No offense but it sounds like you don’t actually understand nix flakes if you think they’re 1:1 equivalent to Docker.
They simply are not containers. They allow the declarative BUILD of any derivation at any time in the future. They hermetically lock all dependencies and build instructions which allows you to archive and reproduce the EXACT content-addressed dependency graph of the software. You can rebuild using a flake while Docker doesn’t actually allow that same hermetic reproducible guarantee whatsoever.
Nix flakes do that. The flake.lock file automatically pinpoints not just specific versions but specific builds of each package and locks them to their hash. It will also soon be content-addressed by default which would mean that each derivation takes into account the contents of the entire dependency tree and how they relate to one another.
Had to tell our DevOps guy this. Nobody at my company knows how to keep their build tools let alone their OS up to date. WhY WoNt IT CoMPilE?? Maybe because you’re using a 9 year old maven version, buddy.