/strap

:boot: Bootstrap your macOS development system.

Primary LanguageShellMIT LicenseMIT

Strap

A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.

Motivation

Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub: https://mikemcquaid.com/2016/06/15/replacing-boxen/

Features

  • Disables Java in Safari (for better security)
  • Enables the macOS screensaver password immediately (for better security)
  • Enables the macOS application firewall (for better security)
  • Adds a Found this computer? message to the login screen (for machine recovery)
  • Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
  • Installs the Xcode Command Line Tools (for compilers and Unix tools)
  • Agree to the Xcode license (for using compilers without prompts)
  • Installs Homebrew (for installing command-line software)
  • Installs Homebrew Bundle (for bundler-like Brewfile support)
  • Installs Homebrew Services (for managing Homebrew-installed services)
  • Installs Homebrew Cask (for installing graphical software)
  • Installs the latest macOS software updates (for better security)
  • Installs dotfiles from a user's https://github.com/username/dotfiles repository and runs script/setup to configure them.
  • Installs software from a user's Brewfile in their https://github.com/username/homebrew-brewfile repository or .Brewfile in their home directory.
  • A simple web application to set Git's name, email and GitHub token (needs authorized on any organisations you wish to access)
  • Idempotent

Out of Scope Features

  • Enabling any network services by default (instead enable them when needed)
  • Installing Homebrew formulae by default for everyone in an organisation (install them with Brewfiles in project repositories instead of mandating formulae for the whole organisation)
  • Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
  • Disabling security features (these are a minimal set of best practises)
  • Add phone number to security screen message (want to avoid prompting users for information on installation)

Usage

Open https://macos-strap.herokuapp.com/ in your web browser.

Instead, to run Strap locally run:

git clone https://github.com/MikeMcQuaid/strap
cd strap
bash bin/strap.sh # or bash bin/strap.sh --debug for more debugging output

Instead, to run the web application locally run:

git clone https://github.com/MikeMcQuaid/strap
cd strap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server

Instead, to deploy to Heroku click:

Deploy to Heroku

Web Application Configuration Environment Variables

  • GITHUB_KEY: the GitHub.com Application Client ID.
  • GITHUB_SECRET: the GitHub.com Application Client Secret.
  • SESSION_SECRET: the secret used for cookie session storage.
  • WEB_CONCURRENCY: the number of Unicorn (web server) processes to run (defaults to 3).
  • STRAP_ISSUES_URL: the URL where users should file issues (defaults to https://github.com/MikeMcQuaid/strap/issues/new).
  • STRAP_BEFORE_INSTALL: instructions displayed in the web application for users to follow before installing Strap (wrapped in <li> tags).
  • CUSTOM_HOMEBREW_TAP: an optional Homebrew tap to install with brew tap. Specify multiple arguments to brew tap by separating values with spaces.
  • CUSTOM_BREW_COMMAND: a single brew command that is run after all other stages have completed.

Status

Stable and in active development.

Azure Pipelines

Contact

Mike McQuaid

License

Licensed under the MIT License. The full license text is available in LICENSE.txt.