diff --git a/operating-systems/buer.scm b/operating-systems/buer.scm
index 25ae848..cdbc038 100644
--- a/operating-systems/buer.scm
+++ b/operating-systems/buer.scm
@@ -99,7 +99,13 @@
    (kernel-arguments
     (cons* "modprobe.blacklist=usbmouse,usbkbd,pcspkr"
            "thinkpad_acpi.fan_control=1"
-           (filter (negate (partial string-prefix? "debugfs"))
+           (filter (apply conjoin
+                          (map (negate (partial partial string-prefix?))
+                               (list "debugfs"
+                                     "l1tf"
+                                     "mds"
+                                     "mitigations"
+                                     "nosmt")))
                    %kicksecure-kernel-arguments)))
 
    (file-systems
@@ -311,11 +317,7 @@
           #|Doas configuration services|#
           (simple-service 'miscellaneous-permissions doas-service-type
                           (list (permit (identity ":wheel")
-                                        (setenv `(("GUILE_LOAD_PATH" . #t))))
-                                (permit (identity ":wheel")
-                                        (setenv `(("GUILE_LOAD_PATH" . #t)
-                                                  ("PATH" . #t)))
-                                        (command "guix"))))
+                                        (setenv `(("GUILE_LOAD_PATH" . #t))))))
           (simple-service 'text-editors-permissions doas-service-type
                           (map (lambda (cmd)
                                  (permit (identity ":wheel")