diff --git a/profiles/http/default.nix b/profiles/http/default.nix
index 40dcf4f..ffedae0 100644
--- a/profiles/http/default.nix
+++ b/profiles/http/default.nix
@@ -36,6 +36,14 @@ in
   services.nginx.recommendedProxySettings = true;
   services.nginx.recommendedTlsSettings = true;
 
+  # nginx return 444 for all nonexistent virtualhosts
+  services.nginx.virtualHosts."_" = {
+    addSSL = true;
+    sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+    sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+    extraConfig = "return 444;";
+  };
+
   /** /
   services.nginx.virtualHosts."" = {
     default = true;
diff --git a/users/pbsds/home/profiles/shell.nix b/users/pbsds/home/profiles/shell.nix
index 47eccfa..11f3c4e 100644
--- a/users/pbsds/home/profiles/shell.nix
+++ b/users/pbsds/home/profiles/shell.nix
@@ -36,7 +36,7 @@
         if test -d "$src"; then
           (set -x
             rm -v "$dst"
-            cp -r --dereference --one-file-system "$src/" "$dst/" )
+            cp -r --dereference --one-file-system "$src/" "$dst/"
             chmod -R +rw "$dst"
           )
         elif test -f "$src"; then