This document describes the full process of setting up a fresh macOS installation per my particular preferences and requirements — hopefully will serve as a helpful reference for anyone interested.
First and foremost, macOS needs to be installed. Then, complete Apple's mandatory macOS setup wizard, creating a local admin user account.
Sign in to iCloud and the App Store.
Install any available macOS and App Store updates.
Install Xcode command line tools.
xcode-select --installAgree To Xcode (only needed with a full Xcode installation).
sudo xcrun ccInstall Rosetta (Apple silicon only).
softwareupdate --install-rosetta --agree-to-licenseInstall any applications that cannot be installed by Homebrew, through the App Store, or via an Ansible scriptable process. This is done before the main playbook is run to ensure apps are in place for tasks that depend on their presence, like configuring the Dock.
Ensure Python 3 is installed and note the version.
which python3 && python3 --versionUpgrade essential packages. Note that running pip3 without sudo with default to a user installation in ~/Library/Python/.
python3 -m pip install --user --upgrade pip setuptools virtualenv ipythonInstall bcrypt — required for generating and securing SSH keys with ansible.
python3 -m pip install --user bcryptInstall Ansible.
python3 -m pip install --user ansibleAdd Python 3 to PATH environment variable temporarily.
Note that the locations of Python 3 binaries and libraries may be different depending on the version of Python installed. The following example assumes Python 3.9. The actual path can be determined by running
which python3 && python3 --versionandpython3 -m site --user-basein the terminal and adjusting the below accordingly.
export PATH="$HOME/Library/Python/3.9/bin:$PATH"If desired, Ansible and Python 3 can be (re)installed by Homebrew when the main playbook is run, and thus managed by
brewand/or a version manager likepyenvgoing forward.
See Python 3 Support for details on choosing the correct Python interpreter.
Confirm the Python version used by Ansible.
`ansible --version | grep "python version"`Use the -e command line option to manually set the python interpreter for a comment, if needed.
ansible-playbook sample-playbook.yml -e 'ansible_python_interpreter=/usr/bin/python3'Clone or download (this) mac-dev-playbook git repo to a temporary location, or wherever you prefer to store source code checkouts, e.g. /tmp or ~/Projects.
git clone [email protected]:greylabel/mac-dev-playbook.gitcurl -LJO https://github.com/greylabel/mac-dev-playbook/archive/refs/heads/main.zipunzip mac-dev-playbook-main.zip && rm mac-dev-playbook-main.zipThe below commands are run from the cloned
mac-dev-playbookdirectory.
Install required roles.
ansible-galaxy install -r requirements.ymlOptionally, copy a config.yml file to the cloned mac-dev-playbook directory, if configuration overrides are required.
If encrypted content is required and will be supplied with Ansible Vault, adjust the commands below accordingly to include when running the various plays.
ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "pre"
ansible-playbook main.yml --ask-become-pass --ask-vault-pass --skip-tags "pre, post"
ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "post"ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "pre"Create Projects and Sites home directories. These directories will be used later in the process and are not present by default in macOS. They generally will contain source code and websites, respectively.
Create a ~/.gitconfig.local file for username / github token / etc.
ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "homebrew"Homebrew is installed by Ansible when the main playbook is run. Add Homebrew's bin directory to PATH environment variable, if needed for temporary use. This will be properly persisted when Dotfiles are installed later.
@todo: Consider using Homebrew Bundle to manage package list and apps with a Brewfile, and potentially move back to Dotfiles repo.
ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "dotfiles"Dotfiles can be installed by Ansible when the main playbook is run. My Dotfiles include configuration for many of the packages installed by Homebrew, as well as an assortment of other tools and aliases.
Note: macOS scriptable settings are stored in the Dotfiles repo, as is custom with other dotfiles setups around the web, but can be applied by Ansible when the main playbook is run.
ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "mas"ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "dock"ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "extra-packages"ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "osx"ansible-playbook main.yml --ask-become-pass --ask-vault-pass --tags "post"@todo: Note about this is where tasks that are not idempotent live.
See Manual macOS and Application Configuration for detailed configuration guide.
Install tools and packages that are managed through separate automation processes, e.g. additional Ansible playbooks, or otherwise manually provisioned.
Sync fonts from Dropbox or another location.
cp -R ~/Dropbox/Apps/Config/Fonts/* ~/Library/Fonts/cp -R ~/Library/Mobile\ Documents/com~apple~CloudDocs/Config/fonts/* ~/Library/Fonts/Optionally, copy contents of ~/Projects and/or ~/Sites folder(s) from another Mac (to save time).
Remove or move this repo from its temporary location and use a proper git stored with other source code files.