Instead of disabling it completely, you can set it to 'relaxed'. That still allows network access, but maintains the other isolation guarantees.
Obviously this introduces a potential impurity. I use it for installing NeoForge into a minecraft server derivation; the downloaded files could change behind my back, but so long as the version doesn't change it should still be compatible. It hasn't yet caused trouble.
NixOS has a lot of escape hatches once you look around, and you shouldn't be afraid to use them. The downside of impure derivations aren't quite as bad as not-using-derivations, anyway.
Another option is to declare it as a fixed-output derivation, in which case network access is enabled by default. This doesn't work for most installers, though; at a minimum you'll need to delete logfiles that might contain timestamps.
Obviously this introduces a potential impurity. I use it for installing NeoForge into a minecraft server derivation; the downloaded files could change behind my back, but so long as the version doesn't change it should still be compatible. It hasn't yet caused trouble.
NixOS has a lot of escape hatches once you look around, and you shouldn't be afraid to use them. The downside of impure derivations aren't quite as bad as not-using-derivations, anyway.
Another option is to declare it as a fixed-output derivation, in which case network access is enabled by default. This doesn't work for most installers, though; at a minimum you'll need to delete logfiles that might contain timestamps.