diff --git a/modules/system/networking.nix b/modules/system/networking.nix
index db3d7d6..4eaace7 100644
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@@ -41,7 +41,7 @@ in
       };
       interface = lib.mkOption {
         type = lib.types.nonEmptyStr;
-        default = "nebula.mesh";
+        default = "nebula";
       };
       systemdUnit = lib.mkOption {
         type = lib.types.nonEmptyStr;
diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index af31b6e..e02c275 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -30,7 +30,7 @@ in
       message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable.";
     };
 
-    meta.ports.udp = lib.optional (netCfg.underlay.isPublic) publicPort;
+    meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort;
 
     sops.secrets."nebula/host-key" = {
       owner = config.users.users.nebula-mesh.name;
@@ -44,6 +44,7 @@ in
       cert = cfg.certificatePath;
       key = config.sops.secrets."nebula/host-key".path;
 
+      tun.device = netCfg.overlay.interface;
       listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
 
       inherit (netCfg) isLighthouse;