It's a perfect opportunity to brush up on your {scripting language of choice} skills, though there are some pitfalls on macOS (e.g., not being able to set some preferences until another preference has been set).
Meta, I treat my devices like containers; assume that everything is ephemeral, and regenerate the environment on a frequent basis. Old stuff collects in iCloud as an archive, though anything live must be source-controlled (GitHub, Bitbucket et al).
By the way, as this unfortunately has to be said, credentials are NOT stored in source control. E-mail signatures and response tablets ARE.
As for system-wide backups, I don't do them (said the object storage guy); they're far too precious an approach to storage that ultimately should be better focused (live / archive / ephemeral). That said, the overlay approach that macOS takes should be more conducive to layered state, for those that DO backup.
There's a fair bit you can do to set config with scripting. I've only done this for initial setup (new machines at a small firm), but you may be able to find a good chunk of what you need and update/run it as often as you'd like.
https://github.com/mathiasbynens/dotfiles/blob/master/.macos