You get backported security fixes in release channels as well. Unless anything changed recently, there's no explicit guarantee around them, but the core packages typicaly land just as fast or faster then other distros. Keep in mind though that more esoteric software with a small number of users and auto-update disabled may lag a bit.
Maybe I'm missing something, but the only branch in github:nixos/nixpkgs I can see receiving fixes is the 24.05 branch getting fixes backported from unstable. The last commit I can see to the 23.11 branch is about 3 months ago
This would imply only 9 months of security patches before I would need to upgrade the server. That is of course a far less risky process with NixOS, so perhaps that is ok, but it is a lot more work than the 5 years you get (free) with Ubuntu/Debian
Updating on NixOS is so much less painful that doing an update every 6 months is actually viable. Also the update already contains large parts of your config and can be easily tested in a VM.
It's more like 7 months of patches. Release (n-1) gets EOL'd 1 month after release (n), and releases are 6 months apart (in May and November). So 23.11 would've been EOL in July 2024.
And since a release happens every 6 months, while you do have an extra month's window, you still have to upgrade... every 6 months.
You're correct, it's 9 months max, there's no lts equivalent. The updates are much less risky, but in business context you'd really need to discuss the decision. (I'd still prefer that way)
