[bitfolk] Configuration management systems

I always meant to get my head around Ansible (or Chef, or Puppet) for my VPS based on recommendations on this very list. Sadly I have not yet got round to it, and I suddenly find I have a need for something of this ilk at work. My use case is a single Linux instance, on-prem. (No fleet, no cloud, no VMs or containers planned.) It's to provide internal services for an office network: DHCP, DDNS, maybe NAS, maybe print accounting, maybe firewall/router/IDS, maybe apt cache or other proxies. I think what I want is infrastructure-as-code: * Config files (/etc) under revision control with convenient automated backup * All superuser actions are fully logged and replayable (fire drill: complete reimage from scratch) * Nobody gets direct sudo access, but I can give out admin access via the config management tool. I've had root shells for about 25 years now but I'm new to thinking deeply about IaC. I would be grateful for feedback: - is what I think I want reasonable and achievable? (what are the gotchas?) - am I on the right track by looking at Ansible/Chef/Puppet and do any of them particularly suit my use case? Are the paid-for versions worth paying for? - is there a useful noobs guide? Thanks Ross