Strap

A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.

Motivation

Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub: https://mikemcquaid.com/2016/06/15/replacing-boxen/

Features

Enables sudo using TouchID
Disables Java in Safari (for better security)
Enables the macOS screensaver password immediately (for better security)
Enables the macOS application firewall (for better security)
Adds a Found this computer? message to the login screen (for machine recovery)
Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
Installs the Xcode Command Line Tools (for compilers and Unix tools)
Agree to the Xcode license (for using compilers without prompts)
Installs Homebrew (for installing command-line software)
Installs Homebrew Bundle (for bundler-like Brewfile support)
Installs Homebrew Services (for managing Homebrew-installed services)
Installs Homebrew Cask (for installing graphical software)
Installs the latest macOS software updates (for better security)
Installs dotfiles from a user's https://github.com/username/dotfiles repository. If they exist and are executable: runs script/setup to configure the dotfiles and script/strap-after-setup after setting up everything else.
Installs software from a user's Brewfile in their https://github.com/username/homebrew-brewfile repository or .Brewfile in their home directory.
A simple web application to set Git's name, email and GitHub token (needs authorised on any organisations you wish to access)
Idempotent

Out of Scope Features

Enabling any network services by default (instead enable them when needed)
Installing Homebrew formulae by default for everyone in an organisation (install them with Brewfiles in project repositories instead of mandating formulae for the whole organisation)
Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
Disabling security features (these are a minimal set of best practises)
Add phone number to security screen message (want to avoid prompting users for information on installation)

Usage

Open https://strap.mikemcquaid.com/ in your web browser.

Instead, to run Strap locally run:

git clone https://github.com/MikeMcQuaid/strap
cd strap
bash bin/strap.sh # or bash bin/strap.sh --debug for more debugging output

Instead, to run the web application locally run:

git clone https://github.com/MikeMcQuaid/strap
cd strap
./script/bootstrap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server

Strap is also available as a Docker image on Docker Hub (mikemcquaid/strap) and GitHub Packages (ghcr.io/mikemcquaid/strap).

Web Application Configuration Environment Variables

GITHUB_KEY: the GitHub.com Application Client ID.
GITHUB_SECRET: the GitHub.com Application Client Secret.
SESSION_SECRET: the secret used for cookie session storage.
WEB_CONCURRENCY: the number of Unicorn (web server) processes to run (defaults to 3).
STRAP_ISSUES_URL: the URL where users should file issues (defaults to no URL).
STRAP_BEFORE_INSTALL: instructions displayed in the web application for users to follow before installing Strap (wrapped in <li> tags).
CUSTOM_HOMEBREW_TAP: an optional Homebrew tap to install with brew tap. Specify multiple arguments to brew tap by separating values with spaces.
CUSTOM_BREW_COMMAND: a single brew command that is run after all other stages have completed.

Status

Stable and in active development.

Contact

Mike McQuaid

License

Licensed under the MIT License. The full license text is available in LICENSE.txt.

MikeMcQuaid/strap

MikeMcQuaid

Reviews

Repository Details