While #NixOS should not be affected by #CopyFail as it uses recent kernels, here are additional fixes you can apply:

@Rhababerbarbar setuid binaries have nothing to do with the vulnerability, they are just an easy way of exploiting it. Avoiding them does not make you less vulnerable to copyfail. (blacklisting the kernel module is good)