Best resource I've found is searching GitHub.
My setup closely follows https://github.com/Misterio77/nix-config.
For servarr I just translated someone else's docker compose setup to nix. There are some ready made nix ones you can look at like https://github.com/rasmus-kirk/nixarr/tree/main/nixarr.
The complex networking I just picked up over time once I knew my way around a little bit.
GitHub is your best resource. lang:nix search terms.
I wouldn't run NixOS in a container. With native nix containers I'm pretty sure they share the store. For docker I'd use images built with nix (doesn't run nix itself) or pull from docker hub.
OS: NixOS (high learning curve but its been worth it). Nix (the config language) is a functional programming language, so it can be difficult to grok. Documentation is shit as its evolved while maintaining backwards compatibility. If you use the new stuff (Nix Flakes) you have to figure what's old and likely not applicable (channels or w/e).
BYOD: Just using LVM. All volumes are mirrored across several drives of different sizes. Some HDD volumes have an SSD cache layer on top (e.g., monero node). Some are just on an SSD (e.g., main system). No drive failures yet so can't speak to how complex restoring is. All managed through NixOS with https://github.com/nix-community/disko.
I run stuff on a mix of OCI containers (podman or docker, default is podman which is what I use) and native NixOS containers which use systemd-nspawn.
The OS itself I don't back up outside of mirroring. I run an immutable OS (every reboot is like a fresh install). I can redeploy from git so no need to backup. I have some persistent BTRFS volumes mounted where logs, caches, and state go. Don't backup, but I swap the volume every boot and keep the last 30 days of volumes or a min of at least 10 for debugging.
I just use rclone for backups with some bash scripts. Devices back up to home lab which backs up to cloud (encrypted with my keys) all using rclone (RoundSync for phone).
Runs Arrs, Jellyfin, Monero node, Tor entry node, wireguard VPN (to get into network from remote), I2C, Mullvad VPN (default), Proton VPN (torrents with port forwarding use this), DNS (forced over VPN using DoT), PiHole in front of that, three of my WiFi vlans route through either Mulvad, I2C, or Tor. I'll use TailsOS for anything sensitive. WiFi is just to get to I2C or Onion sites where I'm not worried about my device possibly leaking identity.
Its pretty low level. Everything is configured in NixOS. No GUIs. If its not configured in nix its wiped next reboot since the OS is immutable. All tracked in git including secrets using SOPS. Every device has its own master key setup on first install. I have a personal master key should I need to reinstall which is tracked outside of git in a password manager.
Took a solid month to get the initial setup done while learning NixOS. I had a very specific setup of LVM > LUKS encryption /w Secure Boot and Hardware Key > BTRFS. Overkill on security but I geek out on that stuff. Been stable but still tinkering with it a year later.
I saw that documentary. "The Wolf of Wall Street" or something? Maybe that was actually late 80s-early 90s.
On a daily basis I consume enough drugs to sedate Manhattan, Long Island, and Queens for a month. I take Quaaludes 10-15 times a day for my "back pain", Adderall to stay focused, Xanax to take the edge off, pot to mellow me out, cocaine to wake me back up again, and morphine... Well, because it's awesome.
I've been screaming its just wage theft. My city provides tax breaks for occupancy (employees prop up the local economy buying lunch). They are making me pay for gas, time, and car maintenance (and lunch but fuck them, I'll just not eat) for this tax break which goes to C-level bonuses/shareholders. Its just another way of skimming off the top of employee wages.
We worked fully remote for nearly 2 years and the hybrid policy just keeps getting worse and worse. Coupled with quarterly riffs, I also suspect this is to avoid severance pay/unemployment while accelerating the down sizing. Yet our CEO bonus keeps going up and up despite our stock plummeting since the end of COVID lock downs.
The DNS is cheap. Something like a penny a day for privacy. I typically paid like $50 every 2-3 years for both renewal and DNS on a couple domains.
Was kind of a PITA to be honest as I remember their login process was a little weird. I eventually moved on when they were slow to adopt some of the newer TLDs.
You need downers to ride the uppers and get that perfect drug fueled circadian rhythm going.
Energy drinks during the day and a nice indica bong/dab rip, edible, or blunt in the evening.
Warning: If things have escalated to cocaine/meth/adderall to go up and opiates and a handy from the local masseuse to go down, you're probably riding the rhythm too hard.
/s please take care of yourself!
The registrar owns the domain then, not you. I made a root comment about Njalla which offers this service.
edit: Well you could use fake data. Still risk losing claim to it. I tried doing this with name cheap and they figured it out somehow that the info I gave wasn't real. Was years ago so I don't remember what I put in. My guess is it was one of those soft credit lookups (where did you live between X and Y?). Could also be misremembering.
One of the pirate bay founders created https://njal.la/#home but with the caveat:
For instance, when you register a domain name in our system, we can register with our own data. We will be the actual registrant of the domain -- it's not an ownership by proxy as found with all other providers. However, you will still have the full control over the domain name. You can either use our information (and our nameservers) or you can go with your custom data. And you can move at any time. Simple, flexible.
I believe it is required (ICANN?) to have a real entity attached to every domain, even with a proxy for the public whois. They simply offer to be that identity to avoid giving any identifying information, but they will have all claim on it if it came to a legal dispute.
I accidentally pirate crap I have legitimate access to because I can't be bothered to figure out which damn platform its on. I have access to quite a few through work due to my industry at no out of pocket costs.
The times I try to actually search for something, it'll be listed on multiple platforms but 0 to 1 of those platforms will actually have what I'm looking for included with the subscription forcing me to manually check each one.
It is easier to just pirate.
For the networking I found some repos with Nix and Gluetun (OCI containers). I don't see them in my bookmarks, so it was probably a day project when I set up and didn't keep the references.
That part is still in docker / podman. So any docker network guide just needs to be translated to nix.