You might be too deeply scarred to come close to it, but we just wrote a blog post about deploying NixOS servers without installing nix locally or provisioning work here that feels relevant: https://garnix.io/blog/hosting-nixos
if anyone is afraid of this happening to them, I'd recommend the deterministic nix installer. it has an atomic installation process where each step is reversible with the uninstaller. This is uniquely a macos issue since the setup is a bit different to other OS's in terms of creating a read only filesystem for the nix store, but the determinate installer was built to fix any worries of that happening.
can vouch for the detsys installer, and anecdotally, the resulting nix install seems more resilient across os updates. on a similar note, nix-darwin is a must-have. the typical nix-env stuff you see in introductions to nix on non-nixos systems really sells it short, as it feels like just another package manager to keep track of. by contrast, nix-darwin brings the centralised configuration.nix approach, which makes it way harder to hose your environment.
You might be too deeply scarred to come close to it, but we just wrote a blog post about deploying NixOS servers without installing nix locally or provisioning work here that feels relevant: https://garnix.io/blog/hosting-nixos