A “slightly less nixy” way I have been using in production (at the time I had some additional issues if I remember correctly) is running bunkerized nginx in a container (as a systemd managed container on the nixos host, configured completely via env vars. That has been a pretty ok user experience and probably a feasible alternative if serving a limited number of domains (or at least a limited number of specific options).