diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-14 11:08:13 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-14 11:08:13 +0100 |
| commit | f1936454ebe39f4c2b0214c4b16624209a3e4503 (patch) | |
| tree | 54699b11cceab53ad611a07444d3597f8fc50bcc | |
| parent | 8a17374610deb95d85979aad45d92bf4b2800be2 (diff) | |
| download | dotfiles-f1936454ebe39f4c2b0214c4b16624209a3e4503.tar.gz dotfiles-f1936454ebe39f4c2b0214c4b16624209a3e4503.tar.bz2 dotfiles-f1936454ebe39f4c2b0214c4b16624209a3e4503.zip | |
fix(remote-dev): whitelist claude-code/copilot-cli unfree
The flake set `allowUnfree = false` so `home-manager switch` failed
with "Refusing to evaluate package 'claude-code-...' because it has
an unfree license". Switch to `allowUnfreePredicate` with an explicit
name allowlist — keeps the door closed for everything else while
permitting just the two AI agents we actually want.
| -rw-r--r-- | remote-dev/flake.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/remote-dev/flake.nix b/remote-dev/flake.nix index 6622a72..69ddafd 100644 --- a/remote-dev/flake.nix +++ b/remote-dev/flake.nix @@ -12,7 +12,17 @@ outputs = { self, nixpkgs, home-manager, ... }: let system = "x86_64-linux"; - pkgs = import nixpkgs { inherit system; config.allowUnfree = false; }; + pkgs = import nixpkgs { + inherit system; + # Whitelist specific unfree packages (claude-code, github-copilot-cli) + # instead of globally setting allowUnfree, so a typo elsewhere can't + # silently pull in additional unfree deps. + config.allowUnfreePredicate = pkg: + builtins.elem (nixpkgs.lib.getName pkg) [ + "claude-code" + "github-copilot-cli" + ]; + }; in { homeConfigurations.vm = home-manager.lib.homeManagerConfiguration { |