NixOS Xen Project Hypervisor
Hello everyone! We’re proud to announce that after a long hiatus, the Xen Project Hypervisor is once again available for general consumption on NixOS 24.11!
You’ve heard of KVM…
Xen is a virtualisation technology defined as a type-1 hypervisor, which allows multiple virtual machines, known as domains, to run concurrently with the host on the physical machine. On a typical type-2 hypervisor, like KVM, the virtual machines run as applications on top of the host. NixOS runs as the privileged Domain 0, and can paravirtualise or fully virtualise Unprivileged Domains.
Xen is well-known for its impeccable security record, and is the go-to solution for hyper-scale cloud infrastructures. We recommend Xen for anyone who needs lightweight, secure virtual machines for untrusted workflows.
How do I get it?
You can turn your existing NixOS Unstable installation into a Xen Domain 0 by setting the virtualisation.xen.enable
option to true. Check the other Xen options for a more granular configuration! After rebooting into the Xen Kernel, you’ll be able to use the xl
command to manage your domains.
Xen is the ideal solution for declarative environments, as virtual machines are defined with xl.cfg
files and are created/destroyed atomically. If you need help writing xl.cfg
files, check the documentation.
Here's an example file to get you started!
name='example-domain'
memory='2048' # This VM will use 2048 MiB of RAM. If you haven't set virtualisation.xen.dom0Resources.memory, the total memory available to the Domain 0 will balloon down.
vcpus=2 # This VM will use two of your logical cores.
type='hvm' # This makes Xen fully virtualise the VM, like KVM and other hypervisors do.
disk= \[
'/path/to/where/you/want/to/store/the/virtual/disk.qcow2,qcow2,hda,w',
'file:/path/to/a/nixos-installation.iso,hdc:cdrom,r'
\]
boot='cd' # Fun fact: This doesn't mean it'll boot from the CD, it means it'll try the disk 'c' first , then it'll try the CD-ROM 'd'.
vnc=1 # You can access a Xen VM through the serial console, or through VNC.
Note: As this package and module were only recently refactored, you should expect some bugs. Let us know if you encounter any issues!
The Team:
We’ve also started a whole team for maintaining the Xen packages! Together, we’re maintaining both the guest utilities for Unprivileged Domains, and the hypervisor tooling for the Domain 0. Here’s the crew:
- @CertainLach - Maintainer
- @digitalrane - Maintainer
- @hehongbo - Maintainer
- @sigmasquadron - Maintainer
We’re on the #xen:nixos.org matrix channel now, but you’ll be able to find us on the nixos.org team page soon!
We’d also like to extend an open invitation for anyone who wishes to help us maintain Xen!
Let us know if you’d like to help us test, update and keep Xen working for the foreseeable future! Simply open a Pull Request on Nixpkgs adding yourself to the Xen team on maintainers/team-list.nix
.
We aren’t done yet!
As you may have noticed, it is a bit cumbersome to write xl.cfg
files. To remedy that, we’ll be making a set of NixOS options that can declaratively build Xen Domains. This module will function in a similar way to the systemd services module, where you can create and configure arbitrary attribute sets that define each system service. This is still in its early stages, so let us know if there are any features you’d like to see on this translation from nix
to xl.cfg
.
We’re also planning to improve the guest experience and write detailed documentation for using the Xen Hypervisor on NixOS.
Thank you.
Our sincere thanks for reading our announcement. We hope to expand the Xen userbase on NixOS and achieve true first-class support for the Xen Project Hypervisor. Once more, we remind that anyone interested in the hypervisor can help us out by joining the team!
Happy virtualising.
— The Xen Project Hypervisor Maintenance Team