HVboom

Setup new Mac Mini

  • Mario Lotz

Setup Administrator

When opening the new Mac Mini the first time you are prompted to setup a new administrator account. Because this user will only be used to administrate your Mac, but not for the daily work restrict the user as much as possible. Therefore do not enable all the suggested defaults - that will be done later for normal users (if really wanted )

  • do not provide an Apple Id
    • do not activate iCloud
  • do not allow location services
  • disable Siri

System Preferences

Security

  • Activate the Firewall
    • Require an admin password to manage system wide setting (enhanced options)
  • Activate the FileVault
    • I personally do not store the password in the iCloud
  • In the Privacy settings reduce the Location tracking to the minimun
    • for the System Services I only allow the Timezone and WLAN services
    • nothing else should access your location
  • Set root password by using the Directory Utility app, which is located in /System/Library/CoreServices/Applications (use finder Go To Directory menu)
    • Unlock the application to allow changes
    • The edit menu contains the entries to set the root password, maybe you have to activate the root user first. Do not forget to inactive the root user again, after you have assigned a password.

Time Machine

  • Enable it now and create a first backup to have always a safety buoy

App Store

  • Enable only the search for new updates, but do not install anything automatically
  • Update your system frequently (use a dedicated Apple Id)

General

  • no handoff between Mac and iCloud

Settings for standard applications

Safari

  • General tab
    • Disable option Open “safe” files after downloading - in the internet there is nothing safe
  • Privacy * Disable option to track advertising

Finder

  • Advanced tab
    • Enable option Show all filename extensions
  • Show hidden files 
       $ defaults write com.apple.Finder AppleShowAllFiles true
   $ killall Finder
    • Hint: enter Cmd + Shift + . to toggle hidden files, if you do not like to enable them always

Terminal

  • Enable option Secure Input
  • I’m old school and prefer the Bash, therefore I always open /bin/bash in the general settings

Useful Apps

MacVim

Atom

  • when you open Atom the first time you will be asked to install the Command Line Tools

XCode

I decided to go with the Command Line Tools only (already installed with Atom)

  • properly setup the Unix Shell (see below)
  • open a terminal and install the additional command line tools by executing xcode-select --install

macFuse

This is a great app to access decentral virutal machines, where you have SSH access to. With a little tricky setup you have your remote machine integrated into the Finder.

  • First you have to allow to change Kernel functions for know registered developers available only in recovery mode
    • To enter the recovery mode on the Mac Mini with the M1 ship you have to shutdown the Mac and keep pressing the power button until you see a screen with a boot volume and an Option icon
    • Behind that icon you find in the menu the possibiltiy to enter the Startup Security Utility
    • Select the option to allow kernel updates
    • Restart the Mac Mini (take a couple of minutes)
  • The next step is to install macFuse (4.1.0 released 13.03.2021)
    • You have to enable the software afterwards in the security setting of the system preferences
  • As the last installation step you install the SSHFS package (2.5.0 released 03.02.2014)
  • Create a local directory for your development user - like ~/Remote/RubyOnRails

  • Create a short script to mount the remote file system:

       #!/usr/bin/env bash
	 
   sshfs -o reconnect,auto_cache,auto_xattr,noappledouble,noapplexattr,volname=RubyOnRails mario@hvboom.org:RubyOnRails /Users/hvboom/Remote/RubyOnRails

  • Create a short script to unmount the remote file system - that is normally not necessary because you can just use eject key in the Finder:

       #!/usr/bin/env bash
	 
   umount mario@hvboom.org:RubyOnRails

Audacity

Canon / Image Garden

Everything you need for a Canon Pixma MG7550

CocoaRestClient

Devolo

Get an overview of the power line network

Firefox

Chrome

Kid3

ManOpen

Bwana

Man pages in a browser window

Microsoft To Do

A simple ToDo list

Pixum

Tinker Tool

Easy access to some hidden system app features

Skype

Alternative to FaceTime

Setup Standard Users

Disable Account Policy

That is necessary to allow any length of a user password

  • save the current policy sudo pwpolicy -getaccountpolicies > Documents/DefaultAccountPolicies.plist
  • reset all password restrictions sudo pwpolicy -clearaccountpolicies

Reset to Defaults

  • use the save file sudo pwpolicy -setaccountpolicies Documents/DefaultAccountPolicies.plist

Create Accounts

  • create a Group account for the family
  • create an User account for each family member
    • assign these to the family Group
  • create additional users e.g. for Work or Development etc.

Unix Shell (Bash tweakings)

System adjustments

  • Adjust the file /etc/paths to include $HOME/bin and /usr/local/share/bin

      $HOME/bin
  /usr/local/share/bin
  /usr/local/bin
  /usr/bin
  /bin
  /usr/sbin
  /sbin

  • Adjust the file /etc/profile to source /usr/local/share/bash/profile

      # System-wide .profile for sh(1)
		
  if [ -x /usr/libexec/path_helper ]; then
    eval `/usr/libexec/path_helper -s`
  fi
		
  if [ "${BASH-no}" != "no" ]; then
    [ -r /etc/bashrc ] && . /etc/bashrc
    [ -r /usr/local/share/bash/profile ] && . /usr/local/share/bash/profile
  fi

  • Create a new directory /usr/local/share with following subdirectories and files

    • bash

      the dot files will be copied to the $HOME directory, if they do not already exist - see profile

      • .alias

          alias ls='ls -AF'
  alias ll='ls -la'
  alias lll='ll | more'
  alias ltr='ll -tr'
            
  alias more='less'
  alias cls='clear'
  alias mkdir='mkdir -p'
  alias myps='ps -Ax | grep `whoami` | sort -b -k 6,6'
  alias count='ls -1 | wc -l'
  alias r='fc -s'
            
  # use MacVim
  alias vi='mvim'       # or 'vim'
  alias view='mvim -R'  # or 'vim -R'
            
  # find shortcuts
  alias fn='find . -name '
  alias fh='find . -name "*.h*" 2>/dev/null | xargs grep '
  alias fcpp='find . -name "*.cpp" 2>/dev/null | xargs grep '
  alias fm='find . -name "[mM]akefile*" 2>/dev/null | xargs grep '
  alias fpy='find . -name "*.py" 2>/dev/null | xargs grep '
  alias frb='find . -name "*.rb" 2>/dev/null | xargs grep '
  alias gf='find . -type f 2>/dev/null | xargs grep '

      • .profile

          if [ `echo "$PATH" | grep -c "$HOME/bin"` == 0 ] 
  then
    export PATH="$PATH:$HOME/bin" # Add private commands to PATH
  fi
            

  if [ `echo "$PATH" | grep -c "/usr/local/share/bin"` == 0 ] 
  then
    export PATH="$PATH:/usr/local/share/bin" # Add shared commands to PATH
  fi
            
  if [ `echo "$PATH" | grep -c "/usr/local/bin"` == 0 ] 
  then
    export PATH="$PATH:/usr/local/bin" # Add standard commands to PATH
  fi
            
  if [ `echo "$PATH" | grep -c "$HOME/.rvm/bin"` == 0 ] 
  then
    export PATH="$PATH:$HOME/.rvm/bin" # Add RVM to PATH for scripting
  fi
            
  if [ -z $FIRST_RUN ]
  then
    [[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*
    [[ -r "$rvm_path/scripts/completion" ]] && source "$rvm_path/scripts/completion" # Enable completion of rvm commands
  fi

      • .rvmrc

          # If you like to bring your Ruby projects up-to-date jut uncomment following lines
            
  # # Install the requested Ruby version automatically
  # rvm_install_on_use_flag=1
  # # Fallback to the default ruby version
  # rvm_project_rvmrc_default=1
  # # Automatically use bundler, if a Gemfile is found
  # rvm_autoinstall_bundler_flag=1

      • .vimrc

          set autoindent
  set expandtab
  set tabstop=2
  set softtabstop=2
  set shiftwidth=2
  set backspace=indent
            
  set showmode
  set showmatch
  set hlsearch    " highlight search
  set incsearch   " Incremental search, search as you type
  set ignorecase  " Ignore case when searching
  set smartcase   " Ignore case when searching lowercase
  set number
  " set mouse=a
  set showcmd
  set guioptions+=T
  set gtl=%t
  set gtt=%F
            
  filetype plugin indent on
  syntax on
            
  set title
            
  map ,wx  :'a,.w! $HOME/tmp/XXX<CR>
  map ,wy  :'a,.w! $HOME/tmp/YYY<CR>
  map ,wz  :'a,.w! $HOME/tmp/ZZZ<CR>
  map ,rx  :r $HOME/tmp/XXX<CR>
  map ,ry  :r $HOME/tmp/YYY<CR>
  map ,rz  :r $HOME/tmp/ZZZ<CR>
            
  map ,dos :%s/\r//<CR>
  map ,d   :set fileformat=dos<CR>:w<CR>
  map ,u   :set fileformat=unix<CR>:w<CR>
            
  " trim on save
  function! TrimWhiteSpace()
      %s/\s\+$//e
  endfunction
  autocmd BufWritePre *.rb :call TrimWhiteSpace()

      • profile

          # setup directories
  globalSettings="/usr/local/share/bash"
  userSettings="$HOME"
            
  # no access for others :-)
  umask 007
            
  # create user specific directories: bin and tmp
  if [ -z $FIRST_RUN ]
  then
    mkdir -p "$HOME/bin"
    mkdir -p "$HOME/tmp"
  fi

  # settings only for interactive shells
  case "$-" in
    *i*) 
      set -o vi
      set editor=vi
      set pager=less
      ;;
  esac

  # set term=rxvt
  [ -z "$SSH_CLIENT" ] && stty istrip
            
  # define prompt
  export PS1=`whoami`'@'`hostname`':${PWD##$HOME}> '
            
  # share command history
  SHELL_SESSION_HISTORY=0
            
  # copy default .profile
  if [ ! -r "$HOME/.profile" ]
  then
    cp "$globalSettings/.profile" "$HOME"
  fi
            
  # copy default RVM options
  if [ ! -r "$HOME/.rvmrc" ]
  then
    cp "$globalSettings/.rvmrc" "$HOME"
  fi
            
  # copy default VIM options
  if [ ! -r "$HOME/.vimrc" ]
  then
    cp "$globalSettings/.vimrc" "$HOME"
  fi
            
  # global alias first
  if [ -r "$globalSettings/.alias" ]
  then
    . "$globalSettings/.alias"
  fi
  # user alias
  if [ -r "$userSettings/.alias" ]
  then
    . "$userSettings/.alias"
  fi
            
  # user settings
  if [ -r "$userSettings/.profile" ]
  then
    . "$userSettings/.profile"
  fi
  if [ -r "$userSettings/.bashrc" ]
  then
    . "$userSettings/.bashrc"
  fi
            
  # some parts are to be executed only ones
  export FIRST_RUN="FALSE"

    • bin

      • check_permissions - check if a specific user can access a given file - see Utilities

      • mvim - symbolic link to start always MacVim

          cd /usr/local/share/bin
  sudo ln -s /Applications/MacVim.app/Contents/bin/mvim .
  sudo chmod -h 755 mvim

Migration

Music

I still have an iTunes folder containing all my music store under the Family user account. To migrate these into the new Music app just a few steps are needed

  1. Open the Music app and change the location of the media folder to ~<family user>/Music/iTunes/iTunes Media
  2. Use the Network to open a connection to your old system
  3. Copy the whole content of the Music folder of the old system into the new one
  4. Hold down the Option key and click on the Music app - that opens a dialog to select the Media file
    • Just select the file ~<family user>/Music/iTunes/iTunes Library.itl
  5. Closing the app and open it normally should get you to all your music and play list etc.

Photos

To migrate these into the new Photos app just a few steps are needed:

  1. Use the Network to open a connection to your old system
  2. Copy the whole content of the Pictures folder of the old system into the new one
  3. Hold down the Option key and click on the Photos app - that opens a dialog to select the Media file
    • Just select the file ~<family user>/Pictures/Photos Library.photoslibrary
  4. Closing the app and open it normally should get you to all your photos