My company doesn't NixOS in production as the policy is that only single distro is approved and we are paying tons of money to the vendor to make sure that our requirements are satisfied.

We do use (on some projects) Nix for development environment as well as for building containers packages or deployment. I like the following benefits:

- nix allows to pin all dependencies, this means that if I checkout older version from the repo and run code to generate container, I will get the exact same container. This means storing older versions of containers is not as big deal. This maybe isn't impossible to do with Dockerfile, but is very hard, and with practice I don't think in practice I saw any truly reproducible Dockerfile

- since nix traces all explicit and implicit dependencies, it is easy to create containers that only contain the application and its dependencies

- I can easily override any components, for example I can modify python to only have dependencies that I also used, switch to use musl. Design the docker container so it has 3 layers (python and its dependencies, application dependencies, application) this allows me to effectively use layers and reuse ones if dependencies don't change. This also lets me produce much smaller images.

- when CI pipeline runs it benefits from caching, this means for example I made change in the branch and then merge branch and my merge did not modify files then nix won't rebuild it again, if merge results with slightly different files, nix will rebuild things that changed

- the dev environment provides shell with installed the exact same tools for everyone, the environment can also be used in CI/CD so the same exact tools are used there so things are more predictable

- again, caching with the dev shell. If you run it for the first time it might download some additional files then runs the commands in that shell, subsequent runs immediately go to the same state and run the command. With just docker runners I typically see over and over container starting up and downloading maybe some python packages needed for the deployment. Which often makes jobs take few minutes to run, while with nix is just few seconds. If someone is clever maybe they will create a virtualenv and then cache the directory, or maybe builds a custom docker image with things preinstalled and use that, but in practice only few people care enough about it.