From 11b4c920fc22c6c8fc50c4fc45c2cee79592cb78 Mon Sep 17 00:00:00 2001
From: Emile Clark-Boman <eclarkboman@gmail.com>
Date: Fri, 24 Oct 2025 17:23:28 +1000
Subject: [PATCH] patch mbedtls_2 now labelled insecure

occurred due to flake.lock progression
---
 hosts/modules/steam.nix | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/hosts/modules/steam.nix b/hosts/modules/steam.nix
index 5c72185..e554441 100644
--- a/hosts/modules/steam.nix
+++ b/hosts/modules/steam.nix
@@ -3,13 +3,25 @@
   lib,
   ...
 }: {
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      "steam"
-      "steam-original"
-      "steam-unwrapped"
-      "steam-run"
-    ];
+  # nixpkgs.config.allowUnfreePredicate = pkg:
+  #   builtins.elem (lib.getName pkg) [
+  #     "steam"
+  #     "steam-original"
+  #     "steam-unwrapped"
+  #     "steam-run"
+  #   ];
+  nixpkgs.overlays = [
+    (self: super: {
+      lutris = super.lutris.overrideAttrs (final: prev: {
+        # WARNING: pkgs.mbedtls_2 is marked insecure!
+        # Replace pkgs.mbedtls_2 (v2.28.10) with pkgs.mbedtls (v3.6.4)
+        targetPkgs = pkgs: (
+          (builtins.filter (p: p != pkgs.mbedtls_2) (prev.targetPkgs pkgs))
+          ++ [pkgs.mbedtls]
+        );
+      });
+    })
+  ];
 
   programs = {
     steam = {
@@ -33,7 +45,12 @@
 
     mangohud
     protonup-qt
-    lutris
+
+    # XXX: DEBUG: disable lutris
+    # XXX: NOTE: pkgs.lutris depends on pkgs.mbedtls_2 which is marked insecure!
+    # XXX: NOTE: Use the provided overlay to patch pkgs.mbedtls_2 -> pkgs.mbedtls
+    # lutris
+
     bottles
     heroic
   ];