Implement XEN with QubesOS-like functionality

[Kreyren]

Implementing Xen, the type-1 hypervisor would enable us to:

1. Have a system that can seamlessly use different kernel per application
2. Specify a workload-specific sandboxes
3. More practical and functional kernel development

Introduction: https://youtu.be/i3sRSS6fN0g

So that the end-goal is to have a NixOS-based dom0 with QubesOS-like or alike management.

In practice:

• so that e.g. user could deploy a ReactOS or NT-based kernel to use Fusion360 that doesn't work well on Linux or situation alike
• Being able to load a linux kernel that is pending submission to mainline to test in a more functional way in practice

---

Xen is packaged in NixOS, but is outdated (4.15.1 vs 4.18.1), unmaintained and broken https://github.com/NixOS/nixpkgs/issues/129780

TODO

• [ ] Either start maintaining Xen or make an overlay to keep it up to date
• [ ] Figure out what frontend we want to use

Might be relevant: https://github.com/NixOS/nixpkgs/issues/301991

[SigmaSquadron]

Hi! I'm now maintaining Xen on upstream Nixpkgs. See NixOS/nixpkgs/324693.

I'll also be packaging the Qubes tools at a later date. Hopefully they'll be useful to you. You should also know that the Qubes development team has expressed interest in switching their dom0 from Fedora to NixOS.

[Kreyren]

@SigmaSquadron Awesooomee! Thanks! That will solve a lot of issues for me i added this to current run and will deploy xen to all relevant systems in the infra once it's merged.

[SigmaSquadron]

Be warned that this is still very bleeding-edge, and things may break horribly. I have already identified an upstream issue with bcachefs that causes a kernel panic when booting Xen, so if you're using bcachefs in your servers for some reason... don't.

Edit: This is possibly fixed in Kernel 6.10.

[Kreyren]

Noted, we have fully declarative setup for all systems so if something breaks we can perform unattended re-installation to get the previous state.