes/Macintosh\ HD/var/db/.AppleSetupDone 6 | rm /volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Store/Conf* 7 | cd /volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/ || exit 8 | rm -rf .[^.]* 9 | shutdown -r now 10 | -------------------------------------------------------------------------------- /src/macos/maintenance/enable-dark-mode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Enable macOS Dark Mode 4 | 5 | echo "Enabling Dark Mode..." 6 | 7 | osascript <\(.*\).*|\1|' 11 | 12 | echo Serial: 13 | system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' 14 | -------------------------------------------------------------------------------- /src/macos/maintenance/reset-screensharing.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Resets the screensharing service 4 | 5 | sudo launchctl unload /System/Library/LaunchDaemons/com.apple.screensharing.plist 6 | sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist 7 | -------------------------------------------------------------------------------- /src/macos/maintenance/too-many-corpses.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Use this script if you encounter the "Opendirectoryd too many corpses being created" error on macOS 4 | # This script must be run from a recovery-mode terminal 5 | # Attribution: https://apple.stackexchange.com/questions/322509/opendirectoryd-too-many-corpses-being-created 6 | 7 | main() { 8 | cd /Volumes/Macintosh\ HD/var/db/caches/opendirectory || exit 1 9 | mv ./mbr_cache ./mbr_cache-old 10 | shutdown -r now 11 | } 12 | 13 | main 14 | -------------------------------------------------------------------------------- /src/macos/maintenance/update-file-descriptor-limit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Updates the limit of file descriptors you can have 4 | 5 | sudo launchctl limit maxfiles 1024 unlimited 6 | -------------------------------------------------------------------------------- /src/macos/maintenance/update-mac-name.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Update the Mac's name throughout the system. 4 | # Usage: ./update-mac-name.sh "My New Computer Name" 5 | 6 | main() { 7 | NEW_COMPUTER_NAME="$1" 8 | 9 | sudo scutil --set ComputerName "$NEW_COMPUTER_NAME" 10 | sudo scutil --set HostName "$NEW_COMPUTER_NAME" 11 | sudo scutil --set LocalHostName "$NEW_COMPUTER_NAME" 12 | 13 | dscacheutil -flushcache 14 | 15 | echo -e "Script complete.\n\nPress to restart for changes to take effect." 16 | read -rn 1 17 | sudo -S shutdown -h now 18 | } 19 | 20 | main "$1" 21 | -------------------------------------------------------------------------------- /src/macos/setup/companies/buyboxexperts/deploy-bbe-mac.command: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################### 4 | ## DEPLOY NEW MAC SCRIPT ## 5 | ########################### 6 | 7 | # Initialization 8 | echo -e "BBE macOS deployment script started...\n" 9 | USER=$(id -u -n) # explicitly assign user regardless of login or access 10 | echo -n "Current User's Password: " 11 | read -rs PASSWORD 12 | echo "" 13 | echo -n "BBE Admin Password (found in 1Password): " 14 | read -rs ADMINPASSWORD 15 | echo "" 16 | 17 | # Install Command Line Tools (will require user input on pop-up window) 18 | echo "Initializing tools, please acknowledge pop-up windows..." 19 | xcode-select --install 20 | 21 | # Install Homebrew 22 | echo "$PASSWORD" | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" 23 | 24 | # Create the BBE Admin user and explicitly add SecureToken 25 | echo "Creating BBE Admin user..." 26 | echo "$PASSWORD" | sudo -S sysadminctl -addUser admin -password "$ADMINPASSWORD" -fullName "BBE Admin" -admin 27 | 28 | # Assign variables to initialize computer name 29 | MODEL=$(sysctl hw.model | sed 's/[0-9, ]//g' | cut -c 10-) 30 | YEAR=$(curl -s https://support-sp.apple.com/sp/product?cc=JG5J | grep -o '\d\d\d\d' | cut -c 3-) 31 | SERIAL=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' | cut -c 7-) 32 | 33 | # Change computer name 34 | echo "Updating computer name..." 35 | COMPUTER_NAME=$MODEL$YEAR-$SERIAL 36 | echo "$PASSWORD" | sudo -S scutil --set ComputerName "$COMPUTER_NAME" 37 | echo "$PASSWORD" | sudo -S scutil --set HostName "$COMPUTER_NAME" 38 | echo "$PASSWORD" | sudo -S scutil --set LocalHostName "$COMPUTER_NAME" 39 | echo "$PASSWORD" | sudo -S defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "$COMPUTER_NAME" 40 | dscacheutil -flushcache # flush the DNS cache for good measure 41 | 42 | # Turn on Firewall (will require a restart before it shows on) 43 | echo "Turning on firewall..." 44 | echo "$PASSWORD" | sudo -S defaults write /Library/Preferences/com.apple.alf globalstate -int 1 45 | 46 | # Enable Remote Management (will require additional configuration through System Preferences for Mojave 10.14 and higher) 47 | echo "Turning on remote management & login..." 48 | echo "$PASSWORD" | sudo -S systemsetup -setremotelogin on 49 | echo "$PASSWORD" | sudo -S /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu 50 | 51 | # Install Google Chrome 52 | echo "Installing apps..." 53 | brew cask install google-chrome 54 | 55 | # Force a password reset on the *current* user upon login 56 | echo "Cleaning up..." 57 | echo "$PASSWORD" | sudo -S pwpolicy -a "$USER" -u "$USER" -setpolicy "newPasswordRequired=1" 58 | 59 | # Open Jamf Enrollment Page & Run DEP Enrollment Command (only one is necessary depending on how the device was purchased) 60 | open https://9ghcfm.jamfcloud.com 61 | echo "$PASSWORD" | sudo -S profiles renew -type enrollment 62 | echo -e "\nNOTE: Use the Open Enrollment webpage if macs were NOT bought directly from our DEP Authorized Supplier. Otherwise, check Profiles under System Preferences to verify this Mac has been enrolled.\n" 63 | 64 | # Check for updates and restart 65 | echo "$PASSWORD" | sudo -S softwareupdate -i -a 66 | echo -e "Script complete.\nPlease check for errors and ensure this Mac is enrolled before proceeding.\n\nPress to shutdown and update." 67 | read -rn 1 68 | echo "Shutting down..." 69 | sleep 5 70 | history -c 71 | echo "$PASSWORD" | sudo -S shutdown -h now 72 | -------------------------------------------------------------------------------- /src/macos/setup/companies/easypost/add_user.command: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ===================== 4 | # Add User macOS Script 5 | # ===================== 6 | 7 | { # Wrap script in error logging 8 | 9 | # Check that the EPENROLL volume is mounted and named properly, otherwise installing apps won't work 10 | cd /volumes/EPENROLL || echo "The EPENROLL volume (USB) is not mounted or named properly. Please fix this before proceeding." 11 | echo "Starting EP Add User Script..." 12 | 13 | # Check to make sure that filevault is already started. 14 | EXPECTEDFILEVAULTSTATUS="FileVault is On." 15 | FILEVAULTSTATUSCHECK=$(fdesetup status | grep -c "$EXPECTEDFILEVAULTSTATUS") 16 | if [ "$FILEVAULTSTATUSCHECK" -eq 0 ]; then 17 | echo "Filevault is not configured. Please ensure Filevault has been set up before running." 18 | exit 1 19 | fi 20 | 21 | # === Typically, this is all the info the tech needs to enter === 22 | USERINFO="N" 23 | while ! [[ $USERINFO = "Y" || $USERINFO = "y" ]]; do 24 | echo "Enter epadmin password" 25 | read -sr ADMINPASS 26 | 27 | echo "Enter the desired username for the new account: " 28 | read -r NEWUSERNAME 29 | 30 | echo "Enter a full name for this user: " 31 | read -r FULLNAME 32 | 33 | echo "Enter a password for this user: " 34 | read -r PASSWORD 35 | 36 | echo "Full Name: $FULLNAME" 37 | echo "Username: $NEWUSERNAME" 38 | echo "Password Entered: $PASSWORD" 39 | 40 | if [[ -z "${NEWUSERNAME// /}" ]]; then 41 | echo "Username cannot be blank" 42 | else 43 | echo "Is this info correct? y/N" 44 | read -r USERINFO 45 | fi 46 | done 47 | 48 | # Check epadmin password to make sure it's valid before proceeding 49 | echo "$ADMINPASS" | sudo -S echo "Testing password match..." || { 50 | echo 'The epadmin password you provided does not match, please restart the script with the correct password.' 51 | exit 1 52 | } 53 | echo "epadmin password matched" 54 | 55 | # Setup user groups 56 | echo "Is this an administrative user? (y/N)" 57 | read -r GROUP_ADD 58 | case $GROUP_ADD in 59 | y | Y) echo "yes" ;; 60 | n | N) echo "no" ;; 61 | *) echo "y or n (Boolean) input required" ;; # TODO: This doesn't repeat the prompt if the user clicks something other than y or n, it actually just continues 62 | esac 63 | 64 | if [[ $GROUP_ADD = "n" || $GROUP_ADD = "N" ]]; then 65 | SECONDARY_GROUPS="staff _lpadmin" # for a non-admin user 66 | else 67 | [[ $GROUP_ADD = "y" || $GROUP_ADD = "Y" ]] 68 | SECONDARY_GROUPS="admin _lpadmin _appserveradm _appserverusr" 69 | fi 70 | 71 | # Setting up Temp Space for Downloads 72 | temp=$TMPDIR$(uuidgen) 73 | mkdir -p "$temp"/mount 74 | 75 | echo "Have you downloaded default assets to EPENROLL? (y/N)" 76 | read -r ASSETCHOICE 77 | case $ASSETCHOICE in 78 | y | Y) echo "yes" ;; 79 | n | N) echo "no" ;; 80 | *) echo "y or n (Boolean) input required" ;; # TODO: This doesn't repeat the prompt if the user clicks something other than y or n, it actually just continues 81 | esac 82 | 83 | if [[ $ASSETCHOICE = "n" || $ASSETCHOICE = "N" ]]; then 84 | echo "Downloading Assets..." 85 | curl -s https://easypost-infotech-files.s3.amazonaws.com/default_install/MerakiSM-Agent-easypost-corp-mdm.pkg >MerakiSM-Agent-easypost-corp-mdm.pkg 86 | curl -s https://easypost-infotech-files.s3.amazonaws.com/default_install/Brother_PrinterDrivers_ColorLaser.pkg >Brother_PrinterDrivers_ColorLaser.pkg 87 | curl -s https://easypost-infotech-files.s3.amazonaws.com/default_install/RingCentral%20Phone.zip >RingCentral%20Phone.zip 88 | curl -s https://easypost-infotech-files.s3.amazonaws.com/default_install/Slack.zip >Slack.zip 89 | else 90 | [[ $ASSETCHOICE = "y" || $ASSETCHOICE = "Y" ]] #; then 91 | echo "Assets downloaded, continuing..." 92 | fi 93 | 94 | # Install Meraki Agent 95 | echo "Has this machine been imaged or ever had the Meraki agent installed on it? (y/N)" 96 | read -r MERAKICHOICE 97 | case "$MERAKICHOICE" in 98 | y | Y) echo "yes" ;; 99 | n | N) echo "no" ;; 100 | *) echo "y or n (Boolean) input required" ;; # TODO: This doesn't repeat the prompt if the user clicks something other than y or n, it actually just continues 101 | esac 102 | 103 | if [[ $MERAKICHOICE = "n" || $MERAKICHOICE = "N" ]]; then 104 | echo "Please deploy agent from the Meraki DEP console" 105 | echo "Enabling Location services" 106 | echo "$ADMINPASS" | sudo -S /usr/bin/defaults -currentHost write com.apple.locationd LocationServicesEnabled -int 1 107 | else 108 | [[ $MERAKICHOICE = "y" || $MERAKICHOICE = "Y" ]] #; then 109 | echo "$ADMINPASS" | sudo -S installer -pkg MerakiSM-Agent-easypost-corp-mdm.pkg -target / 110 | echo "Meraki Agent installed" 111 | fi 112 | 113 | # Install Brother printer drivers 114 | echo "Installing Brother Printer Drivers" 115 | echo "$ADMINPASS" | sudo -S installer -pkg Brother_PrinterDrivers_ColorLaser.pkg -target / 116 | echo "Brother Drivers installed" 117 | 118 | # Create user account 119 | echo "Creating User Account" 120 | export HISTIGNORE='*sudo -S*' 121 | echo "$ADMINPASS" | sudo -S sysadminctl -adminUser epadmin -adminPassword "$ADMINPASS" -addUser "$NEWUSERNAME" -fullName "$FULLNAME" -password "$PASSWORD" 122 | 123 | # Add user to any specified groups 124 | echo "Adding user to specified groups..." 125 | for GROUP in $SECONDARY_GROUPS; do 126 | echo "$ADMINPASS" | sudo -S dseditgroup -o edit -t user -a "$NEWUSERNAME" "$GROUP" 127 | done 128 | 129 | # User Creation Finished 130 | echo "Created user #$USERID: $NEWUSERNAME ($FULLNAME)" 131 | 132 | # Copy Viscosity default prefs + Dock Default Prefs 133 | echo "Copying Viscosity preferences" 134 | echo "$ADMINPASS" | sudo -S cp xml/com.viscosityvpn.Viscosity.plist /Users/"$NEWUSERNAME"/Library/Preferences/ 135 | echo "$ADMINPASS" | sudo -S cp xml/com.apple.dock.plist /Users/"$NEWUSERNAME"/Library/Preferences 136 | echo "$ADMINPASS" | sudo -S chown "$NEWUSERNAME" /Users/"$NEWUSERNAME"/Library/Preferences/com.viscosityvpn.Viscosity.plist 137 | 138 | # Install Dockutil 139 | echo "$ADMINPASS" | sudo -S cp xml/dockutil /usr/local/sbin/ 140 | 141 | # Updating MacOS 142 | echo "Updating macOS" 143 | echo "$ADMINPASS" | sudo -S softwareupdate -l -ir 144 | 145 | # Install Chrome 146 | echo "Downloading Chrome" 147 | tmpfile=$temp/chrome.dmg 148 | curl -L https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg >"$tmpfile" 149 | yes | hdiutil attach -noverify -nobrowse -mountpoint "$temp"/mount "$tmpfile" 150 | echo "$ADMINPASS" | sudo -S cp -r "$temp"/mount/*.app /Applications 151 | hdiutil detach "$temp"/mount 152 | echo "$ADMINPASS" | sudo -S rm -r "$tmpfile" 153 | sleep 8 154 | open -a Google\ Chrome # We auto-launch Chrome so auto-updates can be initiated. 155 | sleep 10 156 | killall "Google Chrome" 157 | sleep 7 158 | open -a Google\ Chrome 159 | echo "Chrome Installed. Please verify automatic updates are enabled." 160 | 161 | # Copy Slack into Apps folder 162 | echo "$ADMINPASS" | sudo -S mkdir /Users/"$NEWUSERNAME"/Applications 163 | echo "$ADMINPASS" | sudo -S unzip -d /Users/"$NEWUSERNAME"/Applications/ Slack.zip 164 | echo "$ADMINPASS" | sudo -S chmod -R 755 /Users/"$NEWUSERNAME"/Applications 165 | echo "Slack installed" 166 | 167 | # Copy RingCentral into Apps folder 168 | echo "$ADMINPASS" | sudo -S unzip -d /Users/"$NEWUSERNAME"/Applications RingCentral%20Phone.zip 169 | echo "RingCentral Phone installed" 170 | 171 | # Modify the new user's dock 172 | echo "Modifying Dock" 173 | echo "$ADMINPASS" | sudo -S /usr/local/sbin/dockutil --remove 'Maps' /Users/"$NEWUSERNAME" --no-restart 174 | echo "$ADMINPASS" | sudo -S /usr/local/sbin/dockutil --remove 'Photos' /Users/"$NEWUSERNAME" --no-restart 175 | echo "$ADMINPASS" | sudo -S /usr/local/sbin/dockutil --remove 'Podcasts' /Users/"$NEWUSERNAME" --no-restart 176 | echo "$ADMINPASS" | sudo -S /usr/local/sbin/dockutil --remove 'TV' /Users/"$NEWUSERNAME" --no-restart 177 | echo "$ADMINPASS" | sudo -S /usr/local/sbin/dockutil --add /Users/"$NEWUSERNAME"/Applications/Slack.app /Users/"$NEWUSERNAME" --no-restart # TODO: Fix this, can't setup from another user 178 | echo "$ADMINPASS" | sudo -S /usr/local/sbin/dockutil --add '$HOME/Downloads' --view grid --display folder /Users/"$NEWUSERNAME" --no-restart # TODO: Fix this, can't setup from another user 179 | echo "$ADMINPASS" | sudo -S chown -R "$NEWUSERNAME" /Users/"$NEWUSERNAME"/Applications 180 | 181 | # Install Viscosity 182 | echo "Downloading Viscosity" 183 | tmpfile=$temp/viscosity.dmg 184 | curl -L https://www.sparklabs.com/downloads/Viscosity.dmg >"$tmpfile" 185 | yes | hdiutil attach -noverify -nobrowse -mountpoint "$temp"/mount "$tmpfile" 186 | echo "$ADMINPASS" | sudo -S cp -r "$temp"/mount/*.app /Applications 187 | hdiutil detach "$temp"/mount 188 | echo "$ADMINPASS" | sudo -S rm -r "$tmpfile" 189 | sleep 8 # Sometimes Viscosity opens too quickly so we'll wait here 190 | open -a Viscosity # We open Viscosity to click through the prompt for the helper tool installer 191 | echo "Viscosity Installed" 192 | 193 | # Install Google Backup & Sync 194 | echo "Installing Backup & Sync" 195 | curl -L https://meraki-na.s3.amazonaws.com/pcc/enterprise-apps/e0357daef51c533241d0b7603516e0ae/be2251996032c72c5b5c848de8287e4f.dmg >"$tmpfile" 196 | yes | hdiutil attach -noverify -nobrowse -mountpoint "$temp"/mount "$tmpfile" 197 | echo "$ADMINPASS" | sudo -S cp -r "$temp"/mount/*.app /Applications 198 | hdiutil detach "$temp"/mount 199 | echo "$ADMINPASS" | sudo -S rm -r "$tmpfile" 200 | echo "Backup & Sync installed" 201 | 202 | # Install 1Password 203 | echo "Downloading 1Password" 204 | tmpfile=$temp/1pass.pkg 205 | curl -L https://app-updates.agilebits.com/download/OPM7 >"$tmpfile" 206 | echo "$ADMINPASS" | sudo -S installer -pkg "$tmpfile" -target / 207 | 208 | # Cleaning up temp directory 209 | echo "$ADMINPASS" | sudo -S rm -r "$temp" 210 | 211 | # Creating "Power Users" 212 | echo "Giving non-admins System Preferences abilities" 213 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.preferences allow 214 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.preferences.datetime allow 215 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.preferences.network allow 216 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.print.admin allow 217 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.print.operator allow 218 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.preferences.printing allow 219 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.printingmanager allow 220 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.preferences.accessibility allow 221 | echo "$ADMINPASS" | sudo -S security authorizationdb write system.preferences.energysaver allow 222 | echo "$ADMINPASS" | sudo -S /usr/libexec/airportd prefs RequireAdminNetworkChange=NO RequireAdminIBSS=NO 223 | echo "$ADMINPASS" | sudo -S /usr/bin/defaults -currentHost write com.apple.locationd LocationServicesEnabled -int 1 224 | echo "$ADMINPASS" | sudo -S /usr/bin/defaults write /Library/Preferences/com.apple.timezone.auto Active -bool YES 225 | echo "$ADMINPASS" | sudo -S /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeOnlyEnabled -bool YES 226 | echo "$ADMINPASS" | sudo -S /usr/bin/defaults write /private/var/db/timed/Library/Preferences/com.apple.timed.plist TMAutomaticTimeZoneEnabled -bool YES 227 | 228 | # Sync FileVault with APFS 229 | echo "Syncing FileVault with APFS" 230 | echo "$ADMINPASS" | sudo -S diskutil apfs updatePreboot / 231 | 232 | # Change Computer Name 233 | echo "Changing computer name..." 234 | COMPUTERNAME="$FULLNAME" 235 | echo "$ADMINPASS" | sudo -S scutil --set ComputerName "$COMPUTERNAME" 236 | echo "$ADMINPASS" | sudo -S scutil --set HostName "$COMPUTERNAME" 237 | echo "$ADMINPASS" | sudo -S scutil --set LocalHostName "$COMPUTERNAME" 238 | dscacheutil -flushcache 239 | 240 | # Set password reset 241 | echo "Setting password to require change..." 242 | echo "$ADMINPASS" | sudo -S pwpolicy -u "$NEWUSERNAME" setpolicy newPasswordRequired=1 243 | 244 | } 2>~/add_user_script.log # End error logging wrapper 245 | open ~/add_user_script.log # Open the log and have the user check for errors before finishing 246 | 247 | echo -e "Script complete.\nPlease check error log (automatically opened) before restarting.\n\nPress to shutdown and update." 248 | read -rn 1 249 | 250 | # Restart the machine 251 | echo "Shutting down..." 252 | sleep 5 253 | history -c 254 | echo "$ADMINPASS" | sudo -S shutdown -h now # We shutdown instead of restart so software updates can be applied properly via CLI 255 | -------------------------------------------------------------------------------- /src/macos/setup/companies/easypost/api-support-setup.command: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # If running from Meraki: 4 | # `systemsetup setremotelogin on` 5 | 6 | # Grab the username of the non-admin 7 | echo "Enter the username of the non-admin account: " 8 | read -r USERNAME 9 | echo "Enter the epadmin password: " 10 | read -rs EPPASSWORD 11 | 12 | # Install Brew and all Supported Programming Languages 13 | echo "$EPPASSWORD" | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" 14 | brew install git 15 | brew install node # installs npm as a part of this 16 | brew install ruby 17 | brew install php 18 | brew install python 19 | brew install go 20 | brew cask install adoptopenjdk # must come before maven, will require an admin password to install 21 | brew install maven 22 | brew cask install dotnet-sdk 23 | brew cask install visual-studio-code --appdir=/Users/"$USERNAME"/Applications 24 | 25 | # We switch the Homebrew instance ownership to the user instead of epadmin here 26 | sudo chown -R "$USERNAME" "$(brew --prefix)"/* 27 | chmod u+w "$(brew --prefix)"/* 28 | 29 | # If running from Meraki: 30 | # `systemsetup setremotelogin off` 31 | -------------------------------------------------------------------------------- /src/macos/setup/personal/README.md: -------------------------------------------------------------------------------- 1 | # Scripting macOS for Personal Use 2 | 3 | The following checklist are items that I do for any new setup (that aren't already handled via the deploy script). If the item is checked below, I've added an automated CLI implementation in the `deploy-personal-mac.sh` script in this directory. Long-term I'd like to automate as much of this process as possible. 4 | 5 | See the accompanying `macos_defaults.md` file for details about Apple `defaults`. 6 | 7 | ## Manual Tasks 8 | 9 | The following cannot be automated and must be done in the following order: 10 | 11 | 1. [ ] Sign in to iCloud 12 | 2. [ ] Copy `git` folder from previous machine 13 | 3. [ ] Install Dotfiles: 14 | 4. [ ] Install Brewfile for machine: 15 | 5. [ ] Automatically keep the Mac up to date 16 | 6. [ ] Turn on FileVault (restart required) 17 | 7. [ ] Turn on trim for SSD (only for machines with a custom SSD installed, restart required) 18 | - `sudo trimforce enable` 19 | 20 | ### Order Insignificant 21 | 22 | The following can be done in any order after the above section: 23 | 24 | - [ ] Select desired screensaver 25 | - [ ] Setup the dock the way we want 26 | - [ ] Remove downloads from the dock 27 | - [ ] App icons (and their order) 28 | - [ ] Finder sidebar 29 | - [x] Add hard drives 30 | - [ ] Add home folder 31 | - [ ] Add computer 32 | - [ ] Set `git` as default location when Finder opens 33 | - [ ] Set ethernet preference over wifi when available 34 | - [ ] Enable time machine 35 | - [ ] Setup login items 36 | - [ ] Install App Store specific items (Final Cut Pro, Logic Pro, etc) 37 | - [ ] Remove unneeded apps from Apple 38 | 39 | ### macOS Server 40 | 41 | - [ ] For Server, ensure that `cron` has `full-disk access` 42 | - [ ] Setup local mail server for things like crontabs: 43 | - [ ] Spin up Harvey and install initially 44 | - [ ] Grab the previous crontab env file or rebuild with necessary env variables 45 | - [ ] Install Python scripts/tools with custom virtual envs per project (github-archive, pullbug, etc) 46 | -------------------------------------------------------------------------------- /src/macos/setup/personal/deploy-personal-mac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # shellcheck disable=SC1091 4 | 5 | ## DEPLOY PERSONAL MAC 6 | ## Can be used for MacBook or Server 7 | 8 | main() { 9 | echo "This script is almost completely automated! It will prompt for an initial password, initial computer name, and eventually copy your SSH key to the clipboard to be pasted into GitHub. Finally, you'll press enter to restart the device and install updates." 10 | 11 | { # Wrap script in error logging 12 | prompt_for_password 13 | change_computer_name 14 | setup_preferences 15 | install_command_line_tools 16 | install_rosetta 17 | install_homebrew 18 | install_git 19 | install_updates 20 | generate_ssh_key 21 | } 2>~/deploy_script.log # End error logging wrapper 22 | 23 | cleanup 24 | } 25 | 26 | prompt_for_password() { 27 | echo -n "Admin Password: " 28 | read -rs PASSWORD 29 | } 30 | 31 | change_computer_name() { 32 | # Change the computer name in all applicable places 33 | echo -n "New computer name (eg: 'mbp-justin', 'web1', etc): " 34 | read -r NEW_COMPUTER_NAME 35 | 36 | echo "$PASSWORD" | sudo -S scutil --set ComputerName "$NEW_COMPUTER_NAME" 37 | echo "$PASSWORD" | sudo -S scutil --set HostName "$NEW_COMPUTER_NAME" 38 | echo "$PASSWORD" | sudo -S scutil --set LocalHostName "$NEW_COMPUTER_NAME" 39 | echo "$PASSWORD" | sudo -S defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string "$NEW_COMPUTER_NAME" 40 | 41 | dscacheutil -flushcache # flush the DNS cache for good measure 42 | } 43 | 44 | setup_preferences() { 45 | # There are MANY more steps that for now will require manual work 46 | # TODO: See the accompanying README on personal deployments for more information on manual work required, eventually automate it here 47 | # Most of these will require a restart to take effect 48 | # Enable dark mode 49 | echo "Enabling dark mode..." 50 | osascript <