fresh mac setup

stack.emin.ch

A single command turns a freshly unboxed Apple Silicon Mac into a working dev environment. Safe to re-run on any existing setup.

stack.emin.ch — zsh
$
Apple Silicon Idempotent ~30 min unattended No npm-pipe-bash sketchiness

What I use

OrcaAgent development environment DakodeonLocal model menu bar app Claude CodeAnthropic coding agent CodexOpenAI coding agent HomebrewPackage manager XcodeApple IDE Android StudioAndroid IDE 1PasswordPassword manager SignalEncrypted messenger WhatsAppMessenger DiscordChat SteamGames
CLI tools
cmake fd ffmpeg gcloud gh go jq node pnpm ripgrep rclone rust rustup stow uv webp wrangler
Manual App Store reminders
1Password for Safari Wipr Xcode
Auth, set up for you
GitHub via gh auth login SSH via 1Password agent (Touch ID), public key uploaded to GitHub Google Drive artifact remote via rclone Claude Code sign-in launched for you Codex configured with Fugu and Dakodeon profiles Claude Code configured with bypass permissions and Paddle MCP servers Secrets pulled from a 1Password Secure Note into ~/.zshrc.local

Inside the script

  1. Sanity checkmacOS, Apple Silicon, not root, not truncated.
  2. HomebrewInstalls Homebrew, lets its installer handle Xcode Command Line Tools non-interactively when needed, and wires up brew shellenv.
  3. Clone the repoUses HTTPS so it works before auth is set up.
  4. Brew bundleInstalls every tool and cask declared in the Brewfile.
  5. Google Drive artifact remoteConfigures the clindesk-drive rclone remote and ensures ClinDesk/marketing-artifacts exists.
  6. pnpm globalsInstalls wrangler and @paddle/paddle-mcp.
  7. GitHub authRuns device-code login and sets gh auth setup-git as the credential helper.
  8. 1Password SSH agentWaits for the GUI integration and SSH agent to be enabled, wires ~/.ssh/config to the agent, and uploads the public key to GitHub for SSH auth.
  9. Repo origin to SSHSwitches the cloned repo from HTTPS to git@github.com once SSH is verified.
  10. StowSymlinks zsh, git, Claude Code config, Codex support files, and helper scripts into $HOME, after touching the .gitconfig.local / .zshrc.local override stubs.
  11. AI agent configCreates or updates Codex config, Paddle MCP server wiring, and Fugu/Dakodeon model profiles.
  12. Secrets from 1PasswordReads the stack env item and writes API keys into ~/.zshrc.local, plus the Sakana key into ~/.codex/.env when present.
  13. Claude sign-inLaunches Claude Code for interactive auth.
  14. Claude MCP serversRegisters Paddle sandbox and production wrappers with Claude Code.
  15. Final summaryPrints App Store reminders for 1Password for Safari, Wipr, and Xcode.

What you still do by hand

The script pauses and asks you to do these in the GUI:
  • Unlock 1Password and enable the CLI + SSH agent integrations
  • Approve the gh auth browser flow
  • Approve the Google Drive rclone browser flow
  • Sign in to claude when it opens its browser
  • Sign in to codex before using OpenAI-hosted models
  • Install 1Password for Safari, Wipr, and Xcode from the App Store when needed