How to allow "unfree" packages in Nix, for each situation?: {NixOS, Nix, Nix with Flakes, Nix with Flakes and Home Manager}

Question

I'm trying to enable allow "unfree" packages, either globally or per-package, when using MyNixOS (excellent Flake configuration app for Nix) with Nix Flakes on Mac OS.

When trying to install any unfree package after the following Flake update and Darwin rebuild command:

cd ~/.nix/mynixos-nix-darwin-loader;
nix flake update;
darwin-rebuild switch --show-trace --flake .#name_of_my_config'

I get the following help message, which isn't very helpful because it doesn't consider the Flake scenario:

       error: Package ‘ec2-api-tools-1.7.5.1’ in /nix/store/${hash}-source/pkgs/tools/virtualization/e
c2-api-tools/default.nix:36 has an unfree license (‘amazonsl’), refusing to evaluate.

       a) To temporarily allow unfree packages, you can use an environment variable
          for a single invocation of the nix tools.

            $ export NIXPKGS_ALLOW_UNFREE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) For `nixos-rebuild` you can set
         { nixpkgs.config.allowUnfree = true; }
       in configuration.nix to override this.

       Alternatively you can configure a predicate to allow specific packages:
         { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
             "ec2-api-tools"
           ];
         }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
         { allowUnfree = true; }
       to ~/.config/nixpkgs/config.nix.

Using MyNixOS downloads the following Flake file, and

/nix/store/${hash}-source/homeConfigurations/my_flake_name.nix:

{ inputs, ... }@flakeContext:
let
  homeModule = { config, lib, pkgs, ... }: {
    config = {
      home = {
        packages = [
          ec2-api-tools
          # ... (more packages)
        ];
        stateVersion = "23.11";
      };
      nixpkgs = {
        config = {
          allowUnfree = true;
          # allowUnfreePredicate = (_: true);
          allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
            "ec2-api-tools"
          ];
        };
      };
# ... (the rest of the file)

Which results in a configuration path for the allowUnfreePredicate setting: homeModule.config.nixpkgs.config.allowUnfreePredicate. Does that seem correct?

This configuration seems to make no difference, and installing unfree packages always results in the same error.

Exactly what needs to be done to allow unfree packages in each of these distinct scenarios?

• NixOS
• Nix
• Nix with Flakes
• Nix with Flakes and Home Manager

(Please edit the list or let me know if it doesn't make sense)

The advice from the following web pages didn't seem to apply, or I couldn't figure out how to apply it:

• NixOS Discourse: Allow unfree in flakes
• GitHub: nix-community/home-manager: #2942: bug: Flake config cannot use unfree packages despite nixpkgs.config.allowUnfree = true
• GitHub: nix-community/home-manager: #2720: modules/default.nix: Add useNixpkgsModule parameter
  • Abandoned merge request

Answer 1

Setting nixpkgs.config in a homeModule wouldn't make sense here; as you appear to be using nix-darwin with HM as a system module, you'll have to configure nixpkgs at the system level, not within an HM module.

Answer 2

You can use a let binding in your flake.nix to define the list of unfree packages you want to allow. Then you can use specialArgs to pass it to all NixOS modules, and extraSpecialArgs to pass it to all Home Manager modules.

Here is how I do it in my flake.nix:

{
  description = "My NixOS & Home Manager configuration";

  inputs = {
    nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*.tar.gz";

    home-manager = {
      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = {
    home-manager,
    nixpkgs,
    self,
    ...
  } @ inputs: let
    system = "x86_64-linux";
    user = "jack";

    # Define the list of unfree packages to allow here, so you can pass it to
    # both `sudo nixos-rebuild` and `home-manager`
    allowed-unfree-packages = [
      "google-chrome"
      "obsidian"
      "postman"
      "vscode"
      "vscode-extension-github-copilot"
    ];
  in {
    nixosConfigurations."nixos-laptop" = nixpkgs.lib.nixosSystem {
      inherit system;

      modules = [
        ./nixos/hosts/my-nixos-laptop/configuration.nix
        home-manager.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.users.${user} = import ./home-manager/users/${user}.nix;
          home-manager.extraSpecialArgs = {inherit allowed-unfree-packages user;};
        }
      ];

      specialArgs = {inherit allowed-unfree-packages user;};
    };

    # Standalone home-manager configuration entrypoint
    # Available through 'home-manager --flake .#username@hostname'
    homeConfigurations."${user}@nixos-laptop" = home-manager.lib.homeManagerConfiguration {
      pkgs = nixpkgs.legacyPackages.${system};
      extraSpecialArgs = {inherit allowed-unfree-packages user;};
      modules = [
        ./home-manager/users/${user}.nix
      ];
    };
  };
}

This way allowed-unfree-packages will be available as an input in all of your NixOS modules (because you passed it via specialArgs) and all of your Home Manager modules (because you passed it via extraSpecialArgs). So you will be able to configure nixpkgs like this:

{
  allowed-unfree-packages,
  config,
  lib,
  pkgs,
  ...
}: {
  nixpkgs.config = {
    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed-unfree-packages;
  };
}