#!/bin/bash

# make xcode shut up and give us build tools
sudo xcodebuild -license accept

# enable fde
sudo fdesetup enable

# disable hibernate
# SIP prevents this rm, sadly
#sudo rm -f /private/var/vm/sleepimage
sudo pmset -a hibernatemode 0

# enable application firewall
sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1
sudo defaults write /Library/Preferences/com.apple.alf loggingenabled -bool true
sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool false

# hush time machine
sudo defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true

# disable spotlight phone-home systemwide (belt and suspenders)
echo "127.0.0.1 api.smoot.apple.com" | sudo tee -a /etc/hosts

# update software
sudo softwareupdate -i -a

# enable all autoupdates
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE
sudo defaults write /Library/Preferences/com.apple.commerce AutoUpdate -bool TRUE
sudo defaults write /Library/Preferences/com.apple.commerce AutoUpdateRestartRequired -bool TRUE

# disable guest user account
sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool false
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool false

# install pip so users can
#     pip install --user <pkg>
sudo easy_install pip