I am looking for a way to launch a shell with specific packages installed within, but no unnecessary access to the rest of the system, i.e:

• Only the current directory (pwd) mounted, no access to other parts of the filesystem*
• Only the requested packages being available*, plus the shell
• Being able to disable network access would be a plus
• Generally no access to other parts of the system*
  So I'm looking for an environment similar to what can be achieved with docker: (or podman, etc...)

  docker run -it -v "$PWD:/pwd" -w /pwd $someImage
  

  or Guix:

  guix shell --pure --container --network $somePackage
  

*except strictly necessary ones

Is this possible with nix? The advantage would be that storage for the contents of packages is shared with the host system, familiarity with the system, and so on; and, compared to guix, that Nix has a lot more packages available..

containers' underlying technologies are chroots and namespaces which you can use to achieve what you're looking for.

The chroot part which will limit filesystem view is often called a jail (by analogy with BSD), network access can be restricted via namespaces.

However, if you're looking for a copy-pastable solution, I'd highly suggest you stick with containers which will wrap most of it for you.