Allow installing some unfree packages

- Add an environment variable to allow unfree installations
  - The new nix CLI only lets you access this variable with --impure
  - This ensures that you can install unfree packages if you wish, but you must
    always permit it first
- Add a predicate based on the package name
  - Take package names from `internal.allowUnfree` option, allowing us to
    specify unfree packages that can be installed in multiple places
  - Allow installing any unfree packages that have their names in that list
  - *Note: Your predicate must take names, it can't take packages as that causes
    a circular dependency*
diff --git a/modules/unfree.nix b/modules/unfree.nix
new file mode 100644
index 0000000..f5f4a9e
--- /dev/null
+++ b/modules/unfree.nix
@@ -0,0 +1,20 @@
+  lib,
+  config,
+  ...
+}: let
+  allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.internal.allowUnfree;
+in {
+  options.internal.allowUnfree = with lib;
+    mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Unfree packages to permit installing via the AllowUnfreePredicate";
+    };
+  config = {
+    environment.variables = {
+    };
+    nixpkgs.config.allowUnfreePredicate = allowUnfreePredicate;
+  };