All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software.
At the same time, many users need (or want) to run some specific pieces of proprietary software.
Nixpkgs includes some expressions for unfree software packages.
By default unfree software cannot be installed and doesn’t show up in searches.
There are several ways to tweak how Nix handles a package which has been marked as unfree.
- To temporarily allow all unfree packages, you can use an environment variable for a single invocation of the nix tools:
```ShellSession
$ export NIXPKGS_ALLOW_UNFREE=1
```
- It is possible to permanently allow individual unfree packages, while still blocking unfree packages by default using the `allowUnfreePredicate` configuration option in the user configuration file.
This option is a function which accepts a package as a parameter, and returns a boolean. The following example configuration accepts a package and always returns false:
```nix
{
allowUnfreePredicate = (pkg: false);
}
```
For a more useful example, try the following. This configuration only allows unfree packages named roon-server and visual studio code:
```nix
{
allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"roon-server"
"vscode"
];
}
```
- It is also possible to allow and block licenses that are specifically acceptable or not acceptable, using `allowlistedLicenses` and `blocklistedLicenses`, respectively.
The following example configuration allowlists the licenses `amd` and `wtfpl`:
```nix
{
allowlistedLicenses = with lib.licenses; [
amd
wtfpl
];
}
```
The following example configuration blocklists the `gpl3Only` and `agpl3Only` licenses:
```nix
{
blocklistedLicenses = with lib.licenses; [
agpl3Only
gpl3Only
];
}
```
Note that `allowlistedLicenses` only applies to unfree licenses unless `allowUnfree` is enabled. It is not a generic allowlist for all types of licenses. `blocklistedLicenses` applies to all licenses.
A complete list of licenses can be found in the file `lib/licenses.nix` of the nixpkgs tree.
## Installing insecure packages {#sec-allow-insecure}
There are several ways to tweak how Nix handles a package which has been marked as insecure.
- To temporarily allow all insecure packages, you can use an environment variable for a single invocation of the nix tools:
```ShellSession
$ export NIXPKGS_ALLOW_INSECURE=1
```
- It is possible to permanently allow individual insecure packages, while still blocking other insecure packages by default using the `permittedInsecurePackages` configuration option in the user configuration file.
The following example configuration permits the installation of the hypothetically insecure package `hello`, version `1.2.3`:
```nix
{
permittedInsecurePackages = [
"hello-1.2.3"
];
}
```
- It is also possible to create a custom policy around which insecure packages to allow and deny, by overriding the `allowInsecurePredicate` configuration option.
The `allowInsecurePredicate` option is a function which accepts a package and returns a boolean, much like `allowUnfreePredicate`.
The following configuration example allows any version of the `ovftool` package:
```nix
{
allowInsecurePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"ovftool"
];
}
```
Note that `permittedInsecurePackages` is only checked if `allowInsecurePredicate` is not specified.
## Modify packages via `packageOverrides` {#sec-modify-via-packageOverrides}
You can define a function called `packageOverrides` in your local `~/.config/nixpkgs/config.nix` to override Nix packages. It must be a function that takes pkgs as an argument and returns a modified set of packages.