NixOS install fails because no space is left for efivars

My NixOS installation fails because at the end of installation process the installer cannot save EFI variables. This is because the efivars partition is full. What can I do to fix this and complete the installation process?

(all command were run on Ubuntu Live CD as currently I only have Windows installed)

/sys/firmware/efi/efivars is full:

ubuntu@ubuntu:~$ df -h
Filesystem          Size  Used Avail Use% Mounted on
tmpfs               4.7G  3.1M  4.7G   1% /run
efivarfs            128K  126K     0 100% /sys/firmware/efi/efivars
/dev/mapper/ventoy  5.8G  5.8G     0 100% /cdrom
/cow                 24G  309M   24G   2% /
tmpfs                24G  8.0K   24G   1% /dev/shm
tmpfs               5.0M   12K  5.0M   1% /run/lock
tmpfs                24G  8.0K   24G   1% /tmp
tmpfs               4.7G  164K  4.7G   1% /run/user/1000

Surprisingly, the total sum of all efivars is circa 60kB, half of the total partition size

ubuntu@ubuntu:~$ du -b /sys/firmware/efi/efivars/* | awk '{sum += $1} END {print sum}'
61508

And the efivars which take the most space

ubuntu@ubuntu:~$ du -b /sys/firmware/efi/efivars/* | sort -nr | head -10
22396	/sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
10160	/sys/firmware/efi/efivars/dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
6058	/sys/firmware/efi/efivars/dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
6058	/sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
3568	/sys/firmware/efi/efivars/KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
3568	/sys/firmware/efi/efivars/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
2052	/sys/firmware/efi/efivars/_DMI-91b89306-5bac-4ae0-aab3-207ec12e989b
1128	/sys/firmware/efi/efivars/MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23
881	/sys/firmware/efi/efivars/PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
881	/sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c

What are my options, to be able to install NixOS? I want to be extra careful, as I don’t want to break the existing Windows installation (which is Bitlockered).

Can I just replace the content of dbx with dbxDefault?

Definitely do not touch variables manually if you’ve no idea what they are.

You can try setting boot.loader.efi.canTouchEfiVariables = false; in your config, though I think that’s the default anyway…