I don’t use NixOS for my home server mainly because of lack of MAC (SELinux or AppArmor). I use Ansible to configure AlmaLinux from package installation to firewall to systemd services.

I use NixOS for desktop and development machines.

Ansible and Nix. Code is the document.

This is on my todo list. I use Docker-compose for it’s simplicity, but Docker is a security nightmare. If you are not careful, it would expose your Nextcloud instance to the whole world. Podman integrates nicely with firewalld which gives me zone based rules. Can’t wait to do this. But I will give sometime to let Quadlet get stabilized and popular.