I have pretty similar reasons for being extremely hesitant in pushing NixOS. In my last company I was so overhyped with NixOS that a coworker once jokingly gifted me a shirt saying something like “With NixOS… …that would’nt have happened” (but in swiss german). 
My main blockers are currently:
- No proper LTS release and way too short update time. I think this also requires a “mindshift”. Old Legacy python2 software is NOT easier to maintain than an almost up to date system. But I doubt people will learn that
- A “proper” company backing with good (and obvious) open source presence. Working more and more with customers using RHEL and SLES, I can’t imagine them ever using a distribution without full company support and guarantees. IIRC there used to be Mayflower OS which also gave you security patches for selected packages. I think it was a nice try, a bit sad that this apparently didn’t last. Not sure what other offers are in that regard though.
- A company backing would also include some opinionated definition on “how to use NixOS” - with a proper and up to date documentation. There is so much tooling around NixOS and it’s growing by the day. I have no clue which tool I would use to manage a customer landscape of maybe 20-150 servers. And the approach I’ll go with will most certainly be completely unique, even though many things shouldn’t have to be unique (the downside of having a turing complete language with
nix). With an opinionated definition on “how to use NixOS”, a wiki which is not just community based (or an in between solution like e.g. “owned pages”, where a company/person makes some guarantees about the state of selected documentations), I would feel much better telling my colleagues about NixOS.
- A company backing would also include some opinionated definition on “how to use NixOS” - with a proper and up to date documentation. There is so much tooling around NixOS and it’s growing by the day. I have no clue which tool I would use to manage a customer landscape of maybe 20-150 servers. And the approach I’ll go with will most certainly be completely unique, even though many things shouldn’t have to be unique (the downside of having a turing complete language with
- Flakes are still experimental. I’ve told myself somewhere around 2 years ago that I want to make a company internal NixOS presentation once Flakes are stable and I don’t have the confusion of stuff like
--experimental-features 'nix-command flakes'. The flakes ecosystem seems (to me) far easier to explain to people than the “legacy” tooling. I know it’s a minor thing, but not even knowing when flakes will become stable is really annoying. And if we’re talking about enterprise, we can’t recommendexperimentalfeatures. - CVE Handling seems not very nice in NixOS. The vulnerability roundups have stopped and many of the generated issues are still open. I’ve triaged some of these CVEs a few years ago thinking that maybe I could at some point get a job doing that if some companies are interested in getting these things handled, but life happened (and apparently nobody cares enough, otherwise there would still be something like the vulnerability roundups).