diff --git a/modules/lightning-loop.nix b/modules/lightning-loop.nix
index f9f8818..cf914f4 100644
--- a/modules/lightning-loop.nix
+++ b/modules/lightning-loop.nix
@@ -14,7 +14,7 @@ let
     tlscertpath=${secretsDir}/loop-cert
     tlskeypath=${secretsDir}/loop-key
 
-    lnd.host=${builtins.elemAt config.services.lnd.rpclisten 0}:${toString config.services.lnd.rpcPort}
+    lnd.host=${config.services.lnd.rpclisten}:${toString config.services.lnd.rpcPort}
     lnd.macaroondir=${config.services.lnd.networkDir}
     lnd.tlspath=${secretsDir}/lnd-cert
 
diff --git a/modules/lnd.nix b/modules/lnd.nix
index b4eac5b..7fb69b8 100644
--- a/modules/lnd.nix
+++ b/modules/lnd.nix
@@ -18,8 +18,8 @@ let
     tlskeypath=${secretsDir}/lnd-key
 
     listen=${toString cfg.listen}:${toString cfg.listenPort}
-    ${lib.concatMapStrings (rpclisten: "rpclisten=${rpclisten}:${toString cfg.rpcPort}\n") cfg.rpclisten}
-    ${lib.concatMapStrings (restlisten: "restlisten=${restlisten}:${toString cfg.restPort}\n") cfg.restlisten}
+    rpclisten=${cfg.rpclisten}
+    restlisten=${cfg.restlisten}
 
     bitcoin.${bitcoind.network}=1
     bitcoin.active=1
@@ -66,15 +66,15 @@ in {
       description = "Bind to given port to listen to peer connections";
     };
     rpclisten = mkOption {
-      type = types.listOf types.str;
-      default = [ "localhost" ];
+      type = types.str;
+      default = "localhost";
       description = ''
         Bind to given address to listen to RPC connections.
       '';
     };
     restlisten = mkOption {
-      type = types.listOf types.str;
-      default = [ "localhost" ];
+      type = types.str;
+      default = "localhost";
       description = ''
         Bind to given address to listen to REST connections.
       '';
@@ -139,7 +139,7 @@ in {
       # Switch user because lnd makes datadir contents readable by user only
       ''
         sudo -u lnd ${cfg.package}/bin/lncli \
-          --rpcserver ${builtins.elemAt cfg.rpclisten 0}:${toString cfg.rpcPort} \
+          --rpcserver ${cfg.rpclisten}:${toString cfg.rpcPort} \
           --tlscertpath '${secretsDir}/lnd-cert' \
           --macaroonpath '${networkDir}/admin.macaroon' "$@"
       '';
@@ -189,12 +189,12 @@ in {
         RestartSec = "10s";
         ReadWritePaths = "${cfg.dataDir}";
         ExecStartPost = let
-          restUrl = "https://${builtins.elemAt cfg.restlisten 0}:${toString cfg.restPort}/v1";
+          restUrl = "https://${cfg.restlisten}:${toString cfg.restPort}/v1";
         in [
           # Run fully privileged for secrets dir write access
           "+${nix-bitcoin-services.script ''
             attempts=250
-            while ! { exec 3>/dev/tcp/${builtins.elemAt cfg.restlisten 0}/${toString cfg.restPort} && exec 3>&-; } &>/dev/null; do
+            while ! { exec 3>/dev/tcp/${cfg.restlisten}/${toString cfg.restPort} && exec 3>&-; } &>/dev/null; do
                   ((attempts-- == 0)) && { echo "lnd REST service unreachable"; exit 1; }
                   sleep 0.1
             done
@@ -236,7 +236,7 @@ in {
             fi
 
             # Wait until the RPC port is open
-            while ! { exec 3>/dev/tcp/${builtins.elemAt cfg.rpclisten 0}/${toString cfg.rpcPort}; } &>/dev/null; do
+            while ! { exec 3>/dev/tcp/${cfg.rpclisten}/${toString cfg.rpcPort}; } &>/dev/null; do
               sleep 0.1
             done
 
diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 12c61be..1aa363a 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -264,8 +264,8 @@ in {
 
     services.lnd = {
       listen = netns.lnd.address;
-      rpclisten = [ netns.lnd.address ];
-      restlisten = [ netns.lnd.address ];
+      rpclisten = netns.lnd.address;
+      restlisten = netns.lnd.address;
     };
 
     services.liquidd = {