I like to run a hypervisor host as just that, a hypervisor host. The host being stable is important, and also reduce attack surface by only having it as that.
An LXC per service is somewhat overkill. A docker host running on LXC could likely run all the docker containers.
Blasphemy!