NixOS 💚 Xen Project — Reviving the Xen Project Hypervisor on Nixpkgs

NixOS :green_heart: Xen Project Hypervisor


Hello everyone! We’re proud to announce that after a long hiatus, the Xen Project Hypervisor is once again available for general consumption on NixOS 24.11!

You’ve heard of KVM…

Xen is a virtualisation technology defined as a type-1 hypervisor, which allows multiple virtual machines, known as domains, to run concurrently with the host on the physical machine. On a typical type-2 hypervisor, like KVM, the virtual machines run as applications on top of the host. NixOS runs as the privileged Domain 0, and can paravirtualise or fully virtualise Unprivileged Domains.

Xen is well-known for its impeccable security record, and is the go-to solution for hyper-scale cloud infrastructures. We recommend Xen for anyone who needs lightweight, secure virtual machines for untrusted workflows.

How do I get it?

You can turn your existing NixOS Unstable installation into a Xen Domain 0 by setting the virtualisation.xen.enable option to true. Check the other Xen options for a more granular configuration! After rebooting into the Xen Kernel, you’ll be able to use the xl command to manage your domains.

Xen is the ideal solution for declarative environments, as virtual machines are defined with xl.cfg files and are created/destroyed atomically. If you need help writing xl.cfg files, check the documentation.

Here's an example file to get you started!

name='example-domain'
memory='2048' # This VM will use 2048 MiB of RAM. If you haven't set virtualisation.xen.dom0Resources.memory, the total memory available to the Domain 0 will balloon down.
vcpus=2 # This VM will use two of your logical cores.
type='hvm' # This makes Xen fully virtualise the VM, like KVM and other hypervisors do.
disk= \[
'/path/to/where/you/want/to/store/the/virtual/disk.qcow2,qcow2,hda,w',
'file:/path/to/a/nixos-installation.iso,hdc:cdrom,r'
\]
boot='cd' # Fun fact: This doesn't mean it'll boot from the CD, it means it'll try the disk 'c' first , then it'll try the CD-ROM 'd'.
vnc=1 # You can access a Xen VM through the serial console, or through VNC.

Note: As this package and module were only recently refactored, you should expect some bugs. Let us know if you encounter any issues!

The Team:

We’ve also started a whole team for maintaining the Xen packages! Together, we’re maintaining both the guest utilities for Unprivileged Domains, and the hypervisor tooling for the Domain 0. Here’s the crew:

We’re on the #xen:nixos.org matrix channel now, but you’ll be able to find us on the nixos.org team page soon!

We’d also like to extend an open invitation for anyone who wishes to help us maintain Xen!

Let us know if you’d like to help us test, update and keep Xen working for the foreseeable future! Simply open a Pull Request on Nixpkgs adding yourself to the Xen team on maintainers/team-list.nix.

We aren’t done yet!

As you may have noticed, it is a bit cumbersome to write xl.cfg files. To remedy that, we’ll be making a set of NixOS options that can declaratively build Xen Domains. This module will function in a similar way to the systemd services module, where you can create and configure arbitrary attribute sets that define each system service. This is still in its early stages, so let us know if there are any features you’d like to see on this translation from nix to xl.cfg.

We’re also planning to improve the guest experience and write detailed documentation for using the Xen Hypervisor on NixOS.

Thank you.

Our sincere thanks for reading our announcement. We hope to expand the Xen userbase on NixOS and achieve true first-class support for the Xen Project Hypervisor. Once more, we remind that anyone interested in the hypervisor can help us out by joining the team!


Xen Fu Panda
Happy virtualising.
— The Xen Project Hypervisor Maintenance Team
37 Likes

Thank you all for this incredible work! With Xen support, especially once the domain-builder options are merged, NixOS inches closer to becoming a first-class hosting platform. I’m excited to see what comes next!

1 Like

I always thought KVM is a type-1 hypervisor? Alongside Hyper-V, ESXi, etc.
Virtualbox, Desktop VMWare and similar products are type-2 hypervisors.

Cool effort from your side nonetheless💪.

The line between type-1 and type-2 with KVM is very blurry. Some call it type-1.5 because it’s not completely type-2 like VirtualBox, but not completely type-1 like Xen. With KVM, your VMs aren’t running alongside the host completely - only certain KVM-accelerated parts of them are. I personally consider it type-2 because it depends on QEMU, which is incontestably type-2, to virtualise anything.

edit: discourse hard.

3 Likes

so this will make possible to build something similar to qubeos, but with nixos as domain0?

definitely looking forward to seeing some beginner-level examples,
especially on how to forward hardware like gpu to one VM or another,
and how to route one VM’s network through another VM

Thank you for all the work done!

1 Like

Yes! Take a look at #341215 by Lach.

GPU acceleration isn’t exactly the most beginner-level thing to do. There is a lot of upstream development work regarding GPU acceleration in Xen, which will hopefully make it easier to securely passthrough GPUs.
Regarding networking, we’re tracking general Xen documentation in #343391.

1 Like

this may be a bit of an distraction, but talking about non-enterprise gpu passthrough - i really wish that intel’s i915 virtualization branch gets stable soon (how long has it been there? years!). then one could split single Xe graphics into multiple virtual ones, and passthrough one to firefox container, another into some other gpu-boostable app container…