It just came about out of annoyance with yet again trying to rebuild my personal workstation to even barebones level.
It's definitely in the "if you aren't embarrassed you launched too late" category
NixOS doesn’t sandbox apps by default (obviously, the user could run all their apps using containers/VMs/etc, but the same is possible on other distorts).
I think qubes or something like it will be the right way to go for safety in "the future" - but Inwoukd like a really simple way to define my qubes upfront- really really simple.
maybe they have it - not looked deep enough