therealpxc/themis-macOS-bootstrap.zsh

## themis-macOS-bootstrap.zsh
#!/bin/zsh

# in case you need to review these flags, see: https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425
set -euxo pipefail

# in some places (for instance, installing pkgsrc), we just assume x86_64
test "$(/usr/bin/uname -m)" = "x86_64"

pushd "$(mktemp -d)"

#### Package manager and CLI tools installation
## Install Xcode command-line tools, since they're required by all these other package managers
chomp() {
  printf "%s" "${1/"$'\n'"/}"
}
if ! xcode-select -p &>/dev/null; then
  # adapted from the Homebrew installer on this commit: https://github.com/Homebrew/install/blob/13b2d49281a9b3441f75cc87d48b02ca58aa6a88/install.sh
  # This temporary file prompts the 'softwareupdate' utility to list the Command Line Tools
  clt_placeholder="/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress"
  sudo touch "${clt_placeholder}"

  clt_label_command="/usr/sbin/softwareupdate -l |
                      grep -B 1 -E 'Command Line Tools' |
                      awk -F'*' '/^ *\\*/ {print \$2}' |
                      sed -e 's/^ *Label: //' -e 's/^ *//' |
                      sort -V |
                      tail -n1"
  clt_label="$(chomp "$(/bin/bash -c "${clt_label_command}")")"

  if [[ -n "${clt_label}" ]]
  then
    sudo "/usr/sbin/softwareupdate" "-i" "${clt_label}"
    sudo "/bin/rm" "-f" "${clt_placeholder}"
    sudo "/usr/bin/xcode-select" "--switch" "/Library/Developer/CommandLineTools"
  fi
fi

## install pkgsrc
if ! command which pkgin; then
  BOOTSTRAP_TAR="bootstrap-macos11-trunk-x86_64-20210717.tar.gz"
  BOOTSTRAP_SHA="2f12f8ab596cedde5ec4bb49d0d5890c1eb333ec"

  # Download the bootstrap kit to the current directory.
  curl -O https://pkgsrc.joyent.com/packages/Darwin/bootstrap/${BOOTSTRAP_TAR}

  # Verify the SHA1 checksum.
  echo "${BOOTSTRAP_SHA}  ${BOOTSTRAP_TAR}" | shasum -c-

  # Install bootstrap kit to /opt/pkg
  sudo tar -zxpf ${BOOTSTRAP_TAR} -C /

  # Reload PATH/MANPATH (pkgsrc installs /etc/paths.d/10-pkgsrc for new sessions)
  eval $(/usr/libexec/path_helper)
fi

## install Homebrew (kinda)
# We use this to test that Homebrew is working in order to decide whether to install our own.
# Generate this list with the following command:
#  brew doctor -D 2>/dev/null | cut -d':' -f1 | grep -vE '^(check_safebrew_prefix|check_for_config_scripts|check_user_path_\d+)$' | tr '\n' " "
homebrew_audits="check_for_unreadable_installed_formula check_xcode_prefix_exists check_ruby_version check_xcode_prefix check_xcode_up_to_date check_for_git check_for_unlinked_but_not_keg_only check_for_symlinked_cellar check_multiple_cellars check_for_stray_las check_for_stray_pcs check_for_stray_static_libs check_for_stray_headers check_xcode_select_path check_deprecated_disabled check_for_unsupported_macos check_for_bitdefender check_for_stray_dylibs check_exist_directories check_for_other_frameworks check_xcode_minimum_version check_for_pydistutils_cfg_in_home check_tmpdir_sticky_bit check_for_iconv check_for_multiple_volumes check_if_xcode_needs_clt_installed check_tmpdir check_missing_deps check_deleted_formula check_for_anaconda check_filesystem_case_sensitive check_for_gettext check_clt_minimum_version check_deprecated_official_taps check_git_version check_access_directories check_deprecated_caskroom_taps check_for_tap_ruby_files_locations check_for_external_cmd_name_conflict check_if_supported_sdk_available check_for_non_prefixed_findutils check_for_broken_symlinks check_broken_sdks check_clt_up_to_date check_for_non_prefixed_coreutils check_xcode_license_approved check_for_installed_developer_tools check_git_newline_settings check_brew_git_origin check_casktap_integrity check_coretap_integrity check_tap_git_branch check_git_status"
#----- actually, this test is pretty slow. let's skip it for now

# tucked-away Homebrew prefix for us to use, in case Homebrew is not present or there is
# something wrong with the existing Homebrew installation
safebrew_prefix="${HOME}/.local/opt/homebrew"
#if ! ( command which brew && brew doctor --quiet ${=homebrew_audits} ); then
if ! command which brew; then
  #if ! ( test -x ${safebrew_prefix}/bin/brew && ${safebrew_prefix}/bin/brew doctor --quiet ${=homebrew_audits} ); then
  if ! test -x ${safebrew_prefix}/bin/brew; then
  # manually install Homebrew to a local prefix (to be used only for Casks anyway)
  mkdir -p "${safebrew_prefix}" && curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C "${safebrew_prefix}"

  # Homebrew custom prefix installation suggests we do this.
  # I don't care to, since we are really only using this for Casks.
  # brew update --force --quiet
  test -d ${safebrew_prefix}/share/zsh && chmod -R go-w "${safebrew_prefix}/share/zsh"

  fi
  eval "$(${safebrew_prefix}/bin/brew shellenv)"
fi

## install Nix
if ! command which nix; then
  curl -L https://releases.nixos.org/nix/nix-2.4/install -o install-nix.sh
  # we're counting on `set -e` here
  test "$(openssl sha256 < install-nix.sh)" = "e3c81a906f38608e814eb5514fe007acc746d560c60ab273ae884be23a570ff4"
  # --daemon and --darwin-use-unencrypted-nix-store-volume are now defaults
  sh < install-nix.sh
fi

#### Package manager configuration
## Enable Nix flakes
# TODO: really ensure this is set correctly
grep experimental-features /etc/nix/nix.conf || echo 'experimental-features = nix-command flakes ca-references' | sudo tee -a /etc/nix/nix.conf

#### Software installation

# direnv for project environments
sudo pkgin -y install direnv

# Mac .app/.dmg/.pkg packages
install_casks(){
  HOMEBREW_NO_AUTO_UPDATE=skip HOMEBREW_NO_INSTALL_UPGRADE=skip brew install --cask --no-quarantine $@
}

install_brews(){
  HOMEBREW_NO_AUTO_UPDATE=skip HOMEBREW_NO_INSTALL_UPGRADE=skip brew install $@
}

install_casks \
  macfuse      `# required for sshfs` \
  forticlient  `# client for UWorld (non-Themis) VPN` \
  powershell   `# for Desired State Configuration`

#### Operating system configuration
## SSH daemon configuration
sshd_needs_restart=n

# Enable PSRemoting
sshd_pwsh_conf=/etc/ssh/sshd_config.d/200-pwsh.conf
if ! [ -f ${sshd_pwsh_conf} ]; then
  echo "Subsystem powershell /usr/local/bin/pwsh -sshs -NoLogo" | sudo tee ${sshd_pwsh_conf}

  sshd_needs_restart=yes
fi

if [ sshd_needs_restart = yes ]; then
  # TODO: determine if this does anything more than starting and stopping
  # com.openssh.sshd with launchctl
  sudo systemsetup -setremotelogin off
  sudo systemsetup -setremotelogin on
fi

popd

echo "Success (probably) bootstrapping software management systems for Themis/UWorld DevOps!"
	#!/bin/zsh

	# in case you need to review these flags, see: https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425
	set -euxo pipefail

	# in some places (for instance, installing pkgsrc), we just assume x86_64
	test "$(/usr/bin/uname -m)" = "x86_64"

	pushd "$(mktemp -d)"

	#### Package manager and CLI tools installation
	## Install Xcode command-line tools, since they're required by all these other package managers
	chomp() {
	printf "%s" "${1/"$'\n'"/}"
	}
	if ! xcode-select -p &>/dev/null; then
	# adapted from the Homebrew installer on this commit: https://github.com/Homebrew/install/blob/13b2d49281a9b3441f75cc87d48b02ca58aa6a88/install.sh
	# This temporary file prompts the 'softwareupdate' utility to list the Command Line Tools
	clt_placeholder="/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress"
	sudo touch "${clt_placeholder}"

	clt_label_command="/usr/sbin/softwareupdate -l \|
	grep -B 1 -E 'Command Line Tools' \|
	awk -F'' '/^ \\*/ {print \$2}' \|
	sed -e 's/^ Label: //' -e 's/^ //' \|
	sort -V \|
	tail -n1"
	clt_label="$(chomp "$(/bin/bash -c "${clt_label_command}")")"

	if [[ -n "${clt_label}" ]]
	then
	sudo "/usr/sbin/softwareupdate" "-i" "${clt_label}"
	sudo "/bin/rm" "-f" "${clt_placeholder}"
	sudo "/usr/bin/xcode-select" "--switch" "/Library/Developer/CommandLineTools"
	fi
	fi

	## install pkgsrc
	if ! command which pkgin; then
	BOOTSTRAP_TAR="bootstrap-macos11-trunk-x86_64-20210717.tar.gz"
	BOOTSTRAP_SHA="2f12f8ab596cedde5ec4bb49d0d5890c1eb333ec"

	# Download the bootstrap kit to the current directory.
	curl -O https://pkgsrc.joyent.com/packages/Darwin/bootstrap/${BOOTSTRAP_TAR}

	# Verify the SHA1 checksum.
	echo "${BOOTSTRAP_SHA} ${BOOTSTRAP_TAR}" \| shasum -c-

	# Install bootstrap kit to /opt/pkg
	sudo tar -zxpf ${BOOTSTRAP_TAR} -C /

	# Reload PATH/MANPATH (pkgsrc installs /etc/paths.d/10-pkgsrc for new sessions)
	eval $(/usr/libexec/path_helper)
	fi

	## install Homebrew (kinda)
	# We use this to test that Homebrew is working in order to decide whether to install our own.
	# Generate this list with the following command:
	# brew doctor -D 2>/dev/null \| cut -d':' -f1 \| grep -vE '^(check_safebrew_prefix\|check_for_config_scripts\|check_user_path_\d+)$' \| tr '\n' " "
	homebrew_audits="check_for_unreadable_installed_formula check_xcode_prefix_exists check_ruby_version check_xcode_prefix check_xcode_up_to_date check_for_git check_for_unlinked_but_not_keg_only check_for_symlinked_cellar check_multiple_cellars check_for_stray_las check_for_stray_pcs check_for_stray_static_libs check_for_stray_headers check_xcode_select_path check_deprecated_disabled check_for_unsupported_macos check_for_bitdefender check_for_stray_dylibs check_exist_directories check_for_other_frameworks check_xcode_minimum_version check_for_pydistutils_cfg_in_home check_tmpdir_sticky_bit check_for_iconv check_for_multiple_volumes check_if_xcode_needs_clt_installed check_tmpdir check_missing_deps check_deleted_formula check_for_anaconda check_filesystem_case_sensitive check_for_gettext check_clt_minimum_version check_deprecated_official_taps check_git_version check_access_directories check_deprecated_caskroom_taps check_for_tap_ruby_files_locations check_for_external_cmd_name_conflict check_if_supported_sdk_available check_for_non_prefixed_findutils check_for_broken_symlinks check_broken_sdks check_clt_up_to_date check_for_non_prefixed_coreutils check_xcode_license_approved check_for_installed_developer_tools check_git_newline_settings check_brew_git_origin check_casktap_integrity check_coretap_integrity check_tap_git_branch check_git_status"
	#----- actually, this test is pretty slow. let's skip it for now

	# tucked-away Homebrew prefix for us to use, in case Homebrew is not present or there is
	# something wrong with the existing Homebrew installation
	safebrew_prefix="${HOME}/.local/opt/homebrew"
	#if ! ( command which brew && brew doctor --quiet ${=homebrew_audits} ); then
	if ! command which brew; then
	#if ! ( test -x ${safebrew_prefix}/bin/brew && ${safebrew_prefix}/bin/brew doctor --quiet ${=homebrew_audits} ); then
	if ! test -x ${safebrew_prefix}/bin/brew; then
	# manually install Homebrew to a local prefix (to be used only for Casks anyway)
	mkdir -p "${safebrew_prefix}" && curl -L https://github.com/Homebrew/brew/tarball/master \| tar xz --strip 1 -C "${safebrew_prefix}"

	# Homebrew custom prefix installation suggests we do this.
	# I don't care to, since we are really only using this for Casks.
	# brew update --force --quiet
	test -d ${safebrew_prefix}/share/zsh && chmod -R go-w "${safebrew_prefix}/share/zsh"

	fi
	eval "$(${safebrew_prefix}/bin/brew shellenv)"
	fi

	## install Nix
	if ! command which nix; then
	curl -L https://releases.nixos.org/nix/nix-2.4/install -o install-nix.sh
	# we're counting on `set -e` here
	test "$(openssl sha256 < install-nix.sh)" = "e3c81a906f38608e814eb5514fe007acc746d560c60ab273ae884be23a570ff4"
	# --daemon and --darwin-use-unencrypted-nix-store-volume are now defaults
	sh < install-nix.sh
	fi

	#### Package manager configuration
	## Enable Nix flakes
	# TODO: really ensure this is set correctly
	grep experimental-features /etc/nix/nix.conf \|\| echo 'experimental-features = nix-command flakes ca-references' \| sudo tee -a /etc/nix/nix.conf

	#### Software installation

	# direnv for project environments
	sudo pkgin -y install direnv

	# Mac .app/.dmg/.pkg packages
	install_casks(){
	HOMEBREW_NO_AUTO_UPDATE=skip HOMEBREW_NO_INSTALL_UPGRADE=skip brew install --cask --no-quarantine $@
	}

	install_brews(){
	HOMEBREW_NO_AUTO_UPDATE=skip HOMEBREW_NO_INSTALL_UPGRADE=skip brew install $@
	}

	install_casks \
	macfuse `# required for sshfs` \
	forticlient `# client for UWorld (non-Themis) VPN` \
	powershell `# for Desired State Configuration`

	#### Operating system configuration
	## SSH daemon configuration
	sshd_needs_restart=n

	# Enable PSRemoting
	sshd_pwsh_conf=/etc/ssh/sshd_config.d/200-pwsh.conf
	if ! [ -f ${sshd_pwsh_conf} ]; then
	echo "Subsystem powershell /usr/local/bin/pwsh -sshs -NoLogo" \| sudo tee ${sshd_pwsh_conf}

	sshd_needs_restart=yes
	fi

	if [ sshd_needs_restart = yes ]; then
	# TODO: determine if this does anything more than starting and stopping
	# com.openssh.sshd with launchctl
	sudo systemsetup -setremotelogin off
	sudo systemsetup -setremotelogin on
	fi

	popd

	echo "Success (probably) bootstrapping software management systems for Themis/UWorld DevOps!"