The first time you harden a server manually, you learn a lot.
The second time, manual steps are already a liability.
For me, the useful shift was moving from one-off setup to repeatable infrastructure decisions:
- baseline packages and updates
- SSH policy and access control
- service isolation
- reproducible provisioning
- a deployment flow that does not depend on memory
That led naturally to an Ansible repository used as a safer foundation for client VPS deployments.
The real value was not the tool itself. It was removing avoidable variance from production work.