diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix
index cd49612..3b580c8 100644
--- a/hosts/vps-monitor/default.nix
+++ b/hosts/vps-monitor/default.nix
@@ -37,7 +37,7 @@
         onlyCleanRoots = true;
       };
 
-      nebula.enable = true;
+      nebula.node.enable = true;
       sshd.enable = true;
       dns.enable = true;
     };
diff --git a/hosts/vps-private/default.nix b/hosts/vps-private/default.nix
index b0f2172..5888e01 100644
--- a/hosts/vps-private/default.nix
+++ b/hosts/vps-private/default.nix
@@ -41,7 +41,7 @@
           onlyCleanRoots = true;
         };
 
-        nebula.enable = true;
+        nebula.node.enable = true;
         sshd.enable = true;
         dns.enable = true;
 
diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix
index 78f675c..c35d0f5 100644
--- a/hosts/vps-public/default.nix
+++ b/hosts/vps-public/default.nix
@@ -36,7 +36,7 @@
         onlyCleanRoots = true;
       };
 
-      nebula.enable = true;
+      nebula.node.enable = true;
       sshd.enable = true;
 
       crowdsec = {
diff --git a/modules/system/networking.nix b/modules/system/networking.nix
index 4eaace7..db3d7d6 100644
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@@ -41,7 +41,7 @@ in
       };
       interface = lib.mkOption {
         type = lib.types.nonEmptyStr;
-        default = "nebula";
+        default = "nebula.mesh";
       };
       systemdUnit = lib.mkOption {
         type = lib.types.nonEmptyStr;
diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index e02c275..af31b6e 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -30,7 +30,7 @@ in
       message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable.";
     };
 
-    meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort;
+    meta.ports.udp = lib.optional (netCfg.underlay.isPublic) publicPort;
 
     sops.secrets."nebula/host-key" = {
       owner = config.users.users.nebula-mesh.name;
@@ -44,7 +44,6 @@ in
       cert = cfg.certificatePath;
       key = config.sops.secrets."nebula/host-key".path;
 
-      tun.device = netCfg.overlay.interface;
       listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
 
       inherit (netCfg) isLighthouse;