From f93908d1570c2c0c21f50a1b2043e407f5e751f2 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Sun, 8 Feb 2026 19:26:58 +0100
Subject: [PATCH] nebula: Set listen address on hosts with fixed addresses

---
 modules/system/services/nebula/default.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index 6cb23ac..02cd028 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -76,11 +76,14 @@ in
       key = config.sops.secrets."nebula/host-key".path;
 
       tun.device = netCfg.overlay.interface;
-      listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
+      listen = {
+        host = lib.mkIf (netCfg.underlay.address != null) netCfg.underlay.address;
+        port = lib.mkIf netCfg.underlay.isPublic publicPort;
+      };
 
       inherit (netCfg.overlay) isLighthouse;
       lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
-      
+
       isRelay = netCfg.overlay.isLighthouse;
       relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;