diff --git a/hosts/by-name/servo/services/prosody/default.nix b/hosts/by-name/servo/services/prosody/default.nix
index 35f1ec9a0..5b96850fc 100644
--- a/hosts/by-name/servo/services/prosody/default.nix
+++ b/hosts/by-name/servo/services/prosody/default.nix
@@ -41,6 +41,10 @@
 #     - maybe i need to setup stun/turn
 #
 # TODO:
+# - MIGRATE TO NIXOS MODULE OPTIONS:
+#   - `services.prosody.ssl.`...
+#   - `services.prosody.log`
+#   - this decreases likelihood of breakage during future upgrades
 # - enable push notifications (mod_cloud_notify)
 # - optimize coturn (e.g. move off of the VPN!)
 # - ensure muc is working
@@ -245,11 +249,11 @@ in
 
     extraConfig = ''
       local function readAll(file)
-        local f = assert(io.open(file, "rb"))
+        local f = Lua.assert(Lua.io.open(file, "rb"))
         local content = f:read("*all")
         f:close()
         -- remove trailing newline
-        return string.gsub(content, "%s+", "")
+        return Lua.string.gsub(content, "%s+", "")
       end
 
       -- logging docs:
@@ -261,9 +265,11 @@ in
       }
 
       -- see: <https://prosody.im/doc/certificates#automatic_location>
-      -- try to solve: "certmanager: Error indexing certificate directory /etc/prosody/certs: cannot open /etc/prosody/certs: No such file or directory"
+      -- try to solve: "certmanager: Error indexing certificate directory /run/prosody/certs: cannot open /run/prosody/certs: No such file or directory"
       -- only, this doesn't work because prosody doesn't like acme's naming scheme
-      -- certificates = "/var/lib/acme"
+      -- certificates = "/var/lib/acme/uninsane.org"
+      -- instead, point to /etc/prosody/certs and configure symlinks into this dir (see nix config)
+      certificates = "/etc/prosody/certs"
 
       c2s_direct_tls_ports = { 5223 }
       s2s_direct_tls_ports = { 5270 }