When comparing NixOS vs Hardened Gentoo, the Slant community recommends Hardened Gentoo for most people. In the question“What are the best Linux distributions for misanthropes?” Hardened Gentoo is ranked 36th while NixOS is ranked 55th. The most important reason people chose Hardened Gentoo is:
Your only real options for a widely supported hardened distro are the Red Had distros (Red Hat, CentOS, Fedora) of which Fedora is your best bet for a desktop , or Gentoo. You can make a hardened kernel in Gentoo while stripping unnecessary features, creating a much smaller attack surface, and using in-kernel mitigations others don’t.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro State of the art package manager
Atomic non-destructive upgrades / rollback of a system upgrade / declarative reproducible system configuration / unprivileged installation of packages / transparent source or binary deployment.
Pro Minimal
You can start with a minimal environment and add packages and software to suit your needs as you go along.
Pro Reproducible system
NixOS is configured using the Nix package manager, allowing your system to be replicated and kept in sync across multiple machines. Great for keeping a laptop and desktop in sync.
Pro Robust
Packages don't break after a NixOS upgrade as they are prone to with other distros (especially Arch).
Pro Supports custom hardened kernels
Your only real options for a widely supported hardened distro are the Red Had distros (Red Hat, CentOS, Fedora) of which Fedora is your best bet for a desktop , or Gentoo. You can make a hardened kernel in Gentoo while stripping unnecessary features, creating a much smaller attack surface, and using in-kernel mitigations others don’t.
Pro Comprehensive hardened guide in wiki
From SELinux to PaX to AppArmor to.... The wiki has got you covered.
Pro Fully customized kernel that prevents server-side malwares with SSO mechanisms
Out of CentOS /RedHat/Fedora a hardened kernel is very easy to make.
Pro Best defense against NOP-sled malwares, even with ROP/COP mechanisms
Out of CentOS/RedHat/Fedora/OpenSUSE/Slackware/FreeBSD/Mandriva and Arch, only Gentoo can best protect you against NOP-sled malwares, even with ROP/COP mechanisms.
Cons
Con Documentation is not good
A lot of the documentation of various functions is buried on the source code, their respective manuals, or non-existent. The documentation, the conventions, and the scattered toolchain really made searching for stuff easily missable.
Con A configuration change might end up bricking your system
