You are wrong with build stuff in NixOS, their pure functional approach make easy to guarantee that builds that passed in CI will pass in your machine.
In theory you are right, but somehow changes made it into their channels that weren't cleared by the CI and therefor the binary caches didn't have the artifacts in them and I had to build it myself which failed.
So in practice updating a Gentoo system is more reliable than updating NixOS.
