How to fix terraform and nix flakes

Published on , 346 words, 2 minutes to read

An image of The corona of the sun during a solar eclipse
The corona of the sun during a solar eclipse - Photo by Xe Iaso

Recently Terraform changed licenses to the Business Source License. This is a non-free license in the eyes of Nix, so now whenever you update your project flakes, you get greeted by this lovely error:

error: Package ‘terraform-1.6.2’ in /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/pkgs/applications/networking/cluster/terraform/default.nix:52 has an unfree license (‘bsl11’), refusing to evaluate.

a) To temporarily allow unfree packages, you can use an environment variable
   for a single invocation of the nix tools.

      $ export NIXPKGS_ALLOW_UNFREE=1

   Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
   (Flake) command, `--impure` must be passed in order to read this
   environment variable.

b) For `nixos-rebuild` you can set
    { nixpkgs.config.allowUnfree = true; }
   in configuration.nix to override this.

Alternatively you can configure a predicate to allow specific packages:
    {
        nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
            "terraform"
        ];
    }

c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    { allowUnfree = true; }
to ~/.config/nixpkgs/config.nix.

The extra fun part is that when you're using a flake with a per-project version of nixpkgs, none of those workarounds work. Here's what you have to do instead:

In your flake you'll usually have an import of nixpkgs like this:

let
  pkgs = import nixpkgs { inherit system; };
in
  crimes_etc

Or like this:

let
  pkgs = nixpkgs.legacyPackages.${system};
in
  different_crimes_etc

You'll want to change that to this:

let
  pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
in
  working_crimes_etc

This allows you to bypass the license check for all packages in nixpkgs so that things Just Work™. If you want to only do this for terraform, you can make a separate instance of nixpkgs to pull out only terraform, but I think that overall it's probably easier to just eliminate the problem entirely.

I hope this helps you out!

Cadey is coffee
Cadey

Don't you love the intersection of computers and capitalism? It's the best.

Aoi is coffee
Aoi

Tell me about it.

Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear.

Tags: nix, terraform, enshittification