Tutorial

Novas atualizações e melhorias para a Macfleet.

Aviso importante

Os exemplos de código e scripts fornecidos nestes tutoriais são apenas para fins educacionais. A Macfleet não é responsável por quaisquer problemas, danos ou vulnerabilidades de segurança que possam surgir do uso, modificação ou implementação destes exemplos. Sempre revise e teste o código em um ambiente seguro antes de usá-lo em sistemas de produção.

← Todas as postagens

July 7, 2025

Guest User Management on macOS

Manage guest user accounts and secure temporary access across your MacFleet devices using advanced guest user management systems. This tutorial covers guest account configuration, security policies, access monitoring, and comprehensive guest lifecycle management.

Understanding macOS Guest User Management

macOS provides guest user functionality for temporary, secure access:

defaults - System preferences and configuration management
Guest User Account - Temporary access without authentication
Secure Sandbox - Isolated environment for guest sessions
Automatic Cleanup - Session data removal on logout
Access Controls - Restrictions and permissions management

Basic Guest User Operations

Enable Guest User Account

#!/bin/bash

# Basic guest user enablement
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE

echo "Guest user account enabled successfully"

Enhanced Guest User Configuration

#!/bin/bash

# Comprehensive guest user configuration with security settings
configure_guest_user() {
    echo "=== Comprehensive Guest User Configuration ==="
    
    # Enable guest user
    echo "Enabling guest user account..."
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE
    
    # Configure guest user restrictions
    echo "Configuring guest user security settings..."
    
    # Disable guest user from making system changes
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAllowedToChangeNetwork -bool FALSE
    
    # Set guest user home folder restrictions
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestHomeIsSeparateDisk -bool TRUE
    
    # Configure automatic logout
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAutoLogout -int 3600
    
    # Disable guest user from accessing encrypted volumes
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestCanAccessEncryptedVolumes -bool FALSE
    
    echo "Guest user configuration completed"
}

# Execute comprehensive configuration
configure_guest_user

Guest User Categories

Guest Access Classifications

#!/bin/bash

# Guest user categories for different organizational needs
declare -A GUEST_USER_CATEGORIES=(
    ["lobby_kiosk"]="Public lobby access for visitors and information browsing"
    ["conference_room"]="Meeting room access for presentations and collaboration"
    ["library_station"]="Educational institution public access terminals"
    ["demo_showcase"]="Product demonstration and sales presentation stations"
    ["visitor_workstation"]="Temporary workstations for business visitors"
    ["event_registration"]="Event check-in and registration terminals"
    ["customer_service"]="Customer service and support terminals"
    ["training_lab"]="Training and workshop temporary access"
    ["public_wifi_portal"]="Public WiFi access and terms acceptance"
    ["emergency_access"]="Emergency access stations for staff use"
)

# Security levels for guest access
declare -A SECURITY_LEVELS=(
    ["lobby_kiosk"]="high_restriction"
    ["conference_room"]="medium_restriction"
    ["library_station"]="medium_restriction"
    ["demo_showcase"]="low_restriction"
    ["visitor_workstation"]="high_restriction"
    ["event_registration"]="medium_restriction"
    ["customer_service"]="high_restriction"
    ["training_lab"]="low_restriction"
    ["public_wifi_portal"]="maximum_restriction"
    ["emergency_access"]="minimal_restriction"
)

# Session duration limits
declare -A SESSION_LIMITS=(
    ["lobby_kiosk"]="1800"      # 30 minutes
    ["conference_room"]="10800"  # 3 hours
    ["library_station"]="7200"   # 2 hours
    ["demo_showcase"]="3600"     # 1 hour
    ["visitor_workstation"]="14400" # 4 hours
    ["event_registration"]="900"  # 15 minutes
    ["customer_service"]="1800"   # 30 minutes
    ["training_lab"]="21600"     # 6 hours
    ["public_wifi_portal"]="300"  # 5 minutes
    ["emergency_access"]="unlimited"
)

print_guest_categories() {
    echo "=== Guest User Categories ==="
    for category in "${!GUEST_USER_CATEGORIES[@]}"; do
        echo "Category: $category"
        echo "  Description: ${GUEST_USER_CATEGORIES[$category]}"
        echo "  Security Level: ${SECURITY_LEVELS[$category]}"
        echo "  Session Limit: ${SESSION_LIMITS[$category]} seconds"
        echo ""
    done
}

# Display available categories
print_guest_categories

Guest User Policies

Access Policy Engine

#!/bin/bash

# Guest user management policies for different security requirements
declare -A GUEST_POLICIES=(
    ["public_access_secure"]="Secure public access with maximum restrictions"
    ["business_visitor_standard"]="Standard business visitor access with monitoring"
    ["educational_open"]="Educational environment with learning-focused access"
    ["demo_presentation"]="Demonstration and presentation optimized access"
    ["emergency_minimal"]="Emergency access with minimal restrictions"
    ["compliance_strict"]="Strict compliance with full audit and monitoring"
)

# Policy configurations
get_guest_policy() {
    local policy_type="$1"
    
    case "$policy_type" in
        "public_access_secure")
            cat << EOF
{
    "guest_enabled": true,
    "session_timeout": 1800,
    "network_access": false,
    "file_downloads": false,
    "usb_access": false,
    "printing_allowed": false,
    "applications_allowed": ["Safari", "TextEdit", "Preview"],
    "system_preferences_access": false,
    "auto_logout_enabled": true,
    "session_monitoring": "comprehensive",
    "data_retention": "none",
    "audit_logging": "detailed",
    "password_protection": false,
    "screen_sharing_disabled": true,
    "remote_management_disabled": true
}
EOF
            ;;
        "business_visitor_standard")
            cat << EOF
{
    "guest_enabled": true,
    "session_timeout": 14400,
    "network_access": true,
    "file_downloads": true,
    "usb_access": false,
    "printing_allowed": true,
    "applications_allowed": ["Safari", "TextEdit", "Preview", "Mail", "Calendar"],
    "system_preferences_access": false,
    "auto_logout_enabled": true,
    "session_monitoring": "standard",
    "data_retention": "session_only",
    "audit_logging": "standard",
    "password_protection": false,
    "screen_sharing_disabled": true,
    "remote_management_disabled": true,
    "file_sharing_restrictions": true
}
EOF
            ;;
        "compliance_strict")
            cat << EOF
{
    "guest_enabled": true,
    "session_timeout": 3600,
    "network_access": true,
    "file_downloads": false,
    "usb_access": false,
    "printing_allowed": false,
    "applications_allowed": ["Safari"],
    "system_preferences_access": false,
    "auto_logout_enabled": true,
    "session_monitoring": "comprehensive",
    "data_retention": "none",
    "audit_logging": "comprehensive",
    "password_protection": false,
    "screen_sharing_disabled": true,
    "remote_management_disabled": true,
    "compliance_frameworks": ["hipaa", "gdpr", "sox"],
    "data_encryption": "required",
    "access_logging": "detailed",
    "session_recording": "enabled"
}
EOF
            ;;
        *)
            echo "Unknown guest policy: $policy_type"
            return 1
            ;;
    esac
}

# Apply guest user policy
apply_guest_policy() {
    local policy="$1"
    local config_file="/tmp/guest_policy.json"
    
    echo "Applying guest user policy: $policy"
    
    get_guest_policy "$policy" > "$config_file"
    
    if [[ ! -f "$config_file" ]]; then
        echo "❌ Failed to generate policy configuration"
        return 1
    fi
    
    echo "✅ Guest user policy applied successfully"
    echo "Configuration: $config_file"
    
    # Display key policy settings
    echo "=== Policy Summary ==="
    echo "Guest Enabled: $(jq -r '.guest_enabled' "$config_file")"
    echo "Session Timeout: $(jq -r '.session_timeout' "$config_file") seconds"
    echo "Network Access: $(jq -r '.network_access' "$config_file")"
    echo "Session Monitoring: $(jq -r '.session_monitoring' "$config_file")"
    echo "Audit Logging: $(jq -r '.audit_logging' "$config_file")"
    
    # Apply actual guest settings
    apply_guest_settings "$config_file"
    
    return 0
}

# Apply guest settings
apply_guest_settings() {
    local config_file="$1"
    
    echo "Applying guest user settings..."
    
    # Extract settings from JSON
    local guest_enabled
    guest_enabled=$(jq -r '.guest_enabled' "$config_file")
    local session_timeout
    session_timeout=$(jq -r '.session_timeout' "$config_file")
    local auto_logout
    auto_logout=$(jq -r '.auto_logout_enabled' "$config_file")
    
    # Apply guest user settings
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool "$guest_enabled"
    
    if [[ "$auto_logout" == "true" ]]; then
        sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAutoLogout -int "$session_timeout"
    fi
    
    echo "✅ Guest settings applied successfully"
}

Advanced Guest User Monitoring

Guest Session Analytics

#!/bin/bash

# Comprehensive guest session monitoring and analytics
monitor_guest_sessions() {
    local monitoring_profile="$1"
    local session_report="/tmp/guest_session_$(date +%Y%m%d_%H%M%S).json"
    
    echo "=== Guest Session Monitoring ==="
    echo "Monitoring Profile: $monitoring_profile"
    
    # Initialize session report
    cat > "$session_report" << EOF
{
    "monitoring_profile": "$monitoring_profile",
    "scan_timestamp": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "guest_status": {},
    "active_sessions": [],
    "session_analytics": {}
}
EOF
    
    # Check guest user status
    echo "Checking guest user status..."
    local guest_enabled
    guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
    
    local guest_auto_logout
    guest_auto_logout=$(defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout 2>/dev/null || echo "0")
    
    # Check for active guest sessions
    echo "Analyzing active sessions..."
    local active_users
    active_users=$(who | grep -v "^$USER" | wc -l | tr -d ' ')
    
    local guest_sessions
    guest_sessions=$(who | grep "Guest" | wc -l | tr -d ' ')
    
    # Monitor session activity
    echo "Monitoring session activity..."
    local login_history
    login_history=$(last | grep "Guest" | head -10)
    
    # Update session report
    jq --arg guest_enabled "$guest_enabled" \
       --argjson guest_auto_logout "$guest_auto_logout" \
       --argjson active_users "$active_users" \
       --argjson guest_sessions "$guest_sessions" \
       '.guest_status = {
          "enabled": ($guest_enabled == "1"),
          "auto_logout_seconds": $guest_auto_logout,
          "active_users": $active_users,
          "active_guest_sessions": $guest_sessions
        }' "$session_report" > "${session_report}.tmp" && mv "${session_report}.tmp" "$session_report"
    
    # Session analytics
    local total_guest_logins
    total_guest_logins=$(last | grep "Guest" | wc -l | tr -d ' ')
    
    local avg_session_duration="unknown"
    if [[ $total_guest_logins -gt 0 ]]; then
        # Calculate average session duration (simplified)
        avg_session_duration="estimated"
    fi
    
    # Display results
    echo ""
    echo "Guest Session Analysis Results:"
    echo "  Guest User Enabled: $([ "$guest_enabled" = "1" ] && echo "✅ YES" || echo "❌ NO")"
    echo "  Auto Logout: ${guest_auto_logout} seconds"
    echo "  Active Users: $active_users"
    echo "  Active Guest Sessions: $guest_sessions"
    echo "  Total Guest Logins (recent): $total_guest_logins"
    echo "  Average Session Duration: $avg_session_duration"
    echo "  Session Report: $session_report"
    
    # Log monitoring activity
    audit_log "Guest session monitoring completed: $monitoring_profile"
    
    return 0
}

Guest User Management System

#!/bin/bash

# MacFleet Guest User Management System
# Comprehensive guest access control, monitoring, and security

# Configuration
CONFIG_DIR="/etc/macfleet/guest"
LOG_FILE="/var/log/macfleet_guest_management.log"
DATA_DIR="/var/data/macfleet/guest"
REPORTS_DIR="/var/reports/macfleet/guest"
AUDIT_LOG="/var/log/macfleet_guest_audit.log"

# Create required directories
create_directories() {
    local directories=("$CONFIG_DIR" "$DATA_DIR" "$REPORTS_DIR")
    
    for dir in "${directories[@]}"; do
        if [[ ! -d "$dir" ]]; then
            sudo mkdir -p "$dir"
            sudo chmod 755 "$dir"
        fi
    done
}

# Logging functions
log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] $1" | tee -a "$LOG_FILE"
}

log_error() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [ERROR] $1" | tee -a "$LOG_FILE" >&2
}

audit_log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [AUDIT] $1" | tee -a "$AUDIT_LOG"
}

# Guest user security enforcement
enforce_guest_security() {
    local security_level="$1"
    
    log_action "Enforcing guest security level: $security_level"
    
    echo "=== Guest User Security Enforcement ==="
    echo "Security Level: $security_level"
    
    case "$security_level" in
        "maximum_restriction")
            echo "Applying maximum security restrictions..."
            
            # Disable network access for guest
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestNetworkAccess -bool FALSE
            
            # Disable removable media access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestRemovableMediaAccess -bool FALSE
            
            # Disable printing
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestPrintingAccess -bool FALSE
            
            # Set strict application restrictions
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAllowedApplications -array "Safari"
            
            echo "  ✅ Maximum security restrictions applied"
            ;;
            
        "standard_restriction")
            echo "Applying standard security restrictions..."
            
            # Allow limited network access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestNetworkAccess -bool TRUE
            
            # Disable removable media access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestRemovableMediaAccess -bool FALSE
            
            # Allow printing with restrictions
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestPrintingAccess -bool TRUE
            
            echo "  ✅ Standard security restrictions applied"
            ;;
            
        "minimal_restriction")
            echo "Applying minimal security restrictions..."
            
            # Allow network access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestNetworkAccess -bool TRUE
            
            # Allow removable media with monitoring
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestRemovableMediaAccess -bool TRUE
            
            # Allow printing
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestPrintingAccess -bool TRUE
            
            echo "  ✅ Minimal security restrictions applied"
            ;;
            
        *)
            echo "❌ Unknown security level: $security_level"
            return 1
            ;;
    esac
    
    audit_log "Guest security enforcement completed: $security_level"
    
    return 0
}

# Guest session lifecycle management
manage_guest_lifecycle() {
    local action="$1"
    local parameters="$2"
    
    log_action "Managing guest lifecycle: $action"
    
    case "$action" in
        "cleanup_expired_sessions")
            echo "Cleaning up expired guest sessions..."
            
            # Force logout inactive guest sessions
            pkill -u Guest 2>/dev/null
            
            # Clean guest home directory
            sudo rm -rf /Users/Guest/* 2>/dev/null
            
            echo "  ✅ Expired sessions cleaned up"
            ;;
            
        "reset_guest_environment")
            echo "Resetting guest environment..."
            
            # Reset guest user preferences
            sudo rm -rf /Users/Guest/Library/Preferences/* 2>/dev/null
            
            # Clear guest application data
            sudo rm -rf /Users/Guest/Library/Application\ Support/* 2>/dev/null
            
            # Clear downloads and documents
            sudo rm -rf /Users/Guest/Downloads/* 2>/dev/null
            sudo rm -rf /Users/Guest/Documents/* 2>/dev/null
            
            echo "  ✅ Guest environment reset"
            ;;
            
        "generate_session_report")
            echo "Generating guest session report..."
            
            local report_file="$REPORTS_DIR/guest_session_report_$(date +%Y%m%d_%H%M%S).json"
            
            # Collect session data
            local session_data
            session_data=$(last | grep "Guest" | head -20)
            
            # Generate report
            cat > "$report_file" << EOF
{
    "report_type": "guest_session_analysis",
    "generated": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "recent_sessions": "$session_data",
    "guest_status": {
        "enabled": $(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false"),
        "auto_logout": $(defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout 2>/dev/null || echo "0")
    }
}
EOF
            
            echo "  ✅ Session report generated: $report_file"
            ;;
            
        *)
            echo "❌ Unknown lifecycle action: $action"
            return 1
            ;;
    esac
    
    return 0
}

# Guest compliance monitoring
monitor_guest_compliance() {
    local compliance_framework="$1"
    
    log_action "Monitoring guest user compliance: $compliance_framework"
    
    echo "=== Guest User Compliance Monitoring ==="
    echo "Framework: $compliance_framework"
    
    local violations=()
    local compliance_score=100
    
    case "$compliance_framework" in
        "security_standard")
            # Check if guest user is properly configured
            local guest_enabled
            guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
            
            if [[ "$guest_enabled" != "1" && "$guest_enabled" != "true" ]]; then
                violations+=("guest_user_not_properly_configured")
                ((compliance_score -= 20))
            fi
            
            # Check for auto-logout configuration
            local auto_logout
            auto_logout=$(defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout 2>/dev/null || echo "0")
            
            if [[ "$auto_logout" == "0" ]]; then
                violations+=("auto_logout_not_configured")
                ((compliance_score -= 15))
            fi
            ;;
            
        "privacy_protection")
            # Check for data retention policies
            if [[ -d "/Users/Guest" && -n "$(ls -A /Users/Guest 2>/dev/null)" ]]; then
                violations+=("guest_data_not_cleaned")
                ((compliance_score -= 25))
            fi
            
            # Check session monitoring
            if [[ ! -f "$AUDIT_LOG" ]]; then
                violations+=("session_monitoring_not_configured")
                ((compliance_score -= 20))
            fi
            ;;
            
        *)
            echo "❌ Unknown compliance framework: $compliance_framework"
            return 1
            ;;
    esac
    
    echo ""
    echo "Compliance Results:"
    echo "  Framework: $compliance_framework"
    echo "  Compliance Score: $compliance_score/100"
    echo "  Violations Found: ${#violations[@]}"
    
    if [[ ${#violations[@]} -gt 0 ]]; then
        echo "  Violations:"
        for violation in "${violations[@]}"; do
            echo "    - $violation"
        done
    else
        echo "  ✅ No violations found"
    fi
    
    audit_log "Guest compliance monitoring completed: $compliance_framework (Score: $compliance_score/100)"
    
    return 0
}

# Main function with command routing
main() {
    local command="$1"
    shift
    
    # Initialize
    create_directories
    
    case "$command" in
        "enable")
            # Enable guest user with basic configuration
            configure_guest_user
            ;;
        "disable")
            # Disable guest user
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool FALSE
            echo "Guest user disabled"
            ;;
        "status")
            # Check guest user status
            local status
            status=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
            echo "Guest User Status: $([ "$status" = "1" ] && echo "Enabled" || echo "Disabled")"
            ;;
        "monitor_sessions")
            monitor_guest_sessions "$@"
            ;;
        "apply_policy")
            apply_guest_policy "$@"
            ;;
        "enforce_security")
            enforce_guest_security "$@"
            ;;
        "manage_lifecycle")
            manage_guest_lifecycle "$@"
            ;;
        "compliance_check")
            monitor_guest_compliance "$@"
            ;;
        "show_categories")
            print_guest_categories
            ;;
        "show_policies")
            for policy in public_access_secure business_visitor_standard educational_open demo_presentation emergency_minimal compliance_strict; do
                echo "Policy: $policy"
                get_guest_policy "$policy" | jq .
                echo ""
            done
            ;;
        *)
            echo "MacFleet Guest User Management System"
            echo "Usage: $0 <command> [options]"
            echo ""
            echo "Commands:"
            echo "  enable                                    - Enable guest user with configuration"
            echo "  disable                                   - Disable guest user"
            echo "  status                                    - Check guest user status"
            echo "  monitor_sessions <profile>                - Monitor guest sessions"
            echo "  apply_policy <policy>                     - Apply guest user policy"
            echo "  enforce_security <level>                  - Enforce security restrictions"
            echo "  manage_lifecycle <action>                 - Manage guest lifecycle"
            echo "  compliance_check <framework>              - Check compliance"
            echo "  show_categories                           - Show guest user categories"
            echo "  show_policies                             - Show guest user policies"
            echo ""
            echo "Examples:"
            echo "  $0 enable"
            echo "  $0 apply_policy public_access_secure"
            echo "  $0 enforce_security maximum_restriction"
            echo "  $0 monitor_sessions comprehensive"
            echo "  $0 manage_lifecycle cleanup_expired_sessions"
            echo "  $0 compliance_check security_standard"
            ;;
    esac
}

# Execute main function with all arguments
main "$@"

Security Considerations

Guest User Security

Session Isolation - Complete isolation of guest sessions from system and user data
Data Prevention - Prevent data persistence and information leakage
Network Restrictions - Control network access and external communications
Application Controls - Restrict available applications and system access
Monitoring & Auditing - Comprehensive logging of guest activities

Compliance Framework

Privacy Protection - Ensure guest sessions don't compromise user privacy
Data Security - Prevent unauthorized access to sensitive information
Access Controls - Implement proper access restrictions and limitations
Session Management - Proper session lifecycle and cleanup procedures
Audit Requirements - Maintain compliance with audit and monitoring standards

Troubleshooting Guide

Common Issues

Guest User Not Appearing

Verify guest user is enabled: defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled
Check login window settings in System Preferences
Restart login window process: sudo killall loginwindow

Guest Session Not Auto-Logging Out

Verify auto-logout configuration: defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout
Check for running guest processes preventing logout
Manually force guest logout if needed

Guest User Has Too Much Access

Review and apply appropriate security policies
Check application restrictions and system access controls
Verify network and file access limitations

Diagnostic Commands

# Check guest user status
defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled

# Check auto-logout setting
defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout

# List active guest sessions
who | grep Guest

# View guest login history
last | grep Guest

Important Notes

Data Security - Guest sessions should never have access to sensitive data
Session Cleanup - Ensure proper cleanup of guest data on logout
Access Restrictions - Implement appropriate restrictions based on use case
Monitoring - Maintain logs and monitoring for security and compliance
Regular Maintenance - Regularly clean up and reset guest environments
Security Testing - Test guest restrictions to ensure proper isolation

Tutorial

Novas atualizações e melhorias para a Macfleet.

Siga-nos no X.com

May 20, 2025

Configurando um Runner do GitHub Actions em um Mac Mini (Apple Silicon)

Runner do GitHub Actions

GitHub Actions é uma plataforma poderosa de CI/CD que permite automatizar seus fluxos de trabalho de desenvolvimento de software. Embora o GitHub ofereça runners hospedados, runners auto-hospedados fornecem maior controle e personalização para sua configuração de CI/CD. Este tutorial o guia através da configuração e conexão de um runner auto-hospedado em um Mac mini para executar pipelines do macOS.

Pré-requisitos

Antes de começar, certifique-se de ter:

Um Mac mini (registre-se no Macfleet)
Um repositório GitHub com direitos de administrador
Um gerenciador de pacotes instalado (preferencialmente Homebrew)
Git instalado em seu sistema

Passo 1: Criar uma Conta de Usuário Dedicada

Primeiro, crie uma conta de usuário dedicada para o runner do GitHub Actions:

# Criar a conta de usuário 'gh-runner'
sudo dscl . -create /Users/gh-runner
sudo dscl . -create /Users/gh-runner UserShell /bin/bash
sudo dscl . -create /Users/gh-runner RealName "GitHub runner"
sudo dscl . -create /Users/gh-runner UniqueID "1001"
sudo dscl . -create /Users/gh-runner PrimaryGroupID 20
sudo dscl . -create /Users/gh-runner NFSHomeDirectory /Users/gh-runner

# Definir a senha para o usuário
sudo dscl . -passwd /Users/gh-runner sua_senha

# Adicionar 'gh-runner' ao grupo 'admin'
sudo dscl . -append /Groups/admin GroupMembership gh-runner

Mude para a nova conta de usuário:

su gh-runner

Passo 2: Instalar Software Necessário

Instale Git e Rosetta 2 (se estiver usando Apple Silicon):

# Instalar Git se ainda não estiver instalado
brew install git

# Instalar Rosetta 2 para Macs Apple Silicon
softwareupdate --install-rosetta

Passo 3: Configurar o Runner do GitHub Actions

Vá para seu repositório GitHub
Navegue para Configurações > Actions > Runners

Runner do GitHub Actions

Clique em "New self-hosted runner" (https://github.com/<username>/<repository>/settings/actions/runners/new)
Selecione macOS como imagem do runner e ARM64 como arquitetura
Siga os comandos fornecidos para baixar e configurar o runner

Runner do GitHub Actions

Crie um arquivo .env no diretório _work do runner:

# arquivo _work/.env
ImageOS=macos15
XCODE_15_DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer

Execute o script run.sh em seu diretório do runner para completar a configuração.
Verifique se o runner está ativo e ouvindo por trabalhos no terminal e verifique as configurações do repositório GitHub para a associação do runner e status Idle.

Runner do GitHub Actions

Passo 4: Configurar Sudoers (Opcional)

Se suas ações requerem privilégios de root, configure o arquivo sudoers:

sudo visudo

Adicione a seguinte linha:

gh-runner ALL=(ALL) NOPASSWD: ALL

Passo 5: Usar o Runner em Fluxos de Trabalho

Configure seu fluxo de trabalho do GitHub Actions para usar o runner auto-hospedado:

name: Fluxo de trabalho de exemplo

on:
  workflow_dispatch:

jobs:
  build:
    runs-on: [self-hosted, macOS, ARM64]
    steps:
      - name: Instalar NodeJS
        run: brew install node

O runner está autenticado em seu repositório e rotulado com self-hosted, macOS, e ARM64. Use-o em seus fluxos de trabalho especificando estes rótulos no campo runs-on:

runs-on: [self-hosted, macOS, ARM64]

Melhores Práticas

Mantenha seu software do runner atualizado
Monitore regularmente os logs do runner para problemas
Use rótulos específicos para diferentes tipos de runners
Implemente medidas de segurança adequadas
Considere usar múltiplos runners para balanceamento de carga

Solução de Problemas

Problemas comuns e soluções:

Runner não conectando:
- Verifique conectividade de rede
- Verifique validade do token GitHub
- Certifique-se de permissões adequadas
Falhas de build:
- Verifique instalação do Xcode
- Verifique dependências necessárias
- Revise logs do fluxo de trabalho
Problemas de permissão:
- Verifique permissões do usuário
- Verifique configuração sudoers
- Revise permissões do sistema de arquivos

Conclusão

Agora você tem um runner auto-hospedado do GitHub Actions configurado em seu Mac mini. Esta configuração fornece mais controle sobre seu ambiente CI/CD e permite executar fluxos de trabalho específicos do macOS de forma eficiente.

Lembre-se de manter regularmente seu runner e mantê-lo atualizado com os patches de segurança e versões de software mais recentes.

May 14, 2025

Aplicativo Nativo

Aplicativo nativo do Macfleet

Guia de Instalação do Macfleet

Macfleet é uma solução poderosa de gerenciamento de frota projetada especificamente para ambientes Mac Mini hospedados na nuvem. Como provedor de hospedagem na nuvem Mac Mini, você pode usar o Macfleet para monitorar, gerenciar e otimizar toda sua frota de instâncias Mac virtualizadas.

Este guia de instalação o conduzirá através da configuração do monitoramento do Macfleet em sistemas macOS, Windows e Linux para garantir supervisão abrangente de sua infraestrutura na nuvem.

🍎 macOS

Baixe o arquivo .dmg para Mac aqui
Clique duas vezes no arquivo .dmg baixado
Arraste o aplicativo Macfleet para a pasta Aplicativos
Ejete o arquivo .dmg
Abra Preferências do Sistema > Segurança e Privacidade
- Aba Privacidade > Acessibilidade
- Marque Macfleet para permitir monitoramento
Inicie o Macfleet a partir de Aplicativos
O rastreamento inicia automaticamente

🪟 Windows

Baixe o arquivo .exe para Windows aqui
Clique com o botão direito no arquivo .exe > "Executar como administrador"
Siga o assistente de instalação
Aceite os termos e condições
Permita no Windows Defender se solicitado
Conceda permissões de monitoramento de aplicativo
Inicie o Macfleet a partir do Menu Iniciar
O aplicativo começa o rastreamento automaticamente

🐧 Linux

Baixe o pacote .deb (Ubuntu/Debian) ou .rpm (CentOS/RHEL) aqui
Instale usando seu gerenciador de pacotes
- Ubuntu/Debian: sudo dpkg -i Macfleet-linux.deb
- CentOS/RHEL: sudo rpm -ivh Macfleet-linux.rpm
Permita permissões de acesso X11 se solicitado
Adicione o usuário aos grupos apropriados se necessário
Inicie o Macfleet a partir do menu Aplicativos
O aplicativo começa o rastreamento automaticamente

Nota: Após a instalação em todos os sistemas, faça login com suas credenciais do Macfleet para sincronizar dados com seu painel de controle.