ceph: workaround broken mgr modules

This is yet another incarnation of https://tracker.ceph.com/issues/64213
which was fixed for cryptography specifically (thus fixing dashboard)
but since our bcrypt update #291195
every module broke for the same reason

Until upstream manages to get this fixed permanently, I don't see that
we can do much but "vendor" in these old deps.

It may be possible to more delicately patch the rust package underneath
bcrypt, but I'm not sure how

pkgs/tools/filesystems/ceph/default.nix

@@ -169,7 +169,28 @@ let
 
   # Watch out for python <> boost compatibility
   python = python310.override {
-    packageOverrides = self: super: let cryptographyOverrideVersion = "40.0.1"; in {
+    packageOverrides = self: super: let
+      cryptographyOverrideVersion = "40.0.1";
+      bcryptOverrideVersion = "4.0.1";
+    in {
+      # Ceph does not support `bcrypt` > 4.0 yet:
+      # * Upstream issue: https://tracker.ceph.com/issues/63529
+      #   > Python Sub-Interpreter Model Used by ceph-mgr Incompatible With Python Modules Based on PyO3
+      bcrypt = super.bcrypt.overridePythonAttrs (old: rec {
+        pname = "bcrypt";
+        version = bcryptOverrideVersion;
+        src = fetchPypi {
+          inherit pname version;
+          hash = "sha256-J9N1kDrIJhz+QEf2cJ0W99GNObHskqr3KvmJVSplDr0=";
+        };
+        cargoRoot = "src/_bcrypt";
+        cargoDeps = rustPlatform.fetchCargoTarball {
+          inherit src;
+          sourceRoot = "${pname}-${version}/${cargoRoot}";
+          name = "${pname}-${version}";
+          hash = "sha256-lDWX69YENZFMu7pyBmavUZaalGvFqbHSHfkwkzmDQaY=";
+        };
+      });
       # Ceph does not support `cryptography` > 40 yet:
       # * https://github.com/NixOS/nixpkgs/pull/281858#issuecomment-1899358602
       # * Upstream issue: https://tracker.ceph.com/issues/63529