Can't get allowUnfree to work with print drivers

Hey folks, for the life of me, I can’t solve this:

       error: Package ‘samsung-UnifiedLinuxDriver-4.01.17’ in /nix/store/kswx44k2ii4svvr27qlyn41jkyik889l-source/pkgs/misc/cups/drivers/samsung/4.01.17.nix:89 
has an unfree license (‘unfree’), refusing to evaluate.

I have the following:

mike-nixos  main @ 37e231a ⩮+⇡ 7s ❯ cat /etc/nixos/configuration.nix 
{ pkgs, ... }:
  impermanence = builtins.fetchTarball "";
  imports = [ 
  nixpkgs.config.allowUnfree = true;
  system.stateVersion = "23.05";


mike-nixos  main @ 37e231a ⩮+⇡ ❯ cat ~/.config/nixpkgs/config.nix 
  allowUnfree = true;
  permittedInsecurePackages = [


mike-nixos  main @ 37e231a ⩮+⇡ 6s ❯ cat ~/.config/nixpkgs/config.nix 
  allowUnfree = true;

What am I missing? If I use:

sudo NIXPKGS_ALLOW_UNFREE=1 nixos-rebuild switch --flake .#xps15 --impure

It builds

How do you install the driver? Usually this is because multiple instances of nixpkgs will not share nixpkgs.config.allowUnfree, that allowUnfree only applies to the instance whose modules are being evaluated, so you need to do an import nixpkgs-unstable {allowUnfree = true;} or such.

I have to do that even if the various config have that flag?

Depends on how you install the driver. These are the various options for enabling unfree packages:

  • ~/.config/nixpkgs/config.nix > allowUnfree = true
    • Only works on things installed by your user, after all it’s user configuration. So it won’t take effect on nixos-rebuild (certainly not when run with sudo, because root is a different user who won’t read your /home/<user>/.config files), only on nix-env, nix-shell and such.
    • Also doesn’t work with flakes, as @Nobbz helpfully points out.
    • Of course this also means that for drivers specifically it will almost never work, because those typically have to be loaded into the kernel, which typically happens way before your user logs in.
  • /etc/nixos/configuration.nix > nixpkgs.config.allowUnfree
    • Only works on the nixpkgs instance whose modules are being evaluated, so if there are other instances of nixpkgs as part of your configuration they will need to be set separately.
    • This is because the module system has special handling for setting its own nixpkgs configuration if the nixpkgs options are set, but it has no way to change nixpkgs that you are importing outside of its module system.
  • /etc/nixos/configuration.nix > import nixpkgs-unstable {allowUnfree = true;}
    • Only works specifically on this instance of nixpkgs-unstable, not the one from your channel/flake inputs.
  • For flake inputs, you can use nixpkgs-unfree to work around the fact that flakes’ legacyPackages and such cannot be set to allow unfree packages.

So when you’re installing a driver, normally setting it in nixpkgs.config.allowUnfree should work fine, but it looks like you’re installing a driver from unstable or something like that. Without seeing how you actually do that it’s hard to give you anything more specific than all the options :wink:

On an unrelated note, you can also get impermanence through your flake inputs and thereby properly hash it so you can stop using --impure and actually get an evaluation cache. For example:

# flake.nix
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
    impermanence.url = "github:nix-community/impermanence/master";
  outputs = {nixpkgs, impermanence, ...}: {
    nixosConfigurations = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [

Then you don’t need to fetchTarball it or separately add it to imports. Flakes’ purpose is more or less to replace this fetchTarball madness, all the other stuff is just nice features on top that went well with the design.

For more methods of doing this, which are especially useful when you want to use flake inputs that aren’t just modules, @NobbZ has an excellent blog post here: Getting inputs to modules in a nix-flake | NobbZ' Blog. Personally I favor the specialArgs variant because it’s the least needlessly verbose, so my flake.nix stays short and readable, serving its purpose as an index without containing any hidden implementation details.

Flakes do not care for user configuration, please use the nixpkgs.config.* to configure the nixpkgs instance used throughout the system configuration.
Please share how exactly you added the printer driver to your configuration (you are missing that part in the OP)

1 Like

Oh, duh, of course they don’t, that’d be impure. Let me remove that from the overview…