![](https://lemmy.world/pictrs/image/854cfbc1-24ed-4444-b8dd-643da1a26815.jpeg)
![](https://lemmy.ml/pictrs/image/ucPeLo62DS.png)
Right. You kind of want your bare metal OS as vanilla as possible. If you need to nuke and pave, you don’t need to worry about re-applying various configs. Additionally, on a theoretical level, if there’s a bug in something on the bare metal OS, the separation provided by VMs and containers should mean it doesn’t affect the the apps in those VMs / containers.
That seems easier - at least to me - than keeping track of configs in text files or even Ansible playbooks.
Maybe some castration along the way, too.