Nix shell isn't supposed to provide file system isolation. It is a package manager after all, so what it does best is give a consistent dev environment with isolated dependencies. At that point if the program access mutable state and you want to prevent it (to a reasonable degree), you should use Docker or do it through the command line (like making $HOME point to somewhere else).
Oh yeah are definitely right there, I honestly don't know where the expectation came from because it makes perfect sense that it doesn't do that. Why would it. I think it was more me saying "would've been nice.".
I'm coming from homebrew + asdf, but so far Nix appears to be working fine for me. I think asdf has a lot of custom config to try and isolate version-specific shared files/modules etc. I can replicate it by setting some environment variables myself in nix shell file though. I've got my basic home manager setup (still need to migrate some manually managed files to nix config) and every project I work on is now running with their own shell.nix file. No huge problems yet, aside from the mentioned watchexec failing.
Not yet sure if I'll keep it in my regular workflow, it's been an interesting experience and I would be happy to not need homebrew anymore. (Might just try ports too). I'm also curious to see how fast new versions of software will be added/supported, so I'll have to at least keep this running until that happens.
