nixops: work around openssl3 pam_p11 breakage

nixops/desktop.nix

@@ -15,11 +15,13 @@ in
       (./. + "/${host}-hardware-configuration.nix")
     ];
   nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
+    libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
     pam_p11 = super.pam_p11.overrideAttrs(oa: {
-      patchPhase = oa.patchPhase or "" + ''
-          substituteInPlace src/match_openssh.c --replace \
-            '"%s/.ssh/authorized_keys", pw->pw_dir)' \
-            '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
+      patches = [];
+      postPatch = ''
+        substituteInPlace src/match_openssh.c --replace \
+          '"%s/.ssh/authorized_keys", pw->pw_dir)' \
+          '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
         '';
     });
     gnome = super.gnome // {
@@ -28,6 +30,9 @@ in
         });
     };
   };
+  nixpkgs.config.permittedInsecurePackages = [
+    "openssl-1.1.1t"
+  ];
 
   networking.hostName = host;
   networking.firewall.allowedTCPPorts = [ 1883 ];