Keystone is a NixOS-based infrastructure platform designed to deploy secure, encrypted systems across various hardware types. It emphasizes declarative configuration and reproducibility with integrated hardware security features.
Key features include:
- Full disk encryption with TPM2 auto-unlock
- Secure Boot with custom key enrollment
- ZFS storage with native encryption and snapshots
- Portable configs—migrate between bare-metal and cloud seamlessly