It’s possible to do it automatically, but only if you’re willing to accept an inferior result. No amount of automatic systems can get around the fact that programs expect a certain filesystem structure at runtime that just isn’t there. So the only way to do this really automatically is to make a runtime container that looks enough like the OS they were designed for that they can run. It’s generally preferred to package a program in a more native way if possible, so this kind of automated system hasn’t been pursued much.
Experimenting with automatically converting deb packages to nix would be a perfect fit for the dream2nix framework.
In order to do this, two modules would have to be added to dream2nix:
A dream2nix impure translator consuming a .deb package and extracting all required metadata. This could be implemented as a script that runs upstream apt toolchain on the given .deb to resolve all required URLs and hashes and possibly extract some other metadata.
A dream2nix .deb builder consuming the previously extracted metadata and generating one or more nix derivations.
The reason these two phases are separated, is that it allows to render a lock file after the impure translation, and therefore transforming a previously impure package installation into a fully reproducible package one.
It would be interesting to see how this plays out.