We use Nix to distribute open-source application security tools to user endpoints and CI/CD environments at work. Our appsec program is still young and there's lots of things I look forward to improving or seeing improved in our tooling and infrastructure, but it's already usable, and Nix was a huge help in letting our tiny team quickly put together something flexible, useful, and capable of accommodating the many SCM platforms, CI/CD systems, and operating systems that are in use across our large company.
My team also uses Nix and devenv to manage the local development environments for a fair range of things: some AWS Lambda functions, some CLI tools, our Terraform repo, and an internal docs site, on both macOS and WSL. There are occasionally pain points, but it's also occasionally proven able to solve very annoying Python native library dependency problems for us. Nix interest and expertise across the team varies, but devenv is pretty transparent to the folks less interested in working with it than just relying on it, so that's been good.
My own system at work is a Mac (for the time being, Mac and Windows are our only choices). I use Nix mainly natively on macOS rather than through virtualization, but mostly manage my packages declaratively through Nix-Darwin and Home Manager rather than using Nix as a package manager in the conventional way.
I do have a NixOS VM running via OrbStack, though. Currently, I don't often use it interactively, but it's configured as a remote SSH builder so that OrbStack's SSH proxy automagically spins up the VM whenever it's called upon, even if OrbStack itself isn't running beforehand. That's pretty cool, and means Nix on my Mac can transparently build packages for four architectures (every combination of MacOS/Linux and x86_64/aarch64) without recourse to cross-compilation or any manual management on my part. I don't need that particular nicety often, but when I do use it, it makes me smile.
