It seems to me this is a significant limitation of flakes. There is a variety of files you may not want to copy to the store:
- large build artifacts
- special unsupported files (like sockets)
- plaintext secrets (git-crypt, transcrypt, etc.)
- the whole tree (build environments, this case)
There’s some discussion about excluding files (.flakeignore) here:
https://github.com/NixOS/nix/issues/4097