To be clear, you’re not talking about an air-gapped solution where technically there is a way to push data acquired from the internet to the devices, right?
I ask because the use cases you list seem to inherently require at least some networking and seem too general purpose to require anything bespoke, especially being offline. This may well be an XY problem.
The caching flakes do is evaluation caching and has nothing to do with being online, just how quickly the actual nix code evaluates.
Channels also don’t randomly update without explicit flags, so as far as nix store contents are concerned you should not need to be worried about this.
The flakes concept does have other pretty significant benefits though. They also enforce pure evaluation, which if you don’t do correctly may in fact cause your sources to try and update every 2 hours, so I guess they do help a little there.
To be clear, I’ve not done this much, just wanted to get the above reverse questions out.
My two cents are that your list seems pretty reasonable, and:
Whether it is practical will depend a bit on your exact use case. While servers are offline there is probably not going to be much need for ongoing maintenance, since you should be shielded from most potential needs for updates and whatnot anyway. Any maintenance needs that do occur will be with existing software, so there should be few cache misses.
That said, Nix/OS is definitely not designed for this use case. There’s no way to ensure that you have everything you might need related to a certain module, since they may involve scripts that call out to any random binary. You might flip on some option to discover that it uses jq for something, and then not be able to use that option until you can reach the upstream cache again, for example.
In other words, it’ll depend on the kinds of software you deploy and what maintenance actually happens during offline periods. It’s hard to infer how your use case will go from others’, so I’d say give it a pilot run and see what works and what doesn’t.
For the record, people are running NixOS in space, so it’s not like this is unprecedented. Their solution ends up being quite a bit more bespoke, but the tools to achieve things like this do exist in the ecosystem.