patch mbedtls_2 now labelled insecure

occurred due to flake.lock progression
2025-10-24 17:23:28 +10:00 · 2025-10-24 17:23:28 +10:00 · 11b4c920fc
commit 11b4c920fc
parent 09db1c47e1
1 changed files with 25 additions and 8 deletions
--- a/hosts/modules/steam.nix
+++ b/hosts/modules/steam.nix
@ -3,13 +3,25 @@
  lib,
  ...
 }: {
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      "steam"
-      "steam-original"
-      "steam-unwrapped"
-      "steam-run"
-    ];
+  # nixpkgs.config.allowUnfreePredicate = pkg:
+  #   builtins.elem (lib.getName pkg) [
+  #     "steam"
+  #     "steam-original"
+  #     "steam-unwrapped"
+  #     "steam-run"
+  #   ];
+  nixpkgs.overlays = [
+    (self: super: {
+      lutris = super.lutris.overrideAttrs (final: prev: {
+        # WARNING: pkgs.mbedtls_2 is marked insecure!
+        # Replace pkgs.mbedtls_2 (v2.28.10) with pkgs.mbedtls (v3.6.4)
+        targetPkgs = pkgs: (
+          (builtins.filter (p: p != pkgs.mbedtls_2) (prev.targetPkgs pkgs))
+          ++ [pkgs.mbedtls]
+        );
+      });
+    })
+  ];

  programs = {
    steam = {
@ -33,7 +45,12 @@

    mangohud
    protonup-qt
-    lutris
+
+    # XXX: DEBUG: disable lutris
+    # XXX: NOTE: pkgs.lutris depends on pkgs.mbedtls_2 which is marked insecure!
+    # XXX: NOTE: Use the provided overlay to patch pkgs.mbedtls_2 -> pkgs.mbedtls
+    # lutris
+
    bottles
    heroic
  ];