![]() Using Homebrew, installs a number of CLI and GUI packages that improve security and privacy (see below).Ensure XCode and Homebrew are correctly installed and configured.Configure curl based on drduh's recomendations.For example, you can customize the installed packages and apps with something like:Īny variable can be overridden in config.yml see the supporting roles' documentation for a complete list of available variables. You can override any of the defaults configured in by creating a config.yml file and setting the overrides in that file. Instead, clone the repo and run the playbook direclty using ansible-playbook main.yml -skip-tags "install-only" If you already have dnsmasq or dnscrypt-proxy running as homebrew services, don't use the install script.If you already have a designated "admin" account, make sure you run this from that account.You can also use the same curl -> bash method on an established machine, but with a couple of caveats: If you get an error about needing sudo permissions for any of the steps in the playbook during a subsequent run, initate sudo with sudo -v first, then re-run ansible-playbook main.yml -skip-tags "install-only" If Running on an Existing Device It's on the roadmap to automate that update process via a launchdaemon or cron job. Then:Īnsible-playbook main.yml -skip-tags "install-only " You can re-run the playbook to get the latest changes. Note that if you take this route and need to perform brew operations while using your admin user, you'll need to reverse this process to reclaim ownership of the homebrew directory. Now your non-admin user controls Homebrew. sudo chown -R, where = /opt/homebrew on ARM Macs and /usr/local/Homebrew on intel Macs.su to your admin user when you need to install/update packages.Packages installed with homebrew are available to all users on the system, but brew commands that make changes (ie, brew install or brew upgrade) will only be available to that user. Note: This workflow results in homebrew being owned by your admin user account. Use standard for day-to-day activities (including linking to Apple-ID, if desired).Create a second "standard" account (ie, no admin privileges).Run the install command above from your terminal.Start up the new device and create a designated "admin" account.This is meant as a set-up script for a new device. Run brew doctor to see if this is the case. ![]() Note: If some Homebrew commands fail, you might need to agree to Xcode's license or fix some other Brew issue. It provides a set of defaults and installs packages that will improve the basic security posture of your machine, but does not guarantee it's security or your privacy. Disclaimer: You are responsible for your own computer's security and using this playbook does not guarantee anything. It is based in large part on the CIS Benchmarks for MacOS and drduh's MacOS Security and Privacy Guide. This playbook will provide a baseline of security and privacy for a new Mac.
0 Comments
Leave a Reply. |