[bloopernova]

It might not be up to her requirements, but an Ansible playbook may help. It's what we use to set up new MacBooks and only runs in localhost mode.

Ansible is fairly quick to learn, and can control homebrew so it's able to install a lot of stuff.

If you're interested, ping me and I can share some snippets. Also I bet you'll get a reply from someone evangelizing Nix ;)

EDIT: Oh, and git repo with dot files is very useful. As is homebrew bundle, which installs a list generated from a different host.

EDIT 2: oh also I just moved MacBooks last week, so a lot of this fresh in my head right now. Including cargo/rust, VSCode profiles, brew bundle, ublock origin config, backups of .envrc files, etc etc ad infinitum. My Emacs config was actually about the easiest bit to move!

[MichaelZuo]

This sounds like a lot more work then a few extra button clicks?

[dumpsterdiver]

Indeed, but when the alternative is missing critical security updates for years at a time one only needs to be bitten once to understand the value.

[MichaelZuo]

Monterey is still receiving security updates though?

[dumpsterdiver]

I’m not sure what you mean. Keeping a system updated does include updating to the latest major operating system release when an older one no longer receives security updates.

Ansible (and other provisioning solutions) could help in the case where updates break an existing workflow by attempting to put the system back into the desired state. Of course if something broke after and update there’s a chance that trying to fix it will fail, but at least it would fail loudly during the provisioning process and you’d be able to see why.

[MichaelZuo]

The alternative in this case, sticking with Monterey, means they still receive the security updates.

[bloopernova]

Less work than a week of manually doing it.