>>106465439
I don't wanna engage in distro wars. OP asked about Fedora vs NixOS and I'm just saying NixOS is a bad choice for beginners. Really distros don't matter. As a beginner just pick any. Just avoid "DIY" distros like Gentoo or "non-standard" distros like immutable, non-systemd, or NixOS/GuixSD because it'll make learning unnecessarily hard for you as a beginner and confuse people wanting to help you.
The only difference between distros are the package managers and their repositories. Nix is different because you can just install it on any distro or macOS, fully supported side by side with other package managers. So you can have best of both worlds, Debian stable base and any bleeding edge Nix packages you need. This is actually the configuration I run on my servers, I have a few Debian and a few Fedora Asahi Mac mini's, with the bleeding edge packages I need installed from Nix.

>they have no security model
If you mean like MAC? There is AppArmor and hopefully soon SELinux, other than that it's just like any other standard desktop security.
Technically you can make your own hardened security model really easily. If you mount everything on the system as "noexec" except /nix/store, and then restrict the Nix daemon to only accept connections from trusted users, it becomes basically impossible to run untrusted code on the system that's not explicitly installed by you. You can then go further and start carving out stuff you don't need, e.g. replace sudo with doas or run0, use hardened_malloc and linux-hardened, sysctl hardening, etc. It's extremely customizable, but I will admit it's very overengineered.
>barely review what's on their repos
Yeah I'll admit that can be a problem. It's simply unavoidable when running at the scale of Nixpkgs. They review the Nix derivation code for correctness, and compile and test the binaries to ensure it works, but outside of that there's no e.g. dedicated security/malware checks from what I know.