Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121

Dogfood iPhones team GitOps (#19897)

Browse source 
Changes to dogfood GitOps for #18866.
This commit is contained in:
Lucas Manuel Rodriguez 2024-06-20 17:13:24 -03:00 committed by GitHub
parent c7ea0125d6
commit addb665c8b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 407 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/dogfood-gitops.yml vendored
View file

@ -79,3 +79,4 @@ jobs:
DOGFOOD_EXPLORE_DATA_ENROLL_SECRET: ${{ secrets.DOGFOOD_EXPLORE_DATA_ENROLL_SECRET }}
DOGFOOD_CALENDAR_API_KEY: ${{ secrets.DOGFOOD_CALENDAR_API_KEY }}
DOGFOOD_VIRTUAL_MACHINES_ENROLL_SECRET: ${{ secrets.DOGFOOD_VIRTUAL_MACHINES_ENROLL_SECRET }}
DOGFOOD_IPHONES_ENROLL_SECRET: ${{ secrets.DOGFOOD_IPHONES_ENROLL_SECRET }}

48
it-and-security/lib/configuration-profiles/ios-content-filtering.mobileconfig Normal file
View file

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AutoFilterEnabled</key>
<true/>
<key>BlacklistedURLs</key>
<array>
<string>https://example.com</string>
<string></string>
</array>
<key>FilterBrowsers</key>
<true/>
<key>FilterSockets</key>
<true/>
<key>FilterType</key>
<string>BuiltIn</string>
<key>PayloadDescription</key>
<string>Configures content filtering settings</string>
<key>PayloadDisplayName</key>
<string>Web Content Filter</string>
<key>PayloadIdentifier</key>
<string>com.apple.webcontent-filter.1B111C68-501E-44C3-A564-296C9D5D01C3</string>
<key>PayloadType</key>
<string>com.apple.webcontent-filter</string>
<key>PayloadUUID</key>
<string>1B111C68-501E-44C3-A564-296C9D5D01C3</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Content filtering</string>
<key>PayloadIdentifier</key>
<string>Lucass-MacBook-Pro.72E4CE0F-8246-4B81-BC28-AD16C7CD43E0</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>9555632D-5053-4A89-94D9-EC4510BB8DC6</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

39
it-and-security/lib/configuration-profiles/ios-lock-screen-message.mobileconfig Normal file
View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AssetTagInformation</key>
<string>This is a Fleet owned device</string>
<key>IfLostReturnToMessage</key>
<string>Fleet Device Management Inc.</string>
<key>PayloadDescription</key>
<string>Configures ownership information for a shared device</string>
<key>PayloadDisplayName</key>
<string>Lock Screen Message</string>
<key>PayloadIdentifier</key>
<string>com.apple.shareddeviceconfiguration.E6872230-52C6-4443-AE57-4BB6503C6E01</string>
<key>PayloadType</key>
<string>com.apple.shareddeviceconfiguration</string>
<key>PayloadUUID</key>
<string>E6872230-52C6-4443-AE57-4BB6503C6E01</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Lock Screen Message</string>
<key>PayloadIdentifier</key>
<string>Lucass-MacBook-Pro.D0BED3AA-FC16-4276-A8A3-457AA8558C1E</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>24C286C4-D755-473D-8E09-5E5C0F152BD1</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

10
it-and-security/lib/configuration-profiles/ios-passcode-settings-ddm.json Normal file
View file

@ -0,0 +1,10 @@
{
"Type": "com.apple.configuration.passcode.settings",
"Identifier": "956e0d14-6019-479b-a6f9-a69ef77668c5",
"Payload": {
"MaximumFailedAttempts": 10,
"MaximumInactivityInMinutes": 5,
"MinimumLength": 12,
"MinimumComplexCharacters": 1
}
}

271
it-and-security/lib/configuration-profiles/ios-restrictions.mobileconfig Normal file
View file

@ -0,0 +1,271 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>HasRemovalPasscode</key>
<false/>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Configures restrictions</string>
<key>PayloadDisplayName</key>
<string>Restrictions</string>
<key>PayloadIdentifier</key>
<string>com.apple.applicationaccess.A001D62E-9217-47F0-9ECF-C5E3F548F9EF</string>
<key>PayloadType</key>
<string>com.apple.applicationaccess</string>
<key>PayloadUUID</key>
<string>A001D62E-9217-47F0-9ECF-C5E3F548F9EF</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>allowActivityContinuation</key>
<true/>
<key>allowAddingGameCenterFriends</key>
<true/>
<key>allowAirPlayIncomingRequests</key>
<true/>
<key>allowAirPrint</key>
<true/>
<key>allowAirPrintCredentialsStorage</key>
<true/>
<key>allowAirPrintiBeaconDiscovery</key>
<true/>
<key>allowAppCellularDataModification</key>
<true/>
<key>allowAppClips</key>
<true/>
<key>allowAppInstallation</key>
<true/>
<key>allowAppRemoval</key>
<true/>
<key>allowApplePersonalizedAdvertising</key>
<true/>
<key>allowAssistant</key>
<true/>
<key>allowAssistantWhileLocked</key>
<true/>
<key>allowAutoCorrection</key>
<true/>
<key>allowAutoUnlock</key>
<true/>
<key>allowAutomaticAppDownloads</key>
<true/>
<key>allowBluetoothModification</key>
<true/>
<key>allowBookstore</key>
<true/>
<key>allowBookstoreErotica</key>
<true/>
<key>allowCamera</key>
<true/>
<key>allowCellularPlanModification</key>
<true/>
<key>allowChat</key>
<true/>
<key>allowCloudBackup</key>
<true/>
<key>allowCloudDocumentSync</key>
<true/>
<key>allowCloudPhotoLibrary</key>
<true/>
<key>allowContinuousPathKeyboard</key>
<true/>
<key>allowDefinitionLookup</key>
<true/>
<key>allowDeviceNameModification</key>
<true/>
<key>allowDeviceSleep</key>
<true/>
<key>allowDictation</key>
<true/>
<key>allowESIMModification</key>
<true/>
<key>allowEnablingRestrictions</key>
<true/>
<key>allowEnterpriseAppTrust</key>
<true/>
<key>allowEnterpriseBookBackup</key>
<true/>
<key>allowEnterpriseBookMetadataSync</key>
<true/>
<key>allowEraseContentAndSettings</key>
<true/>
<key>allowExplicitContent</key>
<true/>
<key>allowFilesNetworkDriveAccess</key>
<true/>
<key>allowFilesUSBDriveAccess</key>
<true/>
<key>allowFindMyDevice</key>
<true/>
<key>allowFindMyFriends</key>
<true/>
<key>allowFingerprintForUnlock</key>
<true/>
<key>allowFingerprintModification</key>
<true/>
<key>allowGameCenter</key>
<true/>
<key>allowGlobalBackgroundFetchWhenRoaming</key>
<true/>
<key>allowInAppPurchases</key>
<true/>
<key>allowKeyboardShortcuts</key>
<true/>
<key>allowManagedAppsCloudSync</key>
<true/>
<key>allowMultiplayerGaming</key>
<true/>
<key>allowMusicService</key>
<true/>
<key>allowNews</key>
<true/>
<key>allowNotificationsModification</key>
<true/>
<key>allowOpenFromManagedToUnmanaged</key>
<true/>
<key>allowOpenFromUnmanagedToManaged</key>
<true/>
<key>allowPairedWatch</key>
<true/>
<key>allowPassbookWhileLocked</key>
<true/>
<key>allowPasscodeModification</key>
<true/>
<key>allowPasswordAutoFill</key>
<true/>
<key>allowPasswordProximityRequests</key>
<true/>
<key>allowPasswordSharing</key>
<true/>
<key>allowPersonalHotspotModification</key>
<true/>
<key>allowPhotoStream</key>
<true/>
<key>allowPredictiveKeyboard</key>
<true/>
<key>allowProximitySetupToNewDevice</key>
<true/>
<key>allowRadioService</key>
<true/>
<key>allowRemoteAppPairing</key>
<true/>
<key>allowRemoteScreenObservation</key>
<true/>
<key>allowSafari</key>
<true/>
<key>allowScreenShot</key>
<false/>
<key>allowSharedStream</key>
<true/>
<key>allowSpellCheck</key>
<true/>
<key>allowSpotlightInternetResults</key>
<true/>
<key>allowSystemAppRemoval</key>
<true/>
<key>allowUIAppInstallation</key>
<true/>
<key>allowUIConfigurationProfileInstallation</key>
<true/>
<key>allowUSBRestrictedMode</key>
<true/>
<key>allowUnpairedExternalBootToRecovery</key>
<false/>
<key>allowUntrustedTLSPrompt</key>
<true/>
<key>allowVPNCreation</key>
<true/>
<key>allowVideoConferencing</key>
<true/>
<key>allowVoiceDialing</key>
<true/>
<key>allowWallpaperModification</key>
<true/>
<key>allowiTunes</key>
<true/>
<key>forceAirDropUnmanaged</key>
<false/>
<key>forceAirPrintTrustedTLSRequirement</key>
<false/>
<key>forceAssistantProfanityFilter</key>
<false/>
<key>forceAuthenticationBeforeAutoFill</key>
<false/>
<key>forceAutomaticDateAndTime</key>
<false/>
<key>forceClassroomAutomaticallyJoinClasses</key>
<false/>
<key>forceClassroomRequestPermissionToLeaveClasses</key>
<false/>
<key>forceClassroomUnpromptedAppAndDeviceLock</key>
<false/>
<key>forceClassroomUnpromptedScreenObservation</key>
<false/>
<key>forceDelayedSoftwareUpdates</key>
<false/>
<key>forceEncryptedBackup</key>
<false/>
<key>forceITunesStorePasswordEntry</key>
<false/>
<key>forceLimitAdTracking</key>
<false/>
<key>forceWatchWristDetection</key>
<false/>
<key>forceWiFiPowerOn</key>
<false/>
<key>forceWiFiWhitelisting</key>
<false/>
<key>ratingApps</key>
<integer>1000</integer>
<key>ratingMovies</key>
<integer>1000</integer>
<key>ratingRegion</key>
<string>us</string>
<key>ratingTVShows</key>
<integer>1000</integer>
<key>safariAcceptCookies</key>
<real>2</real>
<key>safariAllowAutoFill</key>
<true/>
<key>safariAllowJavaScript</key>
<true/>
<key>safariAllowPopups</key>
<true/>
<key>safariForceFraudWarning</key>
<false/>
</dict>
<dict>
<key>AssetTagInformation</key>
<string>This is a FleetDM owned device</string>
<key>IfLostReturnToMessage</key>
<string>Fleet Device Management Inc.</string>
<key>PayloadDescription</key>
<string>Configures ownership information for a shared device</string>
<key>PayloadDisplayName</key>
<string>Lock Screen Message</string>
<key>PayloadIdentifier</key>
<string>com.apple.shareddeviceconfiguration.8A2A7B75-4E65-42EF-AC09-B1F8A7EE94B5</string>
<key>PayloadType</key>
<string>com.apple.shareddeviceconfiguration</string>
<key>PayloadUUID</key>
<string>8A2A7B75-4E65-42EF-AC09-B1F8A7EE94B5</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Restrictions</string>
<key>PayloadIdentifier</key>
<string>Lucass-MacBook-Pro.47AF8BD0-DC78-4814-98A1-40B927B3408E</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>A5EE2362-BF54-45F4-A00F-55B1E990A4C0</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

38
it-and-security/teams/iphones.yml Normal file
View file

@ -0,0 +1,38 @@
name: iPhones
team_settings:
features:
enable_host_users: true
enable_software_inventory: true
host_expiry_settings:
host_expiry_enabled: false
host_expiry_window: 0
secrets:
- secret: $DOGFOOD_IPHONES_ENROLL_SECRET
integrations:
google_calendar:
enable_calendar_events: false
agent_options:
path: ../lib/agent-options.yml
controls:
enable_disk_encryption: true
macos_settings:
custom_settings:
- path: ../lib/configuration-profiles/ios-restrictions.mobileconfig
- path: ../lib/configuration-profiles/ios-passcode-settings-ddm.json
- path: ../lib/configuration-profiles/ios-lock-screen-message.mobileconfig
- path: ../lib/configuration-profiles/ios-content-filtering.mobileconfig
macos_setup:
bootstrap_package: ""
enable_end_user_authentication: true
macos_setup_assistant: null
macos_updates:
deadline: ""
minimum_version: ""
windows_settings:
custom_settings: null
windows_updates:
deadline_days: 7
grace_period_days: 2
scripts: []
policies: []
queries: []