NixOS services, because they are systemd services, also support some isolation features (NixOS policy regarding systemd-confinement, DynamicUser and a whole host of other options), but so far I’ve not found that particularly easy to use 
NixOS services, because they are systemd services, also support some isolation features (NixOS policy regarding systemd-confinement, DynamicUser and a whole host of other options), but so far I’ve not found that particularly easy to use