To set up initially, possibly. But this is for maintenance too. Need to install a security patch? Puppet. Need to upgrade versions? Puppet. Want to tweak some setting somewhere? Puppet. Using Puppet makes it stupid easy for us to keep our setups (a) in sync, (b) up to date and secure, and (c) do it without a bunch of hacky scripts that will probably break or not work right in 3 months.
I'm not seeing it how installing a security patch is any different. Security patches usually check to see if they need to be applied before doing anything. Updating a version is as simple as `brew update node`, `brew updated mongodb`, etc. The bash you call hacky is what's being done here with an extra layer of Ruby.
Cool, well have fun next time you need to update a setting buried in a config file or verify the results of something you ran. You can write 200 lines of bash that might work (or might not if the user decides they like csh or zsh) or like 3 lines of Puppet and guarantee it's idempotent.
There's a lot more to this than just setup scripts, but if all you need is setup scripts with the occasional update, then by all means just stick with that. Our needs just happen to be beyond that.
