Yay! I was thinking "why are they duplicating Nix" but, you note, they're using it!
Re: "building a particular version of a package should always result in the exact same binary package, regardless of the system on which it is built",
I wish that were the goal. Last time I checked, derivations were specified by a transformation A -> B where A is fixed but B is a large nigh-unknowable set of possible binary packages.
It's a lot of work to reduce "B" to a set with a single member. Build dates are often embedded in programs. Systems like `make`, indeed, depend on file timestamps. Parallel builds can make products appear in unspecified orders. `uname -a` can return different results; filesystem directory order can differ; CPU instruction support can vary. Luckily, we wouldn't have to make all of these unobservable to build systems; it is enough to patch build-systems to produce a deterministic result. If we miss something for a package, we just get two conflicting builds and can fix the build script.
How practical is that? How many people are trying to do that work?