When should docker be used over NixOS services?

I recently setup a partial HTPC environment with radarr, bazarr, jackett and rutorrent via virtualisation.oci-containers.containers. The process was dead simple with surface-level Docker knowledge; well done for making it so streamlined.

After everything was setup I found that most of the services are available as NixOS options, which made me ask: if a NixOS service is already available, when should docker be used?

I consider services that depend on sane/common dependencies, and only export some ports for communication as trivial. Examples are nginx, murmur, mpd, etc. Trivial services Iā€™m alright with running as NixOS services. But non-trivial services ā€” i.e., the HTPC environment listed above that expose web interfaces, depend on Mono/PHP, etc. ā€” I consider running in Docker instead: because of their relative complexity I want these services only to access a bare minimum of system resources. A trivial service can also be a bad actor, but then I might as well dockerize all my services, and that offers up a lot of the convenience of using NixOS (unless there is some way to nest NixOS systems declaratively).

Thoughs? Are there any services you only run in a Docker? Why?