On NixOS tor is run with a torrc directly in /nix/store, but git-annex enable-tor attempts to both read and modify /etc/tor/torrc.

This behavior can be accomodated by making a copy:

torrc=$( ps -ef | egrep -o '(\S*?torrc)$' )

sudo mkdir -p /etc/tor
sudo cp $torrc /etc/tor/torrc

This should allow you to run:

git-annex enable-tor

without seeing an error, but the edited torrc will have no effect so git-annex will keep waiting for the hidden service to come online. While it does that, check what lines were added:

diff -u $torrc /etc/tor/torrc

and then add a hidden service to your configuration.nix:

  # add a service for the repository
  services.tor.relay.onionServices.git-annex-5e77c94c-5907-4f43-96bf-282ae233b240 = {
    # this is where git annex configures it, which works fine, but doesn't
    # actually seem necessary, so it could be left empty
    path = "/var/lib/tor/tor-annex_1000_5e77c94c-5907-4f43-96bf-282ae233b240";

    # the HiddenServicePort directive requires both tor and git-annex # remotedaemon
    # to be able to access the socket which is why git annex places it in a separate
    # directory, but this also needs to be made visible to tor
    map = [ {
      port = 12345;
      target.unix = "/var/lib/tor-annex/1000_5e77c94c-5907-4f43-96bf-282ae233b240/s";
    } ];

  # make the sockets directory visible to the otherwise sandboxed tor daemon
  systemd.services.tor.serviceConfig.BindPaths = [ "/var/lib/tor-annex" ];

Note that without the BindPaths the tor daemon will not be able to access the sockets and connections will be rejected (can be diagnosed by sending tor a SIGUSR2 to enable debug logging).

You should now be able to run nixos-rebuild switch and git-annex will detect that the hidden service is running.