-
-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathconfigure.yml
140 lines (119 loc) · 4.29 KB
/
configure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
- name: System Configuration
hosts: all
tags:
- config
- system
tasks:
#- enable ssh (disabled for now, new personal preference)
# - name: SSH | check if remote login status is on
# sudo: yes
# command: systemsetup -getremotelogin
# register: remotelogin
# changed_when: "remotelogin.stdout.startswith('Remote Login: On') == False"
# - name: SSH | enable remote login
# sudo: yes
# command: systemsetup -setremotelogin on
# when: remotelogin|changed
# Enable the OSX default firewall
# https://coderwall.com/p/zt8aqa
- name: System | enable firewall
become: yes
osx_defaults: domain=/Library/Preferences/com.apple.alf
key=globalstate
type=int
value=1
# notify: restart firewall
# Don't litter external network mounts with our metadata.
#
# NOTE: due to Apple weirdness, this value used to be a be a string rather
# then a bool, despite the fact it's a boolean value!, e.g. "true" as a str.
# However, this is now fixed as of macOS 10.13
- name: System | disable network .DS_Store
osx_defaults: domain=com.apple.desktopservices
key=DSDontWriteNetworkStores
type=bool
value=true
# TODO: check for full disk encryption! (maybe dont manually install)
# TODO: set recovery message in case of lost device (yeah right)
# https://github.com/boxen/puppet-osx/blob/master/manifests/recovery_message.pp
handlers:
- name: restart firewall
become: yes
shell: >
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
# - name: Account Configuration
# hosts: all
# tags:
# - config
# - account
# - xtra
# vars:
# # Preferred location to find your user avatar and where to store it on the
# # system. If file is not found, will ignore tasks related to setting user
# # avatar gracefully.
# avatar:
# src: "./files/avatars/{{ansible_user_id}}.jpg"
# dest: "~/Library/User Pictures/{{ansible_user_id}}.jpg"
# tasks:
- name: UI Configuration
hosts: all
tags: ui
vars:
dock:
showhidden: true
tilesize: 42
autohide: true
handlers:
# - name: killall Finder
# command: killall Finder
- name: killall Dock
command: killall Dock
# - name: killall SystemUIServer
# command: killall SystemUIServer
tasks:
- name: UI | Dock | dim hidden apps is {{ dock.showhidden }}
osx_defaults: domain=com.apple.dock
key=showhidden
type=bool
value={{ dock.showhidden }}
notify: killall Dock
- name: UI | Dock | set icon size to {{ dock.icon_size }}
osx_defaults: domain=com.apple.dock
key=tilesize
type=float
value={{ dock.tilesize }}
notify: killall Dock
- name: UI | Dock | auto-hide is {{ dock.autohide }}
osx_defaults: domain=com.apple.dock
key=autohide
type=boolean
value={{ dock.autohide }}
notify: killall Dock
# - name: UI | Keyboard | enable full keyboard access
# osx_defaults: domain=NSGlobalDomain
# key=AppleKeyboardUIMode
# type=int
# value=3
# TODO: see what the current defaults are on a a new machine and if I can live with them
# - name: UI | Trackpad | enable tap to click
# osx_defaults: domain=com.apple.MultiTouchTrackpad
# key=Clicking
# type=boolean
# value=true
# TODO: enable night shift if not on by default?
- name: Apps (GUI) Configuration
hosts: all
tags: apps
tasks:
- name: Apps | Safari | Enable Develop menu
osx_defaults: domain=com.apple.safari
key=IncludeDevelopMenu
type=boolean
value=true
- name: Apps | Safari | Privacy - 'Ask websites not to track me'
osx_defaults: domain=com.apple.safari
key=SendDoNotTrackHTTPHeader
type=boolean
value=true