From 4527b96ffc41ed21c6929d9a1af0ae2ef8639ea4 Mon Sep 17 00:00:00 2001
From: Timothy DeHerrera <tim.deh@pm.me>
Date: Tue, 9 Jun 2020 10:37:57 -0600
Subject: [PATCH] security#mitigations: avoid http call

---
 modules/security/mitigations.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/modules/security/mitigations.nix b/modules/security/mitigations.nix
index 9cd45729..9a5766d9 100644
--- a/modules/security/mitigations.nix
+++ b/modules/security/mitigations.nix
@@ -5,10 +5,9 @@ let
 
   cfg = config.security.mitigations;
 
-  cmdline = readFile (fetchurl {
-    url = "https://make-linux-fast-again.com";
-    sha256 = "sha256:10diw5xn5jjx79nvyjqcpdpcqihnr3y0756fsgiv1nq7w28ph9w6";
-  });
+  cmdline = ''
+    ibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off
+  '';
 in {
   options = {
     security.mitigations.disable = mkOption {