NixOS designed to be reproducible

To be fair (NixOS developer here), NixOS is designed to enable an easier time at reproducing the binaries, but we are definitely standing on the shoulders of giants of who introduced `SOURCE_DATE_EPOCH` and various knobs to purify the environment and increase drastically the chances to make a reproducible artifact.

The build environments of Nix only attempts to be very strict and encourage the author to purify as much as possible, but we do not impose, e.g. that `nix-build --check $package` passes, which would enforce bit-to-bit reproducibility.

Our results are usually that the minimal ISO and the graphical ISO have a good result in terms of bit-to-bit reproducibility, with some regressions that everyone gets also because upstream regresses (Python, etc., etc.).

The problem we have is that nixpkgs is enormous and tracking its reproducibility is not a simple task, crowdsourcing and sampling could be a solution to prove statistical bit-to-bit reproducibility, but those are open questions at the moment.