How do you upgrade to new versions?
How do ship security patches?
How do backup? And do you regularly test your backup?
I feel like upgrade instructions for some software can be extremely light, or require you to upgrade through each version, or worse.
Not the OP.
I assume everything running in docker.
For containers: Upgrading new versions can be done headless by watchtower or manually.
For the host: You can run package updates regularly or enable unattended upgrades.
Backups can be easily done with cron + rclone. It is not a magic.
I personally run everything inside docker. Less things to concern.
nixOS is great as host. If updates break something, either update does not go through or you just rollback to previous version. And all configuration in a single file.
I have been trying to move from proxmox + arch VMs to incus + nixos VMs. Really love the idea of functional programs as a config but the upfront cost of getting familiar with it is quite high but seems to be worth it