I see, based on your comment and others, Sylve seems to be heavily GUI for everything.

There is nothing wrong with that but if an user cannot perform the same tasks via CLI, I see that as a big blocker for a project to be fully adopted with exceptions. OPNSense, there is zero reasons to manage the whole network and what not via CLI, GUI makes life so much easier. I would hate it having to do everything via CLI.

The other thing is LXC, Sylve seems to call it jail.

I would expect this jail to support something like below.

Ansible only automates what you do manually, the server itself only sees the command and it will never run Ansible itself, so intead of manually creating a LXC, Ansible would send:

   - name: Deploy LXC
     ansible.builtin.command: >
      pct create {{ lxc_id }} {{ template }}
      --hostname {{ hostname }}
      --unprivileged 1
      --cores {{ cores }}
      --memory {{ memory }}
      --rootfs {{ storage }}:{{ rootfs_size }}
      --net0 name=eth0,bridge={{ bridge }},ip={{ static_ip }}/{{ cidr }},gw={{ gateway }}
      --features nesting=0

Of I wanna exec into the LXC container to restore a backup and start the system, I would expect Sylve to support this.

  - name: Import lists and hotfixes
    ansible.builtin.command: >
     pct exec {{ lxc_id }} -- bash -c "
     pihole-FTL --config ntp.sync.interval 0;
     systemctl stop pihole-FTL;
     sqlite3 /etc/pihole/gravity.db < /tmp/adlist.sql;
     systemctl start pihole-FTL;
     sudo pihole -g
     "

All of that from my PC without having to go to a browser. That is the friction that your team should look into automating, there is always a way, it is just easier to go to the browser.