Strap

A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.

Motivation

Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub: https://mikemcquaid.com/2016/06/15/replacing-boxen/

Features

• Enables sudo using TouchID
• Enables the macOS screensaver password immediately (for better security)
• Enables the macOS application firewall (for better security)
• Adds a Found this computer? message to the login screen (for machine recovery)
• Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
• Installs the Xcode Command Line Tools (for compilers and Unix tools)
• Agree to the Xcode license (for using compilers without prompts)
• Installs Homebrew (for installing command-line software)
• Installs the latest macOS software updates (for better security)
• Installs dotfiles from a user's https://github.com/username/dotfiles repository. If they exist and are executable: runs script/setup to configure the dotfiles and script/strap-after-setup after setting up everything else.
• Installs software from a user's Brewfile in their https://github.com/username/homebrew-brewfile repository or .Brewfile in their home directory.
• A simple web application to set Git's name, email and GitHub token (needs authorised on any organisations you wish to access)
• Idempotent

Out of Scope Features

• Enabling any network services by default (instead enable them when needed)
• Installing Homebrew formulae by default for everyone in an organisation (install them with Brewfiles in project repositories instead of mandating formulae for the whole organisation)
• Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
• Disabling security features (these are a minimal set of best practises)
• Add phone number to security screen message (want to avoid prompting users for information on installation)

Usage

Open https://strap.mikemcquaid.com/ in your web browser.

Instead, to run Strap locally run:

git clone https://github.com/MikeMcQuaid/strap
cd strap
bash bin/strap.sh # or bash bin/strap.sh --debug for more debugging output

Instead, to run the web application locally run:

git clone https://github.com/MikeMcQuaid/strap
cd strap
./script/bootstrap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server

Strap is also available as a Docker image on Docker Hub (mikemcquaid/strap) and GitHub Packages (ghcr.io/mikemcquaid/strap).

Web Application Configuration Environment Variables

• GITHUB_KEY (required in production): the GitHub.com Application Client ID.
• GITHUB_SECRET (required in production): the GitHub.com Application Client Secret.
• SESSION_SECRET (required in production): the secret used for cookie session storage.
• WEB_CONCURRENCY (optional): the number of Puma (web server) threads to run (defaults to 3).
• STRAP_ISSUES_URL (optional): the URL where users should file issues (defaults to no URL).
• STRAP_BEFORE_INSTALL (optional): instructions displayed in the web application for users to follow before installing Strap (wrapped in <li> tags).
• CUSTOM_HOMEBREW_TAP (optional): an optional Homebrew tap to install with brew tap. Specify multiple arguments to brew tap by separating values with spaces.
• CUSTOM_BREW_COMMAND (optional): a single brew command that is run after all other stages have completed.

Status

Stable and in active development.

Contact

Mike McQuaid

License

Licensed under the MIT License. The full license text is available in LICENSE.txt.

Fork me on GitHub Retina Ribbons are vendored in app/assets/images and also licensed under the MIT License