====== MacBook Pro M1 ======


==== Requirements ====
  * Hostname: qos005
  * IP-Adress: 10.5.81.121
  * MAC-Adress: 00:e0:4c:d3:09:c9
  * User Name: Dominik Lentrodt 
  * E-Mail: dominik.lentrodt@physik.uni-freiburg.de 
  * Account Name: dominik
  * Inventarnummer: 7302148800
  * Inventaraufkleber: ok
  * Leiferschein: ok


==== Specs ====

<WRAP left round box 20%>
MacBook Pro M1\\
Apple M1 8-core CPU\\
16 GB LPDDR-3 RAM\\
500 GB NVMe SSD\\
13,3" Display

MacOS Monterey\\
Version 12.1
</WRAP>

==== Basic Setup ====

Die Basiskonfiguration muss nur bei neuen MacOSX-Rechner/Laptos\\
oder nach dem Zurücksetzen auf die Werkseinstellungen erfolgen.

<code>
Language: English <Return>
Select Your Country or Region: Deutschland <Continue>
Written and Spoken Languages <Continue>
  Prefered languages: English (Germany)
  Input Soruces: German
  Dictation: English (United Kingdom)
<Continue>
Accessibility <Not Now>
Select Your Wi-Fi Network: <Continue (without choice)>
  Are you sure yo don't want to set up Wi-Fi? <Continue>
Data & Privacy <Continue>
Migration Assistant: <Not Now>
Terms and Conditions: <Agree>
  I have read and agree to ... <Agree>
Create a Computer Account
  Full name: Admin
  Account name: admin
  Password: <std_pwd>
  Hint: <none>
  <Continue>
Enable Location Services
  [ ] Enable Location Services on this Mac
  <Continue>
    Are you sure ...? <Don't Use>
Select Your Time Zone
  Berlin - Germany
  <Continue>
Analystics
  [ ] Share Mac Analytics with Apple
  [ ] Share crash and ...
  <Continue>
Screen Time
  <Set Up Later>
Siri
  [ ] Enable Ask Siri
  <Continue>
Touch ID
  <Set Up Tocuh ID Later>
    Are you sure ...? <Continue>
Choose Your Look
  Light 
  <Continue>
</code>

==== Networking ====

  * Infoblox Eintrag für MAC-Adresse
  * IP via DHCP beziehen

  * Sharing settings:<code>
Apple Menu | System Preferences | Sharing
  Computer Name: qos005
  [+] Screen Sharing
      <Computer Settings>
        [+] Anyone my request permission to control screen
  [+] Remote Login
  [+] AirPlay Receiver
</code>
  
  * Disable Firewall:<code>
Apple Menu | System Preferences | Security & Privacy | Firewall
  Firewall: Off
</code>

==== System Update ===

  * Perform System Update
  * Software Update configuration:<code>Apple Menu | System Preferences | Software Update | Advanced
  [+] Check for updates
  [+] Download new updates when available
  [ ] Install macOS updates
  [+] Install app updates from the App Store
  --
  [+] Install system data files and security updates
<OK>
</code>
==== root-User ====

<code>
Apple Menu | System Preferences | Users & Groups | Login Options | <Click the lock to make changes.>
  Network Account Server: <Join...> | <Open Directory Utility...> | <Click the lock to make changes.>
    <Edit in Menubar> | <Enable Root User> | 
      Password: <std_pwd>
</code>

==== DFN-Certificates ====

<code>
  - Zertifikate herunterladen unter: https://pki.pca.dfn.de/dfn-ca-global-g2/cgi-bin/pub/pki
    - Wurzelzertifikat
    - DFN-PCA-Zertifikat
    - DFN-CA Global G2 Zertifikat
  - Finder | Downloads | <Zertifikate durch Doppelklick hinzufügen> | 
    - Keychain: System | <Add>
  - die drei Zertifikate unter Downloads können nach dem Hinzufügen gelöscht werden
</code>
   
==== Authorized Keys ====

<code>
su - root
scp ltspmaster.physik.privat:.ssh/authorized* ~/.ssh
</code>
   

==== checkmk Integration ====

    * Rechner in checkmk einrichten
    * login auf ltspmaster und Verteilen von Source und Konfigurationsdateien<code>
DistAgent <client>
DistMasterfilesOSX <client>
</code> für 
       * FreeFileSync eingerichtet
       * FOG-Client installiert
       * Sophos-Installationssoftware hinkopiert

==== Homebrew installation ====

<code>
su - admin
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/admin/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

brew install coreutils
</code>

===  FileVault activation ===
<code>
Apple Menu | System Preferences... | Security & Privacy
  <FileVault>
  <Click the lock to >
  <Turn On File Vault>
  <Create Recovery Key>
</code>
<WRAP center round important 60%>
Put Recovery Key in Keepass\\ Der Key liegt aktuell noch in meinem persönlichen (mbeh) Keepass
</WRAP>


=== User Setup  ===

<code>
System Preferences | Users & Groups | <Click the log to make changes> | <+>
  New Account: Administrator
  Full Name: Dominik Lentrodt
  Account Name: dominik
  Password: <keepassxc_mbeh>
  Password hint: <none>
</code>


==== Software ====

=== Sophos ===
<code>
su - root
cd /Users/Sophos-Endpoint-osx/Sophos\ Installer.app/Contents/MacOS/tools
sudo ./InstallationDeployer --install
</code>

<code>
Allow Sophos "Full Disk Access"

Apple Menu | System Preferences... | Securtiy & Privacy
  <Click the lock to make changes.>
  Full Disk Access 
    <Drag Sophos Icon to application list>
</code>


=== Thunderbird ===
<code>
Browser: https://thunderbird.net | <Free Download>
Downloads | <Open in Finder> | Thunderbird*.dmg <double click> | 
<open> Applications | Thunderbird-Icon <drag to Applications>
Thunderbird*.dmg <Move to Bin> | <close all windows>
</code>

=== Mathematica ===
<code>
Browser: http://www.software.physik.uni-freiburg.de/Mathematica/Mathematica_12.3.1_MAC.dmg 
Downloads | <Open in Finder> | Mathematica_12.3.1_MAC.dmg 
  Applications <click to open> | Mathematica_12.3.1_MAC <drag to Applications>
  WolframScript.pkg <double click to install>
</code>

  * Mathematica Lizenz in Wolfram User Portal zugewiesen
  * Mathematica auf dem MacBook für den Benutzer aktiviert
<WRAP center round important 60%>
Der Lizenzschlüssel liegt aktuell noch in meinem persönlichen (mbeh) Keepass
</WRAP>
=== Time Machine ===
<code>
<connect external harddisk>
<rename harddisk>TM Backup
Apple | System Preferences | Time Machine | <select Backup Disk>
  <select external harddisk> 
  [+] Encrypt backup
  <Use Disk>
    Backup password: ****
    Verify password: ****
    Password hint: keepass
    <Encrypt Disk>
</code>

<WRAP center round important 60%>
Put Password for Time Machine Backup in Keepass\\ Das Passwort liegt aktuell noch in meinem persönlichen (mbeh) Keepass
</WRAP>


see: https://support.apple.com/en-us/HT201250

=== Free File Sync ===

:TO-DO:

==== Garantie Prüfen ====

<apple> | <About This Mac> | 
  Serial Nubmer: <select and copy>
  <Support> | <Check Your Coverage...>
    Enter your serial number: <paste>
    <enter code> | <Continue> 
      (+) Valid Purchase Date
      (+) Telephone Technical Support: Active
      (+) Coverd by Apple Care Protection Plan
          Coverage end date: ~ <current date> + 5 Years
      


==== Inventarisierung ====
  * Inventaraufkleber anbringen
  * Label drucken und anbringen
    * PC, Adapter, Externe Festplatte

=== GLPI Eintrag ===
  * GLPI entry done
  * Netzwerkadapter eintragen: MAC & IP
  * Lieferschein archiviert
  * Inventarnummer eingetragen
  * Anlageformular / Inventrisierung archivieren
  * Checkout Sheet archivieren
  * Aufkleber anbringen

----

=== Checkout Sheet ===

  * Checkout Sheet fertig ausfüllen\\
    * Name und Unterschrift des Benutzers
    * Datum und Unterschrift des IT-Verantwortlichen
    * Dominik Lentrodt
    * dominik.lentrodt@physik.uni-freiburg.de
    * 5886
    * Physikalsiches Institut, AG Buchleitner
    * 2022-01-15
    * MacBook Pro M1 2020 (Z11B-0110), S/N: FVFGR1AXQ05N
    * Accessories: 
      * belkin USB-C 6-in-1 Multiport Adapter 
      * WD Elements 1TB external Harddisk

==== Zusammen mit dem Benutzer ====

  * Checkout Sheet unterscheiben lassen
  * (noop) E-Mail Account einrichten (Mail / Thunderbird)
  * (noop)  Kalender einrichten (Calendar / Thunderbird)? 
  * Hinweis auf fehlendes FreeSync-Backup
  * (noop)  Passwort für Benutzer "Dominik Lentrodt" ändern
  * Pfad zu Homebrew für Benutzer ergänzt
  * FindMyMac Service aktivieren wenn gewünscht\\ see: https://support.apple.com/de-de/guide/findmy-mac/fmm53101237/mac

{{tag> macos}}