macbook-playbook
Install all your applications and configure everything the way you like it with one command.
Table of Contents
- Tested on
- Configuring machine
- Roles
- Installs
- Desktop Applications
- Text Editors
- Communication
- Configuration
- Multimedia
- Browser Plugins
- Programming Languages
- Virtualization, Provisioning, Containers and System Tools
- Package Managers and Build Tools
- Shell
- Programming Utilities
- Security
- GNU Command Line Tools
- Data Systems
- Configuration, Monitoring and Debugging (tag: observability)
- Document Processors and Plotting
- Markup Tools
- Command line tools
- Miscellaneous
- Configures
- Installs
- Author
- License
Tested on
I’ve been using macbook-playbook since 2013. I’ve used it on at least eight
MacBook Pros with different macOS versions. As of May 2023 I use it on my
personal 16” 2023 Macbook Pro with Ventura installed and on my work 16” 2019
Macbook Pro with Monterey installed.
Please open an issue if you’re trying this out and bump into anything.
Bootstrap machine (make bootstrap)
These are one-time steps that need to be done on machines that are running
macbook-playbook for the first time.
Install Developer Tools (xcode-select)
Open the “Terminal” application, type git into the shell and follow the
instructions to install the Apple Developer Tools.
Clone repository
Now your machine should have git and python3 installed.
git clone https://github.com/mpereira/macbook-playbook.gitGive Terminal/iTerm2/Emacs/etc. assistive access
Depending on your macOS version you will be queried or not for assistive
access while make converge runs. This is required for example to remap
caps lock to control.
In case that task fails, or if you want to do it beforehand just in case, go
to “System Preferences > Security & Privacy > Privacy > Accessibility” and
add the application running macbook-playbook (Terminal/iTerm2/Emacs/etc.)
to the list.
Secrets
I keep secrets encrypted in a file outside of this repository. I have a project (also outside of this repository) that will write all secrets required by this project’s roles togroup_vars/localhost/vars.yml. This
file is git-ignored in this project.
These are the roles that use secrets:
| Description | Secret name | Role |
| AWS CLI credentials | aws_credentials_file_base64 | awscli |
| BetterTouchTool license | better_touch_tool_license_file_base64 | better-touch-tool |
| DaisyDisk license | daisydisk_registration_key_file_base64 | daisydisk |
| Enviroment variables for dotfiles | dotfiles_environment_yml_file_base64 | dotfiles |
| iStat Menus settings | istat_menus_settings_file_base64 | istat-menus |
| Prey API key | prey_api_key_yaml_file_base64 | prey |
| Private SSH key | mpereira_at_pluto_ssh_private_key_base64 | ssh-keys |
| s3cmd configuration | s3cmd_cfg_file_base64 | s3cmd |
If a group_vars/localhost/vars.yml file with those secrets is absent
running these roles will fail.
You have two choices: skip these roles, or write your
group_vars/localhost/vars.yml.
To skip them, when you reach the provision machine step, make Ansible skip
roles tagged with uses-secrets. You don’t need to run this now, the
command below is just an example.
make converge ARGS='--skip-tags uses-secrets'Prepare machine to run the Ansible playbooks
This will:
- Set up passwordless
sudo - Install a user Python3
- Install Ansible
- Set up the Git pre-commit hook that automatically encrypts secrets before Git commits
make bootstrapYour machine should now be ready to be provisioned! You won’t need to run the above steps again.
Configure machine (make converge)
Now that the machine is bootstrapped, we can provision it.
Provision machine
This runs all non-disabled roles in =main.yml=.make converge ARGS='--skip-tags disabled'ansible-playbook arguments can be passed via the ARGS environment variable.
For example, --tags can be passed so that only matching roles are run.
make converge ARGS='--tags google-chrome'--skip-tags can also be passed to avoid running certain roles.
make converge ARGS='--skip-tags disabled,unity'All role tags can be seen in =main.yml=.
Tasks may fail due to intermittent reasons like temporary server
unavailability. When a task fails you can either disable its role via
--skip-tags or use --start-at-task with the name value of some task to
cause Ansible to start the playbook exactly there.
For example, if the “Install Emacs” task from the “build-emacs” role fails for what seems to be an intermittent issue, you can pick up provisioning from there so that previous tasks don’t have to re-run.
make converge ARGS='--skip-tags disabled --start-at-task "Install Emacs"'Check the official Ansible documentation for more details.
Manual steps post make converge
These are steps that are currently not automated because:
- it would be difficult
- it would be impossible
- or I just didn’t have the time
Change keyboard layout to U.S. international
- System Preferences -> Keyboard -> Input Sources
- Click +
- Select “English” on left column
- Select “U.S. International - PC” on right column
- Click “Add”
- Remove other keyboard layouts from the left column
iStat Menus
- Import license from
roles/istat-menus/files/iStat Menus Settings.ismp
PDF Expert
- Register license
BetterTouchTool
- Register license
Terminal
Preferences > Profiles > Pro > Font
Set to Hack Regular 18 pt.
System Preferences > Security & Privacy > Privacy > Accessibility
- BetterTouchTool.app
- Emacs-*.app
- MacGPT
- RescueTime
- Terminal
- VLC
System Preferences > Keyboard > Shortcuts > Mission Control
Uncheck:
- Mission Control
- Move left a space
- Move right a space
- Switch to desktop 1
I use these keybindings on Emacs.
Roles
Installs
Desktop Applications
- Android File Transfer
- BitBar
- Cursorcerer
- DaisyDisk
- Dash
- Divvy
- Dropbox
- Elgato Dock
- Elgato Control Center
- f.lux
- Firefox
- Google Chrome
- Google Photos
- Grammarly
- iStat Menus
- LICEcap
- Maccy
- PDF Expert
- Persephone
- RescueTime
- Skype
- Slack
- Spotify
- Steam
- Teensy Loader
- ToggleDarkMode
- Unity
- Unity Hub
- VLC
- Wireshark
- XQuartz
- YNAB (disabled by default, I use the online version and the application binary isn’t available anymore)
- Zoom
- Zwift
Text Editors
- Emacs 28.2
- Emacs 29
- MacVim
- Neovim
- Rider
- Vim (disabled by default until I figure out why it isn’t compiling on macOS Big Sur with LLVM 12)
- VSCode
Configuration
Programming Languages
- Clojure
- GNU Octave
- Go
- Haskell
- Java (AdoptOpenJDK)
- Lua
- LuaJIT
- .NET
- Node.js
- PureScript (disabled by default until I figure out why
stack install purescriptis currently failing) - Python 3
- R
- Ruby
- Rust
Multimedia
Fonts
Browser Plugins
Virtualization, Provisioning, Containers and System Tools
- Docker
- krew
- kubectl
- kubectl-tree
- OpenZFS (disabled by default until it works on macOS Big Sur)
- Terraform
- Vagrant
- Vagrant vagrant-vbguest plugin
- VirtualBox
Package Managers and Build Tools
Shell
Programming Utilities
- Black
- clojure-lsp
- Ctags
- YAPF
- zprint
- yq
- shfmt
- node-cljfmt
- gron
- ktlint
- Prettier
- Pyre
- rust-analyzer
- ShellCheck
Data Systems
- Apache Hadoop (disabled by default, it conflicts with the
yarnJavaScript package manager)
Configuration, Monitoring and Debugging
Document Processors and Plotting
Markup Tools
Command line tools
- AWS CLI
- defaultbrowser
- delta
- delta
- git
- gh
- fd
- jq
- local-ssl-proxy
- p7zip
- parallel
- pgsanity
- pngpaste
- ripgrep
- s3cmd (disabled by default, I use the AWS CLI)
- scc
- stripe-cli
- tealdeer
- terminal-notifier
- tree
- vercel
- websocat
- wrk
- xz
Security
GNU Command Line Tools
- binutils
- coreutils
- diffutils
- ed
- findutils
- gawk
- gnu-indent
- gnu-sed
- gnu-tar
- gnu-which
- gnutls
- grep
- gzip
- screen
- watch
- wdiff
- wget
Miscellaneous
- Mutagen
- ChromeDriver
- FontForge
- Qt 5 (disabled by default)
- WordNet