Stephan Maka, Julian Stecklina · 2 min read

microvm.nix: The Declarative Virtualization Tool for NixOS

Virtualization is a powerful tool, but managing VMs across various hypervisors can be a nightmare, especially when aiming for consistency and reproducibility. Enter microvm.nix—the essential tool that brings the declarative simplicity of NixOS to the world of virtualization.

microvm.nix: The Declarative Virtualization Tool for NixOS

Imagine a world where setting up virtual machines (VMs) is as effortless as writing a few lines of declarative configuration. Welcome to microvm.nix, the essential virtualization tool for NixOS.

In the example above, we create a Nix Flake describing a VM from a template. This is a reproducible Nix project that comes prepared with a simple microvm.nix configuration for running one NixOS VM. Its key features are:

  • Declarative VM Configuration: Configure your VMs using Nix expressions, ensuring absolute consistency and reproducibility. Say goodbye to manual setup and configuration drift.
  • Supports Multiple Virtualization Stacks: Run your VMs on any of seven supported virtualization solutions, giving you the flexibility to use the right stack for your task.
  • Integrated with Systemd: VMs are effortlessly started as systemd services, perfect for servers and embedded systems.

Each VM is built in the Nix sandbox, which provides an isolated and consistent build environment. Software in the VM is not installed by logging into the VM and manually changing the configuration or installing packages. Instead, the Nix expression accurately describes its state. The flake.lock file keeps track of all dependencies. This approach ensures that your VMs are both secure and fully auditable.

But more important than its implementation is what you can build with microvm.nix. microvm.nix uses the proven NixOS module system to describe VMs. The NixOS module ecosystem is a rich collection of ready-to-deploy services and web applications, from WordPress to Nextcloud.

Another popular use case for microvm.nix is to isolate complex services, such as Docker and Kubernetes, into VMs. This setup reduces the attack surface of these services and makes it easier to reason about the security. For more creative use cases, microvm.nix supports passing USB and PCI devices as well as block devices to VMs. This allows passing network or graphic cards directly to VMs for native IO performance.

Ready to simplify your NixOS virtualization?

Need tailored support? Contact us for commercial solutions designed to meet your specific needs.

Share: