I think a proper architecture would not even have a root account. The server would just expose an authenticated endpoint that allows for configuration and updates to be pushed for it.

You are thinking 20 years ahead. In 1995 most servers were still pets, not cattle.