Works with any kernel.

I think software transparency could help with this. Or at least remote attestation - you could run the game inside an encrypted VM (AMD SEV) and attest that it is run this way. This way, you're not running a kernel module on your host, and you can't cheat the game even if you just physically write or read to the memory.

Attention is all they need.

I'd say the sad part is that nix really works well when the toolchain does caching transparently. But to deliver good DX outside of nix, you kind of want great porcelain tooling that handles everything behind the scenes - downloading of libraries, building said libraries, linking everything together. Sometimes people choose to just embed a whole programming language to make their build system work e.g. gradle. Cargo just does everything. Nix then can't really granularly build everything piece by piece when building rust crates with Cargo - you just get to rebuild every dependency any time the derivation is built and any one input changed. I wonder how much less time would've been wasted if newer languages chose to build on top of nix. Of course, nix would need to become slightly more compatible with Windows and other OSes for this to be practical.