From eee2cebd214cd1c592a20d379bd53fbd7b58a461 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Sun, 8 Feb 2026 19:23:38 +0100
Subject: [PATCH 1/2] nebula: Actually enable relay support

---
 modules/system/services/nebula/default.nix | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index 8f15db3..6cb23ac 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -9,6 +9,11 @@ let
   netCfg = config.custom.networking;
 
   publicPort = 47141;
+
+  lighthouses =
+    netCfg.peers
+    |> lib.filter (peer: peer.overlay.isLighthouse)
+    |> lib.map (lighthouse: lighthouse.overlay.address);
 in
 {
   options.custom.services.nebula = {
@@ -74,11 +79,10 @@ in
       listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
 
       inherit (netCfg.overlay) isLighthouse;
-      lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) (
-        netCfg.peers
-        |> lib.filter (peer: peer.overlay.isLighthouse)
-        |> lib.map (lighthouse: lighthouse.overlay.address)
-      );
+      lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
+      
+      isRelay = netCfg.overlay.isLighthouse;
+      relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
 
       staticHostMap =
         netCfg.peers

From f93908d1570c2c0c21f50a1b2043e407f5e751f2 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Sun, 8 Feb 2026 19:26:58 +0100
Subject: [PATCH 2/2] nebula: Set listen address on hosts with fixed addresses

---
 modules/system/services/nebula/default.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index 6cb23ac..02cd028 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -76,11 +76,14 @@ in
       key = config.sops.secrets."nebula/host-key".path;
 
       tun.device = netCfg.overlay.interface;
-      listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
+      listen = {
+        host = lib.mkIf (netCfg.underlay.address != null) netCfg.underlay.address;
+        port = lib.mkIf netCfg.underlay.isPublic publicPort;
+      };
 
       inherit (netCfg.overlay) isLighthouse;
       lighthouses = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;
-      
+
       isRelay = netCfg.overlay.isLighthouse;
       relays = lib.mkIf (!netCfg.overlay.isLighthouse) lighthouses;