Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation


Friendship ended with Ansible - now Nix is my best friend.

The roles and configuration files for my laptop in here are no longer used. That functionality is mostly ported over to

The server roles in here are still used.


ansible-playbook -i inventory/lakitu --vault-password-file <vault-password-file> lakitu.yml

Replace inventory and playbook as appropriate.

Append -K when running tasks that require root.

Upgrading laptops

  1. brew_upgrade
  2. Run ansible as normal.

Upgrading morty

  1. As root: pacman -Syu --noconfirm && pacman -Sc --noconfirm
  2. Run ansible against morty over ssh.

First run

Secrets are encrypted with ansible-vault, and are kept in a private repository. Clone the secrets repository into the checkout of this repository.


  1. Install Homebrew
    1. This should install xcode command line tools automatically. If not, run xcode-select --install.
  2. brew install ansible
  3. Run ansible as normal.

Manual setup

Ironically for an automation repo, I currently configure a few things on my mac(s) via the GUI. I figure that if these settings move / change their options / and removed, it'll be easier to learn that through the GUI.

A lot of this is automatable ( /, and I might crib from that in the future.

Unless otherwise spelt out, start in "System Preferences":

  1. Install any hardware-specific drivers
  2. Install mac app store apps
    1. On personal laptop: bitwarden, authy (ipad version)
  3. General
    1. About: change computer name
    2. Sharing: change hostname
  4. Appearance: auto
  5. Desktop & Dock
    1. automatically hide the dock
    2. Click wallpaper to reveal desktop - "only in stage manager"
  6. Users and Groups
    1. Login items: add flycut.
  7. Privacy & Security
    1. General: require password immediately after sleep begins.
    2. Filevault: yes
    3. Accessibility: allow flycut to control the computer.
  8. Sound
    1. Disable startup sound
  9. Control centre
    1. Sound -> Always show in menu bar
  10. Keyboard
    1. Key repeat fastest, delay until repeat shortest.
    2. Turn off keyboard backlight after 5s
    3. Keyboard shortcuts -> Modifier keys -> Remap caps lock to escape.
    4. Extra maps for PC keyboard. Set to ISO, swap option and command
    5. Use standard function keys on external keyboards (keyboard shortcuts -> function keys)
    6. Shortcuts -> Input sources -> disable ^-space for "previous input source" - it's my tmux prefix.
    7. Input sources -> Edit -> Disable smart quotes
      1. Also disable insert full stop after double space.
  11. Trackpad
    1. Allow tap to click
    2. Scroll and zoom: untick natural scroll
  12. Displays
    1. On the pro 16", default scaling seems sensible: looks like 1792x1120, on the 3072x1920 screen.
    2. Enable night shift
  13. Battery
    1. Power adapter: prevent computer from sleeping automatically
  14. Spotlight
    1. Privacy: exclude ~/workspace to avoid mds_stores doing work every time I compile things.
  15. TouchID for sudo (personal laptop only)
    1. Add auth sufficient to 2nd line of /etc/pam.d/sudo
    2. Set up
    3. This appears to be reset by certain OS updates, so I don't actually tend to have this enabled.