patch mbedtls_2 now labelled insecure

occurred due to flake.lock progression

hosts/modules/steam.nix

@@ -3,13 +3,25 @@
   lib,
   ...
 }: {
-  nixpkgs.config.allowUnfreePredicate = pkg:
+  # nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
+  #   builtins.elem (lib.getName pkg) [
-      "steam"
+  #     "steam"
-      "steam-original"
+  #     "steam-original"
-      "steam-unwrapped"
+  #     "steam-unwrapped"
-      "steam-run"
+  #     "steam-run"
-    ];
+  #   ];
+  nixpkgs.overlays = [
+    (self: super: {
+      lutris = super.lutris.overrideAttrs (final: prev: {
+        # WARNING: pkgs.mbedtls_2 is marked insecure!
+        # Replace pkgs.mbedtls_2 (v2.28.10) with pkgs.mbedtls (v3.6.4)
+        targetPkgs = pkgs: (
+          (builtins.filter (p: p != pkgs.mbedtls_2) (prev.targetPkgs pkgs))
+          ++ [pkgs.mbedtls]
+        );
+      });
+    })
+  ];
 
   programs = {
     steam = {
@@ -33,7 +45,12 @@
 
     mangohud
     protonup-qt
-    lutris
+
+    # XXX: DEBUG: disable lutris
+    # XXX: NOTE: pkgs.lutris depends on pkgs.mbedtls_2 which is marked insecure!
+    # XXX: NOTE: Use the provided overlay to patch pkgs.mbedtls_2 -> pkgs.mbedtls
+    # lutris
+
     bottles
     heroic
   ];