[import]

Not the OP.

I assume everything running in docker.

For containers: Upgrading new versions can be done headless by watchtower or manually.

For the host: You can run package updates regularly or enable unattended upgrades.

Backups can be easily done with cron + rclone. It is not a magic.

I personally run everything inside docker. Less things to concern.

[nicce]

nixOS is great as host. If updates break something, either update does not go through or you just rollback to previous version. And all configuration in a single file.

[udev4096]

I have been trying to move from proxmox + arch VMs to incus + nixos VMs. Really love the idea of functional programs as a config but the upfront cost of getting familiar with it is quite high but seems to be worth it