Setting up data/file structure and how to manageme on NixOS

I am hoping to move from Windows to NixOS. I have not used desktop Linux in a few years, but I am generally comfortable with traditional Linux through work tasks, docker, etc.

I really like the idea of describing my OS, app, and configs via configs and the version control via flakes, etc.

The one thing I am not able to find in my reading and research is to understand the data-side of NixOS, the stuff that isn’t immutable, etc.

Under windows I encrypt my hard drives with Veracrypt, My temp files are on a ram drive, I keep all my data on separate hard drive or partition (It’s own drive, I never store in “My Documents” or under the User profile). I have some idea of how I would setup something similar in Debian, but I would like some more help and advice. At a high level, would I just have everything living in my ~ home directory and could I still just mount a separate drive? I see there are lots of strategies with ZFS, BTRFS, etc.

Here are some of the things I want to accomplish:

  1. Everything is encrypted as much as possible at rest (power off); no temp or swap or anything should be excluded from encryption.

  2. No swap, tmp on a ramdisk / tmpfs in ram. The system I will be setting this up on is 64gb so I see no reason to use swap for my type of workload

  3. Disks with purpose vs some type of virtual JBOD. The used PC I purchased has 4 drives of various sizes and speed. I would like to optimize around these.

    A. My initial thought was “apps” go on the slower drive and would generally be in memory anyway (My understanding is Linux is pretty good about predicting this but there are tools like vmtouch that can help you prioritize)

    B. I want my actual data and files to be in one place - e.g., I could rm -rf my OS and mount my files someplace else or boot the drive separately and still get my data. I could technically physically image on drive/partition that is for data only and not include the OS stuff, which I could easily rebuild from my config

    C. Can I put my older derivation / app version / Nix store (?) on the older slower hard drive so they are still there, but not taking up space when I don’t need them?

    D. Things I rarely need can be moved to the lower speed hard drive freeing up space on the NVMe drive.

  4. Some corruptions happens in the OS, my files are on their own partition and drive and are no affected. I can rebuild my OS without risk of data loss or dependencies on my backups to recover.

From what I read, I think home-manger and flakes are something I want to use. I see that you often have these files sitting in your home directory. I am not sure if there is an order of operations issue with mounting things and where configs live. I am also not sure if I want to separate my user configs from my data (actual documents) and if that causes issues when things are overlaid to a mount point? The files needed to configure my app settings, etc. are now actually configured from home-manager and don’t need to be backed up the same way as my actual data/documents?

Is it also reasonable to be able to share my home directory and or files across different Linux Distros? e.g., I can live boot some OS and still access my data. When it comes to encryption, I would want to be able to just mount my data drive or partition (I accomplish this on Windows in Veracrypt by automounting my data drive at bootup) ; I should be able to take my data drive somewhere else and still decrypt/access data without my NixOS install.

I think some of these may be more generic Linux questions, but I am concerned that in NixOS there are different implications because its not the standard file system, etc. Any helps or suggestions on how to accomplish my goals on the initial setup would be greatly appreciated; I don’t want to find out later I tightly coupled something or didn’t select the “encrypt everything as much as possible” option.