1. Disregard Docker. You've got NixOS, you don't need Docker. Thank god.
2. Configure the services:

{config, pkgs, ...}: {
  # Jellyfin
  services.jellyfin.enable = true;
  
  # enable the other *arrs, whichever you want to use
  services.sonarr.enable = true;

  # qbittorrent user and service
  users = {
    groups.torrent = {
      # put users that should be allowed to access torrented media
      members = [config.services.jellyfin.user "you"];
    };

    users.torrent = {
      isSystemUser = true;
      description = "qbittorrent user";
      group = "torrent";
      createHome = true;
      home = "/var/lib/torrent";
    };
  };
  
  systemd.services.qbittorrent = let
    qbittorrent = pkgs.qbittorrent.override {guiSupport = false;};
  in {
    enable = true;
    description = "qbittorrent daemon";
    documentation = ["man:qbittorrent-nox(1)"];
    wants = ["network-online.target"];
    after = ["network-online.target" "nss-lookup.target"];
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      ExecStart = "${qbittorrent}/bin/qbittorrent-nox";
      User = "torrent";
    };
  };
  
  # VPN configuration
  networking.wg-quick.interfaces = {
    mullvad = {
      # Insert options for Mullvad
      address = [...];
      dns = [...];
      peers = [
        {
          publicKey = "...";
          allowedIPs = ["0.0.0.0/0" "::0/0"];
          endpoint = "...";
        }
      ];
    };
  };
  
  # file server, SMB unfortunately works the best for all the operating systems
  services.samba = {
    enable = true;
    shares = {
      storage = {
        # where do you store your stuff?
        path = "/path/to/linux/ISOs";
        browseable = "yes";
        "read only" = "no";
        "guest ok" = "yes";
        "create mask" = "0644";
        "directory mask" = "0755";
      };
    };
    extraConfig = ''
      workgroup = WORKGROUP
      server string = ${config.networking.hostName}
      netbios name = ${config.networking.hostName}

      guest account = nobody
      map to guest = bad user

      # No printers
      load printers = no
      printing = bsd
      printcap name = /dev/null
      disable spoolss = yes
      show add printer wizard = no

      dos charset = CP850
      unix charset = UTF-8
      unix extensions = yes
      ; mangled names = no
      map archive = no
      map system = no
      map hidden = no
    '';
  };
}

This is a minimal config that doesn't set up specific stuff like qbittorrent's file storage location or network interface, I'd tell you how to do it but I don't actually have such a setup. This is just copied from what I have/had in my configuration and looking up services on https://search.nixos.org (very useful site if you don't know about it).