Or something like Ansible? Which is battle tested, provides idempotency for most things, and has a large library of tasks it knows how to do.