Professionally I am an “Architect” and not much involved in system config (anymore), what I describe below is how I do things for my own, private, servers: Not a big fan of docker, it too often means “cobbled together by a dev not understanding security implications” aka “Institutionalized ‘works on my machine’” (of course there are exceptions!). Generally I like using Ansible, because it feels close to how I learned things (ssh, manually), while still making things reproducible (Infrastructure as Code). But, again, not too big a fan of using other peoples “roles”, because you never know how well they actually understand what they’re doing. I read them for a rough understanding, but usually opt to write my own, based on careful reading of a given software’s config manual.
Professionally I am an “Architect” and not much involved in system config (anymore), what I describe below is how I do things for my own, private, servers: Not a big fan of docker, it too often means “cobbled together by a dev not understanding security implications” aka “Institutionalized ‘works on my machine’” (of course there are exceptions!). Generally I like using Ansible, because it feels close to how I learned things (ssh, manually), while still making things reproducible (Infrastructure as Code). But, again, not too big a fan of using other peoples “roles”, because you never know how well they actually understand what they’re doing. I read them for a rough understanding, but usually opt to write my own, based on careful reading of a given software’s config manual.