diff --git a/modules/services/nginx-conf.nix b/modules/services/nginx-conf.nix
index f446f57..dd3c378 100755
--- a/modules/services/nginx-conf.nix
+++ b/modules/services/nginx-conf.nix
@@ -5,7 +5,7 @@ let
   cfg = config.modules.services.nginx-config;
 in {
   options.modules.services.nginx-config = {
-	enable = mkEnableOption "enable nginx, a high performance web server along with default configurations";
+	enable = mkEnableOption "enable and configure nginx. you know what nginx is.";
 
     package = mkOption {
       type = types.package;
@@ -28,6 +28,7 @@ in {
     security.acme = {
       acceptTerms = true;
       defaults.email = "reidlab325@gmail.com";
+      # uncomment me for staging!
       # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
     };
 
@@ -40,8 +41,6 @@ in {
       recommendedGzipSettings = true;
       recommendedProxySettings = true;
 
-      logError = "stderr warn";
-
       # TODO: clean this up oh my god like everything here :sob: im vomiting shaking and crying looking at this.
       commonHttpConfig = let
         # lua
@@ -98,6 +97,9 @@ in {
         ${realIpsFromList cfipv6}
         real_ip_header CF-Connecting-IP;
       '';
+
+      # this prevents invalid domains and direct ip access from being used
+      virtualHosts."_".locations."/".return = "444";
     };
 
     networking.firewall.allowedTCPPorts = [ 443 80 ];