AFS Macbook Notes.md 3.9 KB
Macbook Notes
Just some notes from when fred got a new macbook.
Prelims
Make sure you have a rescue account on your old macbook. JAMF messed with my passwords.
General steps
Install chrome Install bitwarden Install iterm2 (will trigger install of xcode-development-tools) Install alfred Login to chrome Install updates Copy ssh ids, or generate new ones
First Hurdle, installing brew
(sorry, these are from memory so may be approximate)
- Attempt to follow normal instructions to install brew via curl (not sure if this is necessary)
- Reboot, and press command-R during boot to enter recovery mode.
- Start 'disk utility' and mount the disk.
- Run
chroot /Volumes/Mac\ HD /bin/bash(name is approximate, I forget the volume name) - Run
chown -R user_n_name /usr/local - Reboot
- Follow normal instrutions to install brew via curl
Misc Packages
brew install vim macvim
# will fail
brew unlink macvim
brew install vim
brew install thefuck
brew install cowsay fortune eolcat
brew install slack
git clone git@github.xdr.accenturefederalcyber.com:mdr-engineering/infrastructure-notes.git
git clone git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-live.git
git clone git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git
git clone git@github.xdr.accenturefederalcyber.com:mdr-engineering/msoc-infrastructure.git
source .bashrc # pick up changes to path
brew install warrensbox/tap/tfswitch
tfswitch
# Select 0.13.5
tfswitch
# Select 0.11.14
brew install warrensbox/tap/tgswitch
tgswitch
# Install latest (0.28.24 at time of this writing)
brew install awscli
Install saml2aws
https://github.xdr.accenturefederalcyber.com/duane-waddle/saml2aws/releases
- Uninstall the old version via
brew uninstall saml2aws - Extract the tarball from the link above, and place the binary somewhere in your path
- Run
xattr -d com.apple.quarantine saml2awson the binary or you'll get a warning that you can't run it.
If PR https://github.com/Versent/saml2aws/pull/793 gets merged, we can revert to using brew.
Configure saml2aws
vim ~/infrastructure-notes/AWS\ Notes.md
# Search for 'saml2aws'
# Create the ~/.saml2aws file as specified
saml2aws login --idp-account=govcloud
# Login via username/password, Approve via okta
saml2aws login --idp-account=commercial
# Login via username/password, Approve via okta
ln -s ~/infrastructure-notes/files/config ~/.aws/config
# Test
aws --profile mdr-test-c2-gov s3 ls
Validate terraform/terragrunt
cd ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/006-account-standards
tfswitch
terragrunt init
# these two should make no changes
terragrunt apply
terragrunt-local apply
ScaleFT
Install scaleft per instrutions in ScaleFT Notes
Viscosity
Download and install viscosity, add and test both vpns.
Alfred
If you want alfred, install it from the website and not the app store.
Run OneDrive
Get your AFS stuff back
Update your git info
git config --global user.name "Fred Damstra [afs macbook]"
git config --global user.email "frederick.t.damstra@accenturefederal.com"
Add the ssl certificate
Run 'Keychain Access' Import files/mdr\ root\ ca.crt Set certificate as trusted
Browser plugin
aws-extend-switch-roles ( See AWS Notes.md )
local admin for your user with beyondtrust installed
become root
dscl . -append /Groups/admin GroupMembership duane.e.waddle
undo
dscl . -delete /Groups/admin GroupMembership duane.e.waddle
Install zsh theme for improved cmd prompt in iTerm2
Install powerlevel10k to configure .zsh. This will add git branch to your cmd prompt.
https://github.com/romkatv/powerlevel10k
Use Caffeinate to keep screen from locking ( shhhh )
tmux
caffeinate -d
Ctrl + b
d
One liner: tmux new-session -d -s caffeinate 'caffeinate -d'
~/.zshrc
alias cafe='tmux new-session -d -s caffeinate "caffeinate -d"'
alias nap='tmux kill-session -t caffeinate'