The problem (especially pre-flakes) with nix (and Docker too; haven't used Bazel) is that if you GC, you can't recreate your previous environment (which version of nixpkgs were you using when you built it/which day did you run apt-get update in your Dockerfile).
It appears that Flox uses flakes and versions the flake.lock file, so it should be possible to readily reproduce anything that hasn't completely disappeared from the internet.
I suppose you're just saying it's easier than this with flakes, but this isn't a flake is it? (Honestly so confused about it all, looking at trying out nix again after toying with it briefly years ago.)
Now at the bottom it links to an example of pinning without using flakes, but the page you linked directly does not pin nixpkgs.
Flakes pin by default, and defaults matter. Using flakes, anything that isn't explicitly listed with a hash to ensure it's unchanged must be explicitly listed as an input, and a lock file for the inputs is automatically generated.
It appears that Flox uses flakes and versions the flake.lock file, so it should be possible to readily reproduce anything that hasn't completely disappeared from the internet.