Nix is where we're going. Maybe not with the configuration language that annoys python devs, but declarative reproducible system closures are a joy to work with at scale.
Reproducible can have a lot of meanings. Nix guarantees that your build environment + commands are the same. It still uses all the usual build tools and it would be trivial to create a non-reproducible binary (--impure).
From what I read, I gather nixpkgs are more hermetic (as in Bazel [0]) & not reproducible? https://discourse.nixos.org/t/nixos-is-not-reproducible/4268... / https://archive.vn/mXeih
[0] https://bazel.build/basics/hermeticity