I recently setup a partial HTPC environment with radarr, bazarr, jackett and rutorrent via
virtualisation.oci-containers.containers. The process was dead simple with surface-level Docker knowledge; well done for making it so streamlined.
After everything was setup I found that most of the services are available as NixOS options, which made me ask: if a NixOS service is already available, when should docker be used?
I consider services that depend on sane/common dependencies, and only export some ports for communication as trivial. Examples are nginx, murmur, mpd, etc. Trivial services I’m alright with running as NixOS services. But non-trivial services — i.e., the HTPC environment listed above that expose web interfaces, depend on Mono/PHP, etc. — I consider running in Docker instead: because of their relative complexity I want these services only to access a bare minimum of system resources. A trivial service can also be a bad actor, but then I might as well dockerize all my services, and that offers up a lot of the convenience of using NixOS (unless there is some way to nest NixOS systems declaratively).
Thoughs? Are there any services you only run in a Docker? Why?