diff --git a/modules/system/services/nebula/dns.nix b/modules/system/services/nebula/dns.nix
index 51b04fa..f750fc1 100644
--- a/modules/system/services/nebula/dns.nix
+++ b/modules/system/services/nebula/dns.nix
@@ -29,18 +29,13 @@ in
               |> lib.map (node: "\"${node.name}.${nebulaCfg.network.domain}. A ${node.address}\"");
           };
 
-          forward-zone =
-            (lib.singleton {
-              name = ".";
-              forward-addr = [
-                "1.1.1.1"
-                "8.8.8.8"
-              ];
-            })
-            ++ lib.optional config.custom.services.tailscale.enable {
-              name = "${config.custom.services.tailscale.domain}";
-              forward-addr = [ "100.100.100.100" ];
-            };
+          forward-zone = lib.singleton {
+            name = ".";
+            forward-addr = [
+              "1.1.1.1"
+              "8.8.8.8"
+            ];
+          };
         };
       };
 
diff --git a/modules/system/services/syncthing.nix b/modules/system/services/syncthing.nix
index b4e9605..b2faf1f 100644
--- a/modules/system/services/syncthing.nix
+++ b/modules/system/services/syncthing.nix
@@ -51,8 +51,8 @@ in
   config = lib.mkIf cfg.enable {
     assertions = [
       {
-        assertion = config.custom.services.nebula.node.enable;
-        message = "Syncthing requires nebula";
+        assertion = config.custom.services.tailscale.enable;
+        message = "Syncthing requires tailscale";
       }
       {
         assertion = cfg.isServer -> (cfg.gui.domain != null);
@@ -86,61 +86,48 @@ in
       };
     };
 
-    services = {
-      syncthing = {
-        enable = true;
+    services.syncthing = {
+      enable = true;
 
-        user = lib.mkIf (!cfg.isServer) "seb";
-        group = lib.mkIf (!cfg.isServer) "users";
-        dataDir = lib.mkIf (!cfg.isServer) "/home/seb";
+      user = lib.mkIf (!cfg.isServer) "seb";
+      group = lib.mkIf (!cfg.isServer) "users";
+      dataDir = lib.mkIf (!cfg.isServer) "/home/seb";
 
-        guiAddress = "localhost:${toString cfg.gui.port}";
+      guiAddress = "localhost:${toString cfg.gui.port}";
 
-        cert = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/cert".path;
-        key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path;
+      cert = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/cert".path;
+      key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path;
 
-        settings = {
-          # Get the devices and their ids from the configs of the other hosts
-          devices =
-            self.nixosConfigurations
-            |> lib.filterAttrs (name: _: name != config.networking.hostName)
-            |> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable)
-            |> lib.mapAttrs (
-              _: value: {
-                id = value.config.custom.services.syncthing.deviceId;
-                addresses = [
-                  "tcp://${value.config.custom.services.nebula.node.address}:${toString cfg.syncPort}"
-                ];
-              }
-            );
+      settings = {
+        # Get the devices and their ids from the configs of the other hosts
+        devices =
+          self.nixosConfigurations
+          |> lib.filterAttrs (name: _: name != config.networking.hostName)
+          |> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable)
+          |> lib.mapAttrs (
+            name: value: {
+              id = value.config.custom.services.syncthing.deviceId;
+              addresses = [ "tcp://${name}.${config.custom.services.tailscale.domain}:${toString cfg.syncPort}" ];
+            }
+          );
 
-          folders =
-            cfg.folders
-            |> lib'.genAttrs (name: {
-              path = "${dataDir}/${name}";
-              devices = config.services.syncthing.settings.devices |> lib.attrNames;
-            });
+        folders =
+          cfg.folders
+          |> lib'.genAttrs (name: {
+            path = "${dataDir}/${name}";
+            devices = config.services.syncthing.settings.devices |> lib.attrNames;
+          });
 
-          options = {
-            listenAddress = "tcp://${config.custom.services.nebula.node.address}:${toString cfg.syncPort}";
-            globalAnnounceEnabled = false;
-            localAnnounceEnabled = false;
-            relaysEnabled = false;
-            natEnabled = false;
-            urAccepted = -1;
-            autoUpgradeIntervalH = 0;
-          };
+        options = {
+          listenAddress = "tcp://0.0.0.0:${toString cfg.syncPort}";
+          globalAnnounceEnabled = false;
+          localAnnounceEnabled = false;
+          relaysEnabled = false;
+          natEnabled = false;
+          urAccepted = -1;
+          autoUpgradeIntervalH = 0;
         };
       };
-
-      nebula.networks.mesh.firewall.inbound =
-        config.services.syncthing.settings.devices
-        |> lib.attrNames
-        |> lib.map (name: {
-          port = cfg.syncPort;
-          proto = "tcp";
-          host = name;
-        });
     };
 
     custom = {
diff --git a/modules/system/services/tailscale.nix b/modules/system/services/tailscale.nix
index 28fc6e1..8f37da5 100644
--- a/modules/system/services/tailscale.nix
+++ b/modules/system/services/tailscale.nix
@@ -35,5 +35,13 @@ in
     systemd.services.tailscaled-set.after = [ "tailscaled-autoconnect.service" ];
 
     custom.persistence.directories = [ "/var/lib/tailscale" ];
+
+    # Disable search domain when nebula is in use
+    systemd.network.networks."50-tailscale" = lib.mkIf config.custom.services.nebula.node.enable {
+      matchConfig.Name = config.services.tailscale.interfaceName;
+      linkConfig.Unmanaged = lib.mkForce false;
+      dns = [ "100.100.100.100" ];
+      domains = [ ];
+    };
   };
 }