Flake.parts and unfree packages

I'm making use of Nix to manage a slew of Clojure and Python dependencies for an upcoming article, and I decided I’d replace flake-utils with flake.parts as part of my ongoing yak-shaving duties.

The transformation is almost entirely structural and could be automated with a decent parser and a pretty printer, both of which I have. The only problem is I lack the third and fourth requirements to implement something like this: time and motivation. So, instead, I’m upgrading projects by hand as and when I come to them, a lot like one would at work. Yay! This particular project leans on a good few of the features provided by devenv including:

  1. Python language support and dependency management
  2. Services for running PostgreSQL and installing extensions
  3. Process management (not shown below)

And because I was provisioning Azure infrastructure as part of my research into LLMs and privacy afforded by Microsoft, I had included a little package named Terraform.

Now, between the time I first added Terraform to a Nix flake and a little while ago, Hashicorp made some major changes. A founder stepped back from the day-to-day, and a new business license inspired a fork known as OpenTofu (which I still need to evaluate for future projects).

To get this article out the door, I needed a way to allow a poison package into my Nix store, and doing so proved a little gnarly. I won’t go into the specifics of configuring NixOS, nix-darwin, or home-manager because don’t nobody have time for that.

The most important section is inside perSystem. I could have enabled all unfree packages with a config.allowUnfree = true in place of theallowUnfreePredicate, but I prefer a scalpel to a sledgehammer when programming silicon minions.

{
  outputs = inputs @ {
    flake-parts,
    self,
    ...
  }:
    flake-parts.lib.mkFlake {inherit inputs;} {
      imports = [
        inputs.devenv.flakeModule
      ];

      systems = ["aarch64-darwin"];

      perSystem = {
        config,
        lib,
        system,
        ...
      }: {
        _module.args.pkgs = import self.inputs.nixpkgs {
          inherit system;
          config.allowUnfreePredicate = pkg:
            builtins.elem (lib.getName pkg) [
              "terraform"
            ];
        };

        # [...]
      };
    };
}

If you’re interested in the full Flake and everything that comes with it, you’ll just have to wait for me to finish this article.

In the mean time, here’s to shearing yaks! ✂