My shell and programms settings
- 💰 - Paid or trial app
- 🆓 - Free with conditions app
- - Link to GitHub repo of app
-
Open Terminal
-
Download this repo
git clone --depth=1 --shallow-submodules --recurse-submodules --remote-submodules https://github.com/REDNBLACK/preferences.git Preferences mkdir -p ~/.config/ echo "export DOTPREFSDIR=$(cd Preferences && pwd)" | sudo tee -a /etc/zshenv > /dev/null exec zsh
-
Setup Homebrew [] & mas-cli & cask-upgrade
# Prepare System [[ "$(uname -m)" == "arm64" ]] && sudo softwareupdate --install-rosetta --agree-to-license # Install Homebrew bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" eval $(/opt/homebrew/bin/brew shellenv) brew analytics off # Install Essential Modules brew tap homebrew/cask-versions brew tap buo/cask-upgrade brew install mas # Symlink custom Formulaes, Casks and Patches mkdir -p $HOMEBREW_REPOSITORY/Library/Taps/rednblack && ln -fs $DOTPREFSDIR/homebrew "$_/homebrew-tap"
-
Setup Git [] & Git LFS [] & GitHub
# Patch git formula, removing gettext and pcre2 dependencies and install brew patch rednblack/tap git brew install rednblack/tap/git --build-from-source brew install git-lfs ln -fs $DOTPREFSDIR/git ~/.config/git # After generation of Personal Access Token (Classic) security add-internet-password -l 'GitHub Token (%GitHub Account Name%)' -s github.com -r htps -a %GitHub Account Name% -w '%GitHub Account Token%'
-
Setup Fira Code (+Nerd) & Meslo Nerd
brew install --cask font-{fira-code,fira-code-nerd-font,meslo-lg-nerd-font}
-
Setup zsh [] & zinit [] & PowerLevel10K & zsh-autosuggestions & zsh-fast-syntax-highlighting
brew install zsh # ⚠️ Command may be skipped in case of actual preinstalled zsh version ln -fs $DOTPREFSDIR/zsh ~/.config/zsh echo "export ZDOTDIR=$HOME/.config/zsh" | sudo tee -a /etc/zshenv > /dev/null echo "export PATH=${HOMEBREW_PREFIX}bin:${HOMEBREW_PREFIX}sbin:/Library/Developer/CommandLineTools/usr/bin:\$PATH" | sudo tee -a /etc/zshenv > /dev/null # Set as default shell ⚠️ Command may be skipped in case of actual preinstalled zsh version which zsh | sudo tee -a /etc/shells > /dev/null chsh -s $(which zsh) # Set as default shell (alternative) ⚠️ Command may be skipped in case of actual preinstalled zsh version sudo dscl . -create ~ UserShell $(which zsh)
-
Setup iTerm []
brew install --cask iterm2 # Import Settings defaults write com.googlecode.iterm2 LoadPrefsFromCustomFolder -bool YES defaults write com.googlecode.iterm2 PrefsCustomFolder "$DOTPREFSDIR/iterm2" # Set files association (⚠️ MUST START iTERM2 AT THIS STEP!!!) internal set-file-assoc iTerm com.googlecode.iterm2 $DOTPREFSDIR/iterm2/file-assoc.list
-
Setup Tools
cat
with rainbows!brew install lolcat-rust
ls
on steroids# Patch eza formula, removing libgit2, libssh2, openssl@3 dependencies and install brew patch rednblack/tap eza brew install rednblack/tap/eza --build-from-source brew smartremove eza && rm -rf "$(brew --prefix)"/etc/{openssl@3,ca-certificates}
grep
modern alternative (depends onpcre2
)brew install ripgrep
sponge
helps in fully readingstdin
to temp files automaticallybrew install sponge
man
in TL;DR variantbrew install tealdeer
- Set files association
duti
,swiftdefaultappsprefpane
brew install duti swiftdefaultappsprefpane
- Process JSON, YAML, XML, CSV via CLI
jaq
(jq на rust) &yq
brew install jaq yq
- Correct errors in previous commands (depends on
python
)brew install thefuck
-
Setup macOS
. $DOTPREFSDIR/macOS/conf.zsh
-
Setup Yubikey Manager [] + Authenticator []
brew install --cask yubico-{yubikey-manager,authenticator} # Add Manager CLI to Path cat > ${HOMEBREW_PREFIX}/bin/ykman <<EOF
#!/bin/bash export PYTHONHOME="" exec '/Applications/$(brew info yubico-yubikey-manager --json=v2 | jq -r '.casks[].name | .[0]').app/Contents/MacOS/ykman' "$@" EOF chmod +x ${HOMEBREW_PREFIX}/bin/ykman ``` 2. [💰] Setup Strongbox []
```zsh
mas install 1481853033
```
-
Setup GPG Suite []
brew install --cask gpg-suite-no-mail defaults write org.gpgtools.updater SUEnableAutomaticChecks -bool NO defaults write org.gpgtools.gpgkeychain DoNotShowUploadDialogAgain -bool YES defaults write org.gpgtools.common UseKeychain -bool YES # Enable Touch ID ln -fs $DOTPREFSDIR/pgp/gpg-agent.conf ~/.config/pgp/gpg-agent.conf pkill -9 -f pinentry-swift 2> /dev/null || true && swiftc $DOTPREFSDIR/pgp/pinentry-swift.swift -enable-bare-slash-regex -o $HOMEBREW_PREFIX/bin/pinentry-swift # Secure SSH # sudo sed -i '' "s/^#?PrintLastLog yes$/^PrintLastLog no$/" /etc/ssh/sshd_config ln -fs $DOTPREFSDIR/pgp/ssh.conf ~/.config/ssh/client_config sudo sed -i '' -n -e '/^Include \/Users\/\*\*\/.*$/!p' -e '$a\'$'\n\\\n# Load Custom Config. DO NOT EDIT\\\nInclude /Users/**/.config/ssh/client_config' /etc/ssh/ssh_config sudo sed -i '' -n -e '/^Include \/Users\/\*\*\/.*$/!p' -e '$a\'$'\n\\\n# Load Custom Config. DO NOT EDIT\\\nInclude /Users/**/.config/ssh/daemon_config' /etc/ssh/sshd_config ## > Variant 1: Disabled Password Auth, Key Only ln -fs $DOTPREFSDIR/pgp/sshd-key.conf ~/.config/ssh/daemon_config ## > Variant 2: Auth via Password + 2FA ln -fs $DOTPREFSDIR/pgp/sshd-otp.conf ~/.config/ssh/daemon_config brew install --ignore-dependencies google-authenticator-libpam google-authenticator -t -D -Cfq -w 17 -r 3 -R 30 -s ~/.config/ssh/google_authenticator sudo sed -i '.old' -e '6s;^;auth required /usr/local/opt/google-authenticator-libpam/lib/security/pam_google_authenticator.so secret=/Users/${USER}/.config/ssh/google_authenticator\n;' /etc/pam.d/sshd # Remove bloat sudo rm -rf /Library/PreferencePanes/GPGPreferences.prefPane && sudo rm -f /Library/LaunchAgents/org.gpgtools.{updater,macgpg2.fix,macgpg2.updater,Libmacgpg.xpc}.plist
-
Setup secure DNS over HTTPS/TLS/QUIC
-
Popular DNS over HTTPS/TLS
- Set var
config
to config name from repo (for examplecloudflare-https
) -
curl -LSs -o 'DoH.mobileconfig' "https://raw.githubusercontent.com/paulmillr/encrypted-dns/master/profiles/${config}.mobileconfig" && \ open -a ProfileHelper DoH.mobileconfig && \ open "x-apple.systempreferences:com.apple.preferences.configurationprofiles" && \ rm DoH.mobileconfig
- In the Profiles window press 'Install...'
- Set var
-
[🆓] NextDNS []
- Set vars
id
- to your configuration id,name
- to device name andmodel
- to one of values from here (for exampleApple MacBookPro11,1
) -
curl -GLSs -o 'NextDNS.mobileconfig' 'https://api.nextdns.io/apple/profile' \ -d "configuration=${id}" \ --data-urlencode "device_name=${name}" \ --data-urlencode "device_model=${model}" \ -d "sign=${sign:-0}" \ -d "trust_ca=${trust:-0}" \ -d "bootstrap_ips=${bootstrap:-0}" \ -d "prohibit_disablement=${supervised:-0}" && \ open -a ProfileHelper NextDNS.mobileconfig && \ open "x-apple.systempreferences:com.apple.preferences.configurationprofiles" && \ rm NextDNS.mobileconfig
- In the Profiles window press 'Install...'
OR
brew install nextdns/tap/nextdns
- Set vars
-
-
Setup Orbot []
mas install 1609461599
-
[💰] Setup AdGuard VPN
brew install --cask adguard-vpn defaults import com.adguard.mac.vpn $DOTPREFSDIR/adguard/conf.plist # Add NextDNS as QUIC DNS defaults write com.adguard.mac.vpn 'dns-servers-settings' -data $(jq -n --arg profile "%NextDNS Profile%" --arg device "%Device Name%" '{"selectedServer": {"uid": "42B5EEE1-2255-4B6F-96EA-54953B75807B", "name": "NextDNS [QUIC] (\($profile))", "address": "quic://\($device)-\($profile).dns.nextdns.io"}} | .servers = [.selectedServer]' | xxd -u -p - | tr -d '\n')
-
Setup misc
# Enable sudo auth via Touch ID (⚠️ Must be done after every system update) sudo sed -i '.old' -e '2s;^;auth sufficient pam_tid.so\n;' /etc/pam.d/sudo # Allow applications downloaded from anywhere (⚠️ Must be done after every system update) sudo spctl --master-disable # Add Terminal to Developer Tools, so any processes run by it to be excluded from Gatekeeper sudo spctl developer-mode enable-terminal # Disable annoying root password request on every LaunchAgent launch (⚠️ Must be done after every system update) security authorizationdb write com.apple.system-extensions.admin allow # Disable library validation (⚠️ USE YOUR BRAIN, also must be done after every system update) sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true # Disable the “Are you sure you want to open this application?” dialog defaults write com.apple.LaunchServices LSQuarantine -bool false # Cleanup conflicting configs for bash/zsh (⚠️ Must be done after every system update) sudo rm -f /etc/zshrc_Apple_Terminal /etc/zshrc /etc/zprofile /etc/bashrc_Apple_Terminal /etc/bashrc /etc/profile
-
[🆓] Setup Sublime Text 4 []
brew install --cask sublime-text ln -fs $DOTPREFSDIR/sublime-text/conf ~/Library/Application\ Support/Sublime\ Text/Packages/User # Install license cp -f "**Path to License.sublime_license file**" ~/Library/Application\ Support/Sublime\ Text/Local/License.sublime_license # Set files association internal set-file-assoc SublimeText com.sublimetext.4 $DOTPREFSDIR/sublime-text/file-assoc.list
-
[🆓] Setup JetBrains Toolbox []
-
brew install --cask jetbrains-toolbox ln -fs $DOTPREFSDIR/jb-toolbox/conf.json ~/Library/Application\ Support/JetBrains/Toolbox/.settings.json ln -fs $DOTPREFSDIR/jb-toolbox/storage.json ~/Library/Application\ Support/JetBrains/Toolbox/.storage.json
- Next download
IntelliJ IDEA Ultimate
- Install plugins for IntelliJ IDEA
- ¯_(ツ)_/¯
-
-
brew install --cask docker brew install helm # After generation of Access Token security add-internet-password -l 'Docker Token (%Docker Account Name%)' -s docker.com -r htps -a %Docker Account Name% -w '%Docker Account Token%'
-
Setup Java Eclipse Temurin [] & GraalVM [] & JMC [] & sbt []
brew install --cask temurin@{8,17} graalvm-jdk brew install --cask openjdk-jmc brew install sbt # Switch JDK version to `8` or `17` or `graal` jdk 17
-
Setup Python []
ln -fs /Library/Developer/CommandLineTools/usr/bin/python3 $HOMEBREW_PREFIX/bin/python ln -fs /Library/Developer/CommandLineTools/usr/bin/pip3 $HOMEBREW_PREFIX/bin/pip
-
Setup Rust rustup []
curl -L https://sh.rustup.rs | bash -s -- --profile default --default-toolchain nightly -y --no-modify-path
-
curl -L https://raw.githubusercontent.com/mklement0/n-install/stable/bin/n-install | bash -s -- -n -y lts corepack enable npm pnpm
-
Setup RapidAPI & grpcurl & ngrok
brew install --cask rapidapi brew install grpcurl brew install --cask ngrok
-
Setup Postgres App []
brew install --cask postgres-unofficial
-
Setup Hex Fiend
brew install --cask hex-fiend
-
Setup Obsidian
brew install --cask obsidian
-
[🆓] Setup Raycast
brew install --cask raycast
-
Setup Cheatsheet
brew install --cask cheatsheet defaults import com.mediaatelier.CheatSheet $DOTPREFSDIR/cheatsheet/conf.plist
-
[💰] Setup DevUtils
brew install --cask devutils
-
Setup Touchbar Nyan Cat
brew install --cask touchbar-nyancat
-
[🆓] Setup Nimble Commander
brew install --cask nimble-commander ln -fs $DOTPREFSDIR/nimble-commander/conf.json ~/Library/Application\ Support/Nimble\ Commander/Config/Config.json defaults import info.filesmanager.Files $DOTPREFSDIR/nimble-commander/conf.plist # Set as default file viewer defaults write -g NSFileViewer -string info.filesmanager.Files defaults write com.apple.LaunchServices/com.apple.launchservices.secure LSHandlers -array-add '{LSHandlerContentType="public.folder";LSHandlerRoleAll="info.filesmanager.Files";}' # Install license cp -f "**Path to License.nimblecommanderlicense file**" ~/Library/Application\ Support/Nimble\ Commander/registration.nimblecommanderlicense # Import Remote Fileshares ln -fs $DOTPREFSDIR/nimble-commander/network.json ~/Library/Application\ Support/Nimble\ Commander/Config/NetworkConnections.json cp -f "**SSH Keys for SFTP**" ~/Library/Application\ Support/Nimble\ Commander/Keys
-
Setup Keka []
brew install --cask keka defaults import com.aone.keka $DOTPREFSDIR/keka/conf.plist # Set file association (w/o using kekadefaultapp) internal set-file-assoc Keka com.aone.keka $DOTPREFSDIR/keka/file-assoc.list
-
[💰] Setup iStat Menus []
brew install --cask istat-menus defaults import com.bjango.istatmenus6.extras $DOTPREFSDIR/istat-menus/conf.plist # Install license defaults write com.bjango.istatmenus license6 -dict email '**License email**' serial '**License serial key**'
-
Setup OnyX
brew install --cask onyx
-
[💰] Setup DaisyDisk
brew install --cask daisydisk
-
Setup Wineskin
brew install --cask gcenx/wine/wineskin
-
[💰] Setup Apple Remote Desktop
mas install 409907375
-
Setup Brave Browser
-
brew install --cask brave-browser
- Install plugins, theme and StartPage search engine
- Import uBlock Origin settings
-
-
Setup Transmission []
brew install --cask transmission defaults import org.m0k.transmission $DOTPREFSDIR/transmission/conf.plist
-
[🆓] Setup Wi-Fi Explorer
brew install --cask wifi-explorer defaults import com.intuitibits.wifiexplorerpro3 $DOTPREFSDIR/wifi-explorer/conf.plist
-
Setup Signal []
brew install --cask signal
-
Setup KTalk
brew install --cask ktalk
-
[💰] Setup Krisp
brew install --cask krisp # Disable autostart rm -f ~/Library/LaunchAgents/krisp.plist
-
[💰] Setup Proton Mail - Bridge Headless, with patched hostname resolve []
cd $DOTPREFSDIR/protonmail-bridge && ./install.zsh
-
[🆓] Setup Spotify []
brew install --cask spotify
-
[🆓] Setup MP3Tag
mas install 1532597159
-
Setup Subler & HandBrake [] & FFmpeg & MKVToolNix
brew install --cask video-toolbox
-
Setup MediaInfo
# Ugly but free brew install --cask mediainfo # For Native UI mas install 510620098
-
Setup Sideloadly
brew install --cask sideloadly
-
Setup Apple Configurator 2
mas install 1037126344
-
Setup iMazing
brew install --cask imazing imazing-profile-editor
-
[💰] Setup WALTR PRO
brew install --cask waltr-pro defaults import com.softorino.waltrpro $DOTPREFSDIR/waltr/conf.plist # ~/Library/Application\ Support/WALTR\ PRO/.alticense && /Users/Shared/WALTR PRO/.alticense