Great points. I kinda feel the same with containerization. I have been wanting change my OS on my home server and while NixOS is great for that, I have decided to do things differently and use OpenSUSE Micro OS. My plan was actually Fedora Core OS, but after that Red Hat drama I decided to run with SUSE instead. It is an immutable distro with atomic upgrades that is designed for being a container host. It uses Ignition as the configuration for setting up things like users, services, networking, etc. My plan is then to just use containers like I was doing before on Fedora Server and for the other things to use Nix to build container images. Instead of using DockerFile, you’d use Nix Flakes to create really minimal images. Instead of starting with a full distro like Alpine, Nix starts from scratch and copies all dependencies over as specified in your flake. So the image only contains the absolute minimum to run. I think I’d be a fun side project while learning more about Ignition, Linux containers and Nix Flakes.
As for your point on config, I think it’s just part of the trade offs of NixOS. You either have a system that can be modified easily at anytime through the shell or you have a system that you modify centrally and is fully reproducible. You can already install packages with nix-env in the command line without changing your config, but that also won’t be reproducible. Maybe a GUI app for managing your config and packages could be helpful, although I’m pretty sure that’s low priority for NixOS right now.
I am honestly not sure as to what the benefit of that is compared to the approach of CalyxOS with MicroG. It has worked for me perfectly, except for one app, BeReal for some reason gives a pop-up telling that Google Play Services is missing, even though I already have MicroG fully setup and working. Other apps have all worked fine, including Google Apps like YouTube and my banking app.