feat: capture macOS system defaults (home/.macos)#319
Conversation
Snapshot of this machine's intentional macOS settings as a faithful `defaults write` script (not opinionated): Dock (autohide/size/hot corners), Finder (hidden files, list view, path bar, desktop drives), keyboard/text (show extensions, no auto-correct/cap/period, traditional scrolling, en_GB), trackpad (tap-to-click, 3-finger drag/look-up, light click), Stage Manager off, menu-bar clock, no .DS_Store on network shares, Activity Monitor. ~36 keys, correctly typed (verified via `defaults read-type`). - bootstrap applies it only on a full `-p` install (it restarts Dock/Finder), never on a routine `-f` sync. - Symlinked to ~/.macos; re-runnable, idempotent, macOS-gated. - Makefile bash -n covers it; README gains a "macOS system defaults" section and the new-machine checklist references it. Not captured (not possible via defaults): iCloud/Apple-ID, Login Items, TCC permissions, network, Touch ID, sandboxed apps (Safari, Control Center). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
| # TCC permissions, network/Wi-Fi, Touch ID, and sandboxed apps (Safari, Control | ||
| # Center) which need Full Disk Access and are fragile — configure those manually. | ||
|
|
||
| set -euo pipefail |
There was a problem hiding this comment.
[Suggestion] With set -euo pipefail, the first defaults write that returns non-zero aborts the whole script, skipping every later setting AND the final killall Dock/Finder/SystemUIServer loop. The result is a partially-written, un-applied state (bootstrap.sh only prints a generic warning). For a script billed as idempotent and re-runnable, consider relaxing errexit for the defaults section (or running the killall via a trap on EXIT) so a single failed domain write does not prevent the UI restart that applies everything that did succeed. defaults write rarely fails for valid domains, so this is robustness hardening, not a live bug.
| [[ "$(uname)" == "Darwin" ]] || return 0 | ||
| local dotfiles_dir | ||
| dotfiles_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" | ||
| if [[ -x "$dotfiles_dir/home/.macos" ]]; then |
There was a problem hiding this comment.
[Suggestion] The guard tests for the executable bit, but the script is invoked via bash on the file path, which does not need the exec bit. If that bit is ever lost (e.g. core.fileMode=false, a non-exec filesystem, or an archive extraction), the defaults would silently not apply during bootstrap with no warning. A file-exists test matches how the file is actually run and is more resilient.
There was a problem hiding this comment.
Automated review by Claude Code (prompt: home/.claude/contrib/prompts/claude-review.md). Verdict: APPROVE. Summary: clean, well-documented snapshot of macOS defaults into home/.macos, wired only into the -p install path, with matching README/Makefile updates; bootstrap gating (PULL == true), the macOS guard, idempotency, and the -f vs -p distinction all match the documented behavior. CI execution is correctly skipped (mutates system state / restarts Dock) and the Makefile adds a bash -n syntax check, the right level of coverage for a defaults script. Two non-blocking robustness suggestions were posted as inline comments (set -euo pipefail aborting before the killall restart; the -x vs -f guard in apply_macos_defaults). The verdict follows mechanically: only suggestions, nothing blocking.
There was a problem hiding this comment.
Automated review by Claude Code (prompt: home/.claude/contrib/prompts/claude-review.md). Verdict: APPROVE. Summary: clean, well-documented snapshot of macOS defaults into home/.macos, wired only into the -p install path, with matching README/Makefile updates; bootstrap gating (PULL == true), the macOS guard, idempotency, and the -f vs -p distinction all match the documented behavior. CI execution is correctly skipped (mutates system state / restarts Dock) and the Makefile adds a bash -n syntax check, the right level of coverage for a defaults script. Two non-blocking robustness suggestions were posted as inline comments (set -euo pipefail aborting before the killall restart; the -x vs -f guard in apply_macos_defaults). The verdict follows mechanically: only suggestions, nothing blocking.
There was a problem hiding this comment.
Prompt: evansenter/dotfiles/.../claude-review.md
Code Review
Summary. Clean, well-documented faithful snapshot of macOS defaults into home/.macos, wired only into the -p install path with matching README/Makefile updates. Bootstrap gating (PULL == true), the Darwin guard, idempotency, the osascript/killall '|| true' guards, and the -f vs -p distinction all match the documented behavior. CI execution is correctly skipped (mutates system state / restarts Dock) with a 'bash -n' syntax check added to the Makefile — the right coverage level for a defaults script.
Findings. No Critical or Important issues. Two non-blocking robustness suggestions were already posted as inline comments on prior review rounds and still stand (errexit aborting before the final killall UI restart; -x exec-bit guard vs a file-exists test for how the script is actually invoked). Both are hardening, not live bugs — defaults write effectively never fails for valid domains/types. No new findings to add.
Verdict. APPROVE — only suggestions, nothing blocking.
— Automated review by Claude Code
Summary
Captures macOS system settings (the
defaultslayer the repo never managed) ashome/.macos— a faithful snapshot of this machine's current values, not an opinionated set.Covers ~36 keys: Dock (autohide/size/hot corners), Finder (hidden files, list view, path bar, desktop drives), keyboard/text (show extensions, no auto-correct/capitalization/period, traditional scrolling,
en_GB), trackpad (tap-to-click, three-finger drag + look-up, light click thresholds), Stage Manager off, menu-bar clock, no.DS_Storeon network shares, Activity Monitor. All correctly typed (verified viadefaults read-type).Behavior
./bootstrap.sh -p(full install) — it restarts Dock/Finder, so it's not run on routine./bootstrap.sh -fsyncs.~/.macos; idempotent, macOS-gated, re-runnable manually.Not captured (impossible via
defaults)iCloud/Apple-ID settings, Login Items, TCC permissions, network/Wi-Fi, Touch ID, and sandboxed apps (Safari, Control Center — need Full Disk Access and are fragile). Documented as manual.
Test plan
bash -n+shellcheckclean;make checkgreen (now syntax-checkshome/.macos)defaults read-typebefore scriptingbootstrap -por manual~/.macos🤖 Generated with Claude Code