Implement XEN with QubesOS-like functionality

[Kreyren]

Implementing Xen, the type-1 hypervisor would enable us to:

1. Have a system that can seamlessly use different kernel per application
2. Specify a workload-specific sandboxes
3. More practical and functional kernel development

Introduction: https://youtu.be/i3sRSS6fN0g

So that the end-goal is to have a NixOS-based dom0 with QubesOS-like or alike management.

In practice:

• so that e.g. user could deploy a ReactOS or NT-based kernel to use Fusion360 that doesn't work well on Linux or situation alike
• Being able to load a linux kernel that is pending submission to mainline to test in a more functional way in practice

---

Xen is packaged in NixOS, but is outdated (4.15.1 vs 4.18.1), unmaintained and broken NixOS/nixpkgs#129780

TODO

• Either start maintaining Xen or make an overlay to keep it up to date
• Figure out what frontend we want to use

Might be relevant: NixOS/nixpkgs#301991

[SigmaSquadron]

Hi! I'm now maintaining Xen on upstream Nixpkgs. See NixOS/nixpkgs/324693.

I'll also be packaging the Qubes tools at a later date. Hopefully they'll be useful to you. You should also know that the Qubes development team has expressed interest in switching their dom0 from Fedora to NixOS.

[Kreyren]

@SigmaSquadron Awesooomee! Thanks! That will solve a lot of issues for me i added this to current run and will deploy xen to all relevant systems in the infra once it's merged.

[SigmaSquadron]

Be warned that this is still very bleeding-edge, and things may break horribly. I have already identified an upstream issue with bcachefs that causes a kernel panic when booting Xen, so if you're using bcachefs in your servers for some reason... don't.

Edit: This is possibly fixed in Kernel 6.10.

[Kreyren]

Noted, we have fully declarative setup for all systems so if something breaks we can perform unattended re-installation to get the previous state.

[Kreyren]

Referencing NixOS/nixpkgs#324693 (comment)

TODO: Deploy Xen on a NiXium system for testing

[hehongbo]

It's truly an awesome news that pkgs.xen is having a new maintainer. I'm now using both NixOS and Xen intensively in my infrastructures and it's great to see that I can have them both in the near future. Thanks @SigmaSquadron for amazing works and @Kreyren as well.

[Kreyren]

for amazing works and @Kreyren as well. -- @hehongbo (#27 (comment))

I didn't do much on the implementation most of the work is done by SigmaSquadron.

---

Referencing NixOS/nixpkgs#324911 (comment) -> NiXium to review options and probably package as a standalone overlay.