diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index 8f15db3..02cd028 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -9,6 +9,11 @@ let
   netCfg = config.custom.networking;
 
   publicPort = 47141;
+
+  lighthouses =
+    netCfg.peers
+    |> lib.filter (peer: peer.overlay.isLighthouse)
+    |> lib.map (lighthouse: lighthouse.overlay.address);
 in
 {
   options.custom.services.nebula = {
@@ -71,14 +76,16 @@ in
       key = config.sops.secrets."nebula/host-key".path;
 
       tun.device = netCfg.overlay.interface;
-      listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
+      listen = {
+        host = lib.mkIf (netCfg.underlay.address != null) netCfg.underlay.address;
+        port = lib.mkIf netCfg.underlay.isPublic publicPort;
+      };
 
       inherit (netCfg.overlay) isLighthouse;
-      lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) (
-        netCfg.peers
-        |> lib.filter (peer: peer.overlay.isLighthouse)
-        |> lib.map (lighthouse: lighthouse.overlay.address)
-      );
+      lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
+
+      isRelay = netCfg.overlay.isLighthouse;
+      relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
 
       staticHostMap =
         netCfg.peers