I dont think the criticism of installing apps is valid. Windows also has many ways of installing things. He criticizes the app center as if you can install everything from the microsoft store. On windows you still install stuff from a website, and you can use a package manager too it just isn't a requirement.
If you use conda, I suggest using pixi as a project manager. It has lock files which will fix dependencies, and it can activate your enviroments with scripts and variables defined in your pyproject.toml. It has been so much better than using conda directly: https://pixi.sh/
Theres three things at play here: nix, nixpkgs, and NixOS.
Nix is a programming language. Its designed as its primary purpose to configure, build, and install software.
Nixpkgs is a collections of mamy bundles of premade nix code called derivations. These derivations include the build instructions for applications and the configuration options for those applications. This part is most equivalent to a package repository, but it does not contain prebuilt packages. It only contains the instructions for building it.
Nix has a wide variety of tools for managing these derivations. This includes downloading derivations from nixpkgs and building them locally on your machine (or finding prebuilt packages from a cache). Nix shell is one of those tools that downloads a package temporarily, and makes it available in your shell. You wouldnt use nix shell for installing things permanently.
The OS built with nix as the primary package manager is NixOS. It allows you to define your entire system state as a derivation: your systemd units, installed packages, user configuration, graphical environment, etc.
The best part of NixOS is that it takes the OS and represents the state of the computer as a single repository of code. If you look up someones nixos configuration on GitHub, you'll see a single collection of files (filled with derivations!) that completely and totally define the state of the system.
I use borg backup. It, and another tool called restic, are meant for creating encrypted backups. Further, it can create backups regularly and only backup differences. This means you could take a daily backup without making new copies of your entire library. They also allow you to, as part of compressing and encrypting, make a backup to a remote machine over ssh. I think you should start with either of those.
One provider thats built for being a cloud backup is borgbase. It can be a location you backup a borg (or restic I think) repository. There are others that are made to be easily accessed with these backup tools.
Lastly, I'll mention that borg handles making a backup, but doesn't handle the scheduling. Borgmatic is another tool that, given a yml configuration file, will perform the borgbackup commands on a schedule with the defined arguments. You could also use something like systemd/cron to run a schedule.
Personally, I use borgbackup configured in NixOS (which makes the systemd units for making daily backups) and I back up to a different computer in my house and to borgbase. I have 3 copies, 1 cloud and 2 in my home.
Its all local. Ollama is the application, deepseek and llama and qwen and whatever else are just model weights. The models arent executables, nor do the models ping external services or whatever. The models are safe. Ollama itself is meant for hosting models locally, and I dont believe it even has capability of doing anything besides run local models.
Where it gets more complicated is "agentic" assistants, that can read files or execute things at the terminal. The most advanced code assistance are doing this. But this is NOT a function of ollama or the model, its a function of the chat UI or code editor plugin that glues the model output together with a web search, filesystem, terminal session, etc.
So in short, ollama just runs models. Its all local and private, no worries.
Tinkering, really. I did a bunch of stuff with wine and virtualization and troubleshooted across versions. One time I manually updated the version of sqlite in python's std lib to be a newer version. I picked a non LTS kernel once. All these things compounded and bloated my system. And when I went to do clean up, I didnt have a record of exactly everything I installed, what I used and what I didnt. It was guesswork to clean up my disk or even remember the tools I used to get a project working.
This is solved with declarative configuration, which is the basis of NixOS. I believe VanillaOS 2 has something similar. Likewise, this is one the great benefits of docker, vagrant, ansible, etc.
NixOS. My primary reason for switching was wanting a single list of programs that I had installed. After using ubuntu for 5 years I just lost track of all the tools and versions of software that I had installed...and that didnt even count my laptop. Now all my machines have a single list of applications, and they are all in sync.
I like butter+jelly and butter+peanut butter on my biscuits, but never both. I also like making sausage gravy with cream cheese instead of flour most of the time. Looks yummy anyway, even the eggs right on top ;)
https://appflowy.com/ is another possibility.