One of the items I had on my NixOS adoption checklist was enabling Secure Boot. It’s not something you get “out of the box”, so sooner or later you have to deal with it.

Now that NixOS is my daily driver, some things stop being a nice to have, especially when they’re security-related. That’s why it became a priority, and why I put together a reusable, documented configuration here:

https://github.com/palumbou/another_nixos_configurations_template/tree/master/nixos_configs_template/hosts/secure_boot

Spoiler: it’s less complex than I expected and it doesn’t require any dramatic intervention, but you do want to approach it with the right mindset: backups, verification steps, and—above all—patience.

For a safer 2026, start from the foundations: your own computer.