From ffb286ba05941e8b90cc7998847f0d91d867068a Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Tue, 23 May 2023 17:38:50 +0800
Subject: [PATCH] nixops: work around openssl3 pam_p11 breakage

---
 nixops/desktop.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/nixops/desktop.nix b/nixops/desktop.nix
index a22d2eb..77c5b83 100644
--- a/nixops/desktop.nix
+++ b/nixops/desktop.nix
@@ -15,11 +15,13 @@ in
       (./. + "/${host}-hardware-configuration.nix")
     ];
   nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
+    libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
     pam_p11 = super.pam_p11.overrideAttrs(oa: {
-      patchPhase = oa.patchPhase or "" + ''
-          substituteInPlace src/match_openssh.c --replace \
-            '"%s/.ssh/authorized_keys", pw->pw_dir)' \
-            '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
+      patches = [];
+      postPatch = ''
+        substituteInPlace src/match_openssh.c --replace \
+          '"%s/.ssh/authorized_keys", pw->pw_dir)' \
+          '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
         '';
     });
     gnome = super.gnome // {
@@ -28,6 +30,9 @@ in
         });
     };
   };
+  nixpkgs.config.permittedInsecurePackages = [
+    "openssl-1.1.1t"
+  ];
 
   networking.hostName = host;
   networking.firewall.allowedTCPPorts = [ 1883 ];