security#mitigations: avoid http call

2020-06-09 10:37:57 -06:00 · 2020-06-09 10:37:57 -06:00 · 4527b96ffc
commit 4527b96ffc
parent ad9f0d70e8
1 changed files with 3 additions and 4 deletions
--- a/modules/security/mitigations.nix
+++ b/modules/security/mitigations.nix
@ -5,10 +5,9 @@ let

  cfg = config.security.mitigations;

-  cmdline = readFile (fetchurl {
-    url = "https://make-linux-fast-again.com";
-    sha256 = "sha256:10diw5xn5jjx79nvyjqcpdpcqihnr3y0756fsgiv1nq7w28ph9w6";
-  });
+  cmdline = ''
+    ibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off
+  '';
 in {
  options = {
    security.mitigations.disable = mkOption {