I'm unclear on the benefit of NixOS vs container optimized os (aka coreos/flatcar). These systems have read only root partitions, no package manager, minimal services. The package manager is simply docker.
In case of Fedora coreOS and openSUSE microOS you can you use an ignition file to declare your complete OS before the installation. From partions over packages to file contents.