knaggit's dotfiles

Intro

This repository is managed with Nix and Nix-darwin. It's based on repositories from niklasravnsborg and drdruh.

Precautions

• Admin account is not used for day-to-day work, as recommend by Apple¹² itself.

Initial Setup

• Create and login to admin account
• Create standard account, logout from admin account, login in standard account
• Install Nix
• Install Homebrew
• Clone this repo to ~/Git/dotfiles
• Run nix --extra-experimental-features "nix-command flakes" run nix-darwin -- switch --flake ~/Git/dotfiles
• Run softwareupdate -ia for softare updates
• Do a system cleanup softwareupdate -ia

Hardening²

macOS

Regarding to Apple's Best Practices hide admin & home dir sudo dscl . create /Users/hiddenuser IsHidden 1 sudo chflags hidden /Users/hiddenuser

sudo dscl

delete Local/Defaults/SharePoints/Hidden\ User’s\ Public\ Folder/

exit

GPG

gpg --import /Users/knaggit/Git/dotfiles/gpg/0x7426E2F78A84EB06_knaggit.asc

export KEYID=0x7426E2F78A84EB06

launchctl load $HOME/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist

nano $HOME/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist

launchctl load $HOME/Library/LaunchAgents/gnupg.gpg-agent.plist

nano $HOME/Library/LaunchAgents/gnupg.gpg-agent.plist

gpg-connect-agent /bye

git config --global user.signingkey $KEYID

SSH

Daily Usage

Connect with public network

• Deactivate NextDNS: nextdns deactivate
• Connect to network
• Clear DNS cache: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
• Reactivate NextDNS: nextdns activate

References

Footnotes

1. Ways to avoid harmful software ↩

2. macOS-Security-and-Privacy-Guide ↩ ↩²