Jumping in randomly: With portage-2.2 stable, you can now put sets in overlays. This has greatly simplified our shared configuration, because I can push out a base set of packages to every system just by including it in our overlay (which is configured on every machine).
If you can push out package sets, you can push out configuration. I've recently started pushing out our Apache configs this way. I have a package called apache2-macros, and an ebuild in our overlay for apache2-macros-x.y.z. This is part of the set that gets installed on all web servers, so when I update the apache2-macros package and ebuild, it automatically gets pushed to the web servers during the next update. You can use -9999 instead for convenience, but then you'll have to remember to re-emerge it now and then. For the config files that /differ/, I just use a makefile. I have a git repo laid out like the filesystem hierarchy, i.e. in the root of the repo I have "etc", and "usr" directories containing any config files that need to be copied to /etc or /usr. The makefile isn't very complicated, one magic rule handles most of the files which are plain text and wind up in /etc. Here's a short example. FILES = /etc/conf.d/net \ /etc/portage/env all: $(FILES) /%: ./% cp $< $@ chmod 644 $@ You can add more files without touching the rules unless you need different permissions.