ANTS-Framework/macos_profile

Install macOS profiles from template or remove installed profiles by identifier

macos profile

Description

Install macOS profiles from template or remove installed profiles by identifier.

It role works by dynamically creating mobileconfig files from templates and installing/uninstalling them using the macos profiles command.

Profile Identifiers are generated from {{ macos_profile__identifierPrefix }}.{{ mobileconfig.template }}

If you want to know more about profiles, there is the official Configuration Profile Reference by Apple but most of all, the mac admin community has some great resources on github. See this repo by clburlison for a great collection of profiles and have a look at profiledocs by mosen. You can also generate profiles from mxc using mcxToProfile by timsutton.

Some of the profile templates have been taken from these repositories. Namely:

• skipsetup.j2 rtrouton and gregneagle
• safari.j2 nmcspadden
• menuextras.j2 nmspadden
• disableautoupdates.j2 gregneagle
• airport.j2 gregneagle

Role Variables

Default variables for profiles are listed in their corresponding defaults file: defaults/{{ mobileconfig.template }}.yml

E.g. all variables available for the "safari" profile are listed in defaults/safari.yml. Set the variables as needed in group_vars or host_vars.

There are a few variables that are used in every template:

macos_profile__identifierPrefix: "com.pretendcorp.it.macos"
macos_profile__PayloadOrganization: "Pretend Corp"
macos_profile__PayloadRemovalDisallowed: "true"
# Save files to this directory
macos_profile__destinationFolder: "/usr/local/pretendcorp/profiles"

Example Playbook

You have to call the role for every profile you want to install. Only the profiles with names corresponding to mobileconfig.template are installed/uninstalled.

# Manage Finder and set interface level to simple
- hosts: macos_public
  vars:
    - macos_profile__finder_InterfaceLevel: "Simple"
    - mobileconfig: { template: "finder", state: "present" }
  roles:
  - role: macos_profile

# Make sure energysaver profile is not installed
- hosts: macos_no_energy
  vars:
    - mobileconfig: { template: "energysaver", state: "absent" }
  roles:
  - role: macos_profile

License

GPLv3

Author Information

Part of the ANTS Framework