Tag
This article introduces Lanzaboote, a UEFI UKI stub written in Rust that enables Secure Boot support for NixOS. It solves NixOS-specific boot challenges by deferring signature checking to UEFI while keeping kernels and initrds separate from the UKI binary.
A tutorial explaining secrets management options for NixOS, comparing tools like sops-nix, agenix, and ragenix, with practical examples of using sops-nix for encrypted secrets management.