I got frustrated with this as well. Maybe it’s caused by the local shell being zsh? Anyway, ages ago I used -t as well, when that stopped working I switched to a setup using security.pam.enableSSHAgentAuth for sudo. This way you can have actual authentication (and not NOPASSWD) without password typing, which sidesteps the tty issue.
Edit: Module changed as of NixOS 24.05, and lives here now: security.pam.enableSSHAgentAUth.
It’s got more granular key configuration now, you need to specify the keys permitted to authenticated explicitly (the old behavior of using the same keys as openssh has been removed entirely).