How to make Linux installation verifiable/auditable?

A major goal of open source is being able to audit/verify the software you run. But the moment we use that software hosted by a third-party we need to trust them.. If I ran an OSS service on a Linux box that I wanted to make 100% transparent, is there a way for me to offer _anyone_ to verify the box is running what I say it is running? Some ideas that come to mind: - have a read-only user that can ssh into the box and execute exactly one command to verify the list of installed packages - use NixOS which uses deterministic installs (I think called generations), could such an "audit" user access the box and cryptographically verify installed packages and configurations? Are there any tools that can help with this? Not an expert :) Any suggestions more than welcome.