I want to say that I saw a post at some point about one of the popular instances (was it beehaw or lemmy.world?) not requiring users to answer a challenge question during signup. Does it seem like email verification is sufficient to mitigate bots or does a challenge question help too, do you think? Sopuli required both. Unverified users can apparently post?

Ah, good to know, thank you. I hadn't really considered that if the whole environment is scripted out like it is, then I wouldn't get as much benefit out of them as I do otherwise. Good tip!

Thank you for your extremely thoughtful response. One thing I need to research for myself is how user data, configuration, etc. is handled with a rollback. In MicroOS, the system itself is snapshotted by default (/etc for example) but user data (/home) is not. I would assume that a rollback would not touch the user data, so an upgrade could break that (e.g. database migration performed by a package update).

If you're always able to roll back, is taking the time to build and run a VM really worth it except for very critical maintenance windows? Does the VM just copy the nix config or the data too? Today, I use Vagrant for testing my Salt states. It does what I need.

I don't come from functional programming, but I'm sure I'll figure it out. Would have been nice for it not to have its own language, but I suppose that's most efficient instead of repurposing / abusing another language in a weird way.

Sweet, thats's a big deal for me as well. Nobody else wants to learn any kind of orchestration or anything, so I've been trying to get Salt to manage the containers I have, and it's a bit of a pain. Having them configured the same way as the server would prevent some headache, I think!