Ansible is a little heavyweight for what you want, but if you wrap it in a script and only use the built-in modules, it's probably got everything you need.
This is how I set up my Mac as well; just a local connection. Sets up out of box Mac in about 15 minutes and I can keep my two Mac's configs in perfect sync: https://github.com/geerlingguy/mac-dev-playbook
Here's the wrapper script:
You run the script with "-CD" for dry run mode, and without arguments for production mode. And here's the docs for the available modules [0].[0] https://docs.ansible.com/ansible/latest/collections/ansible/...