Bash-based automation for provisioning a development-focused macOS environment on Apple Silicon (M-series) Macs: Homebrew installs, shell and dotfiles, and system-wide defaults.
- Modular scripts: Run the full stack with
master.shor run individual phases (CLI, dev, media, and so on). - Shared helpers:
utils.shcentralizes paths,log_error, safe copy/download helpers, and a single error log path. - System defaults:
system-config.shapplies appearance, input, Finder, Dock, Spotlight, menu bar (clock/battery), Night Shift, security-related settings, and Apple Silicon–friendlypmsettuning (see below). - CI: GitHub Actions runs the scripts on
macos-latest(withpre-install.shskipped in the workflow for speed).
- macOS (recent versions; scripts assume Darwin)
- Network access for Homebrew and downloads
- Administrator privileges when
sudois required (for example firewall, guest account, system Software Update plist, andpmsetinsystem-config.sh)
-
Clone the repository
git clone https://github.com/garretpatten/macOS-setup-scripts cd macOS-setup-scripts -
Update submodules (for dotfiles)
git submodule update --init --remote --recursive src/dotfiles/
-
Make scripts executable
chmod +x src/scripts/*.sh -
Run the full setup
bash src/scripts/master.sh
Examples:
bash src/scripts/system-config.sh # macOS defaults only (no Homebrew)
bash src/scripts/cli.sh
bash src/scripts/dev.sh
bash src/scripts/media.sh
bash src/scripts/productivity.sh
bash src/scripts/security.sh
zsh src/scripts/shell.sh
bash src/scripts/organizeHome.shmacOS-setup-scripts/
├── .github/workflows/
│ └── test-runner.yaml # CI: runs scripts on macOS runners
├── src/
│ ├── scripts/
│ │ ├── utils.sh # Paths, logging, safe copy/download helpers
│ │ ├── master.sh # Orchestrates all phases in order
│ │ ├── pre-install.sh # Homebrew, Xcode CLT, updates (skipped in CI)
│ │ ├── system-config.sh # defaults write, firewall, pmset; restarts Dock/Finder/ControlCenter/SystemUIServer/mds
│ │ ├── organizeHome.sh # Home directory layout
│ │ ├── cli.sh # CLI Homebrew formulas
│ │ ├── media.sh # Media casks
│ │ ├── productivity.sh # Productivity casks
│ │ ├── dev.sh # Development tooling
│ │ ├── security.sh # Security tooling
│ │ ├── shell.sh # Shell / terminal setup (zsh)
│ │ └── post-install.sh # Final steps
│ ├── dotfiles/
│ └── assets/
├── setup_errors.log # Created at repo root when scripts run (gitignored)
└── LICENSE
pre-install.sh— Homebrew, Xcode Command Line Tools, system updatessystem-config.sh— macOS preferences and security-related system settingsorganizeHome.sh— home directory organizationcli.sh,media.sh,productivity.sh— Homebrew formulas and casksdev.sh— development stacksecurity.sh— security tools and related setupshell.sh— zsh and related configurationpost-install.sh— cleanup and completion
This script writes user and system preferences and ends by restarting Dock, Finder, ControlCenter, SystemUIServer, and mds so changes take effect. Highlights:
- Appearance & UI: Dark mode, small sidebar icons, reduced window animation for snappier feedback
- Input: Classic scrolling, fast key repeat, full keyboard access (Tab through all controls), three-finger drag
- Security (single
sudosession): Application Firewall on, stealth mode, guest account off, automatic macOS updates via/Library/Preferences/com.apple.SoftwareUpdate, pluspmsetoptions suited to Apple Silicon (lid wake, TCP keepalive, Power Nap) - Hardening & updates:
.DS_Storesuppression on network/USB volumes, security-related Software Update toggles, Launch Services quarantine prompt off, Crash Reporter dialog off, disk “not ejected properly” notification off, screen-lock password settings - Finder & screenshots: Show extensions and hidden files, path bar, column view, search scoped to the current folder, POSIX path in the title bar, spring-loading for folders, screenshots under
~/Pictures/Screenshots(directory created before setting the path) - Dock & Spotlight: Autohide, minimize into app icon, no recent apps, faster Dock animations; Spotlight category ordering
- Menu bar: Custom clock format; battery percentage hidden (
com.apple.menuextra.batteryandcom.apple.controlcenterfor newer Control Center behavior) - Night Shift: Enabled with sunset–sunrise-style schedule (strength and schedule keys as in the script)
Adjust system-config.sh if you prefer stricter security (for example keeping quarantine prompts) or different power-management values.
log_error— stderr plus append tosetup_errors.logensure_directory—mkdir -pwith errors loggedcopy_file_safe/copy_directory_safe— copy only when source exists and destination is missingdownload_file_safe—curlwith timeouts and validation
Scripts append command errors with 2>>"$ERROR_LOG_FILE" || true where appropriate so a single failure does not stop the whole run.
- Error log:
setup_errors.logat the repository root (seeERROR_LOG_FILEinutils.sh). The file is gitignored (*.log).
On push/PR to master, Test Runner (.github/workflows/test-runner.yaml) runs the scripts on a GitHub-hosted macOS runner. pre-install.sh is skipped there to avoid long Xcode/OS update steps; the workflow checks setup_errors.log for real failures.
Illustrative list; see each *.sh for exact commands and edge cases.
- Homebrew (install if missing),
brew update,brew upgrade,brew cleanup, analytics off - Xcode Command Line Tools and system software updates (
softwareupdate)
- Firewall, stealth mode, guest account, Software Update and
pmsetbehavior (no Homebrew packages)
Creates ~/Books, ~/Games, ~/Hacking, ~/Projects; removes empty ~/Templates if present (no Homebrew packages)
bat, curl, eza, fastfetch, fd, git, htop, jq, ripgrep, vim, wget
Brave Browser, DuckDuckGo, Spotify, VLC
- Homebrew casks: Balena Etcher, Notion, Proton Drive, Proton Mail, Standard Notes, Zoom
- Homebrew formula: Raycast
- Homebrew formulas: Node, Python 3.12, Colima, Docker, Docker Compose, GitHub CLI (
gh), Neovim, Podman, Semgrep, ShellCheck, Tree-sitter, Angular CLI - Homebrew casks: Postman, Visual Studio Code
- Other Homebrew: Sourcegraph app (from
sourcegraph/apptap), Sourcegraph CLI (src-cli) - Also: NVM (official install script),
packer.nvimfor Neovim, optional Neovim / Vim / VS Code config fromsrc/dotfiles/, global Git user settings and credential helper,colima start
- Homebrew casks: 1Password, 1Password CLI, Proton VPN, Signal, Burp Suite, OWASP ZAP
- Homebrew formulas: OpenVPN, ExifTool, Nmap
- Also: Proton Pass CLI (install script), clones PayloadsAllTheThings and SecLists into
~/Hacking/, enables Application Firewall
- Homebrew formulas: Oh My Posh (
jandedobbeleer/oh-my-posh/oh-my-posh), Ghostty, Zsh, tmux, zsh-autosuggestions, zsh-syntax-highlighting - Homebrew casks: Font Awesome Terminal Fonts, Fira Code, Meslo LG Nerd Font, Powerline Symbols
- Also: optional Ghostty, tmux, and
.zshrcfromsrc/dotfiles/; default login shell set to Zsh
brew update, upgrade, and cleanup; prints src/assets/wolf.txt when present
Dotfiles and assets under src/dotfiles/ and src/assets/ as copied or referenced by the scripts.
- Permissions: Some steps need
sudo; you may be prompted once persudoinvocation (grouped insystem-config.shwhere possible). - Homebrew:
pre-install.shexpects to install or use Homebrew if missing. - Logs: Inspect
setup_errors.logat the repo root after a run.
tail -n 50 setup_errors.log- New Homebrew items: Add formulas or casks to the appropriate script arrays or
brew installlines. - Dotfiles: Edit files under
src/dotfiles/and re-run the relevant script ormaster.sh.
For questions, bug reports, or feature requests, open an issue on this repository.
This project is licensed under the MIT License.