Mac Development Ansible Playbook

This playbook installs and configures most of the software I use on my Mac for systems administration. Some things in macOS are slightly difficult to automate, so I still have a few manual installation steps, but at least it's all documented here.

Installation

1. Ensure Apple's command line tools are installed xcode-select -install

2. Clone or download this repository to your local drive.

3. Install Ansible:

   1. Run the following command to add system Python3 to your $PATH: export PATH="$HOME/Library/Python/3.9/bin:/opt/homebrew/bin:$PATH"
   2. Upgrade pip: sudo pip3 install --upgrade pip
   3. Install Ansible: pip3 install --user ansible

4. Run ansible-galaxy install -r requirements.yml inside this directory to install required Ansible roles.

5. Run ansible-playbook main.yml --ask-become-pass to configure the system, entering you MacOS account password when prompted for the 'BECOME' password.

Note

If some Homebrew commands fail, you might need to agree to Xcode's license or fix some other Brew issue. Run brew doctor to see if this is the case.

Tip

You can also install ansible other ways documented here

I also have a requirements.txt file that can be used that includes ansible-lint and some other nice adds. pip3 install --user -r requirements.txt can be used to install it.

Warning

MacOS as of Sonoma ships with Python 3.9.6, Ansible 9.x and higher has a minimum requirement of Python 3.10 or higher. I plan to test in a VM with the Python.org offical 3.11 package but if you stick to included Python you are limited to Ansible 8.x

Use with a remote Mac

You can use this playbook to manage other Macs as well; the playbook doesn't even need to be run from a Mac at all! If you want to manage a remote Mac, either another Mac on your network, or a hosted Mac like the ones from MacStadium, you just need to make sure you can connect to it with SSH:

1. (On the Mac you want to connect to:) Go to System Preferences > Sharing.
2. Enable 'Remote Login'.

Tip

You can also enable remote login on the command line:

sudo systemsetup -setremotelogin on

Then edit the hosts.ini file in this repository and add to the '[all]' group:

[all]
glenns-laptop ansible_host=localhost ansible_connection=local
remote-machine ansible_host=[ip address of machine] 

[all:vars]
ansible_user=[mac user name]
ansible_python_interpreter=/usr/bin/python3

If you need to supply an SSH password (if you don't use SSH keys), make sure to pass the --ask-pass parameter to the ansible-playbook command.

Running a specific set of tagged tasks

You can filter which part of the provisioning process to run by specifying a set of tags using ansible-playbook's --tags flag. The tags available are dotfiles, homebrew, mas, extra-packages and osx.

ansible-playbook main.yml -K --tags "dotfiles,homebrew"

ou can override any of the defaults configured in default.config.yml by creating a config.yml file and setting the overrides in that file. For example, you can customize the installed packages and apps with something like:

homebrew_installed_packages:
  - cowsay
  - git
  - go

mas_installed_apps:
  - { id: 443987910, name: "1Password" }
  - { id: 498486288, name: "Quick Resizer" }
  - { id: 557168941, name: "Tweetbot" }
  - { id: 497799835, name: "Xcode" }

pipx_packages:
  - name: mkdocs

configure_dock: true
dockitems_remove:
  - Launchpad
  - TV
dockitems_persist:
  - name: "Sublime Text"
    path: "/Applications/Sublime Text.app/"
    pos: 5

Any variable can be overridden in config.yml; see the supporting roles' documentation for a complete list of available variables.

Included Applications / Configuration (Default)

Applications (installed with Homebrew Cask):

• 1Password
• balenaEtcher
• coconutBattery
• Discord
• Docker
• Google Chrome
• Handbrake
• iTerm2
• Jellyfin Media Player
• Logi Options Plus
• MediaHuman Audio Converter
• MediaInfo
• Meld
• MusicBrainz Picard
• NetSpot
• Obsidian
• Parsec
• Plex
• Raspberry Pi Imager
• Spotify
• TimeMachineEditor
• UTM
• Visual Studio Code
• VLC
• Vmware Horizon Client
• XQuartz
• Zoom

Packages (installed with Homebrew)

• bash
• bash-completion@2
• btop
• brew-cask-completion
• coreutils
• ffmpeg
• flac
• gawk
• gnu-tar
• go
• htop
• iperf3
• jq
• just
• lame
• lesspipe
• lz4
• lzo
• nano
• nanorc
• ncurses
• neofetch
• nmap
• perl
• pv
• qemu
• ruby
• screenresolution
• smartmontools
• snappy
• socat
• sshpass
• svt-av1
• tmux
• webp
• wget
• when
• x264
• x265
• xvid
• xz

My dotfiles are also installed into the current user's home directory, including the .macos_defaults dotfile for configuring things that cannot be automated with community.general.osx_defaults. You can disable dotfiles management by setting configure_dotfiles: no in your configuration.

Ansible for DevOps

Check out Ansible for DevOps, which teaches you how to automate almost anything with Ansible. This book was made by Jeff Geerling and has been indepensible in my ability to learn Ansible.

Author

This project was inspired by Jeff Geerling's which was originally inspired by MWGriffin/ansible-playbooks).