No, I think you are misunderstanding my poor explanation.
Your emails are encrypted at rest on their server regardless if you use the web client or IMAP through the bridge.
The thing is that the encryption layer must happen at some point in time when you communicate with their API:s. In the web client this encryption is built-in. IMAP on the other hand does not support this type of end to end encryption, so the bridge adds this layer for you.
So you communicate unencrypted locally between your email client (Thunderbird for example) and the Protonmail bridge that you have installed locally on your computer. Then Protonmail bridge encrypts and decrypts all emails for you. So to your email client, it seems like a normal email server, but in reality everything is encrypted.
(Standard “encrypted email” disclaimer: Your emails are not encrypted in transit unless both parties, sending and receiving, are set up for encryption. Email is otherwise not end to end encrypted in transit)
Imap and end to end encryption are not possible at the same time.
Bridge exposes an IMAP interface but encrypts everything as Proton would, had you used the web client.
It solves a technical limitation.
Most, if not all, of those hired as a software developers at any of these companies has loads of other jobs they could take. The only thing setting them apart is the size of the paycheck.
For less in-demand skills I get your point though.
Here’s some music from one of my favourite bands :)
https://open.spotify.com/album/1B12ldQwBhDeS0gIcUg0ux?si=Bf9GHetQSQGup-A50OzRTQ
NixOS is exactly what you want.
You declare your configs in a way that you can just copy them to another computer and it willbe configured the same way.
I’ve never tried it my self, but I might for my next machine.