at least the opening post didnt seem you overly like the replacing all keys and stuff.
for me personally the best security and safety combined and you REALLY dont wanna lose the key would likely to just take a computer that doesnt have networking after getting all the important things are installed (for example a raspi), then generate the keys there and store them using a good passphrase on maybe a few storage devices and then put them also on the nitrokey.
depending on how advanced one wants to go signing/encryption subkeys could be made on the nitrokey itself as these are easier to replace than the main key. while the encryption key might wanna have a backup, the signing subkey is likely by far the easiest to have smartcard only without worrying.
makes sense, the problem with security is always that you have to choose somewhere between effort and security and the big where on the line you wanna be is dependent on which is worse, your key being compromised or your key being lost.
not sure if there are stats on the chip that could tell how many unlocks it had so one could take a guess on its life or get an early info that a key replacement might be imminent.
another idea to keep running with only smartcard keys (at least for signature stuff, encryption is always problematic to deal with for things like this) could also be to get a 2nd smartcard, make a new set of keys there and sign those off by your first key as a kinda “these are my second set of keys” statement.
that way you could prove without manual verification that it’s still you, which is at least for signatures pretty nice.