Podman runs without a daemon which for some reason makes podman compose an a bit tricky replacement for docker compose.
But for a single purpose, why not just install nextcloud as a system package via layering? I think that should be pretty secure through SELinux and would be the easiest choice.
Other problems with coreOS:
ignite file make monkey brain confusion
updates always require a reboot unlike on Debian, where only kernel updates need that (downtime is minimal and can be automated using a systemd service)
But I would honestly try it. Maybe give secureblue server a try, should be more similar to your desktop than coreOS (which seems to be made for wide deployments)