I am trying to understand.
Docker, which uses OCI containers that are supported by Docker, Podman, Containerd, systemd-nspawn, etc, is lock-in.
But Nix Shells, which require Nix, are not lock-in.
Also, how are you going to run Nix shells in VLANs? They run on the host's network namespace.
Docker is not only about dependency management. It also offers service "composing", via docker compose, and network isolation for each service.
Although I personally love Nix, and I run NixOS on some of my servers, I do not believe it can replace Docker/Podman. Unless you go the NixOS Containers route.
I have Signal and microG with push notifications. Signal still uses websocket on my device. So, I guess it would be fine without microG push.