diff --git a/.envrc b/.envrc
index 1632bfa..3550a30 100644
--- a/.envrc
+++ b/.envrc
@@ -1,3 +1 @@
-watch_file .nix/protoc-gen-connect-go.nix
-watch_file .nix/protoc-gen-go-patch.nix
 use flake
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 09535ab..354a7dd 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -84,4 +84,5 @@ jobs:
       upload-assets: true
       # Use the existing release created by Goreleaser instead of creating another.
       upload-tag-name: "${{ needs.goreleaser.outputs.tag_name }}"
+      # Ensure the release is a draft and doesn't create a new release that is published.
       draft-release: true
diff --git a/.gitignore b/.gitignore
index ada68ff..e0f74b2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,6 @@ go.work
 *.swp
 *.swo
 *~
+
+# goreleaser
+dist
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 0d8153c..6cd0ac2 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -4,11 +4,14 @@ version: 1
 before:
   hooks:
     - go mod tidy
-    - /bin/bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi'
+    - bash -c 'if [ -n "$(git --no-pager diff --exit-code go.mod go.sum)" ]; then exit 1; fi'
 
 metadata:
   mod_timestamp: "{{ .CommitTimestamp }}"
 
+gomod:
+  proxy: true
+
 report_sizes: true
 
 builds:
@@ -33,18 +36,26 @@ kos:
     tags:
       - '{{.Tag}}'
       # TODO: find a way to set the latest package tag, only when the release gets published on GitHub.
-      # we can trigger an action on release_published, but we then need to write a system that "pushes"
+      # We can trigger an action on release_published, but we then need to write a system that "pushes"
       # the `latest` manifest.
       - '{{ if not .Prerelease }}latest{{ end }}'
-    creation_time: '{{.CommitTimestamp}}'
-    ko_data_creation_time: '{{.CommitTimestamp}}'
+    creation_time: '{{ .CommitTimestamp }}'
+    ko_data_creation_time: '{{ .CommitTimestamp }}'
     sbom: 'spdx'
     bare: true
     preserve_import_paths: false
+    labels:
+      org.opencontainers.image.description: "Kubernetes Gateway API implementation powered by Caddy"
+      org.opencontainers.image.licenses: Apache-2.0"
+      org.opencontainers.image.created: "{{ .Date }}"
+      org.opencontainers.image.name: "{{ .ProjectName }}"
+      org.opencontainers.image.revision: "{{ .FullCommit }}"
+      org.opencontainers.image.source: "{{ .GitURL }}"
+      org.opencontainers.image.version: "{{ .Version }}"
 
 checksum:
   algorithm: sha256
-  name_template: "CHECKSUMS.txt"
+  name_template: "checksums.txt"
 
 sboms:
   - artifacts: binary