Invidious?

I have used all three! I started with Server then went to CoreOS running Kubernetes and settled on NixOS which I have been very happy with for about a year now. I run about 25-30 services all using built in modules.

Regarding security, if you are using well crafted modules on NixOS, there should be good systemd hardening in place. That being said there is no reason you can’t just use containers on NixOS.

I also find deploying NixOS far superior to butane/ignition used by CoreOS/Fedora. I use nixos-anywhere and can deploy my entire server in a few minutes without manual intervention.

Prometheus and Altertmanager

I’m using the recently merged Clevis module for NixOS. There was a recent talk at FOSDEM about it.

You might be interested in setting up network bound encryption via Clevis and Tang. I use a hidden pi zero in my house acting as a Tang server. It’s great being able to reboot any of my encrypted servers without having to manually unlock disks.

Every hour via Restic to a local Mino instance on my NAS. Once a day to backblaze B2. Once a week to an offline HDD in my fire safe.

Keep in mind the more often you backup the less total time each backup should take to run. If your backup software isn’t too heavy to run and stores backups incrementally, there is little penalty to frequent backups.

I’m a Miniflux user as well but prefer the Flux News app: https://github.com/KevinCFechtel/FluxNews