upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-07-05 02:45:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: standardized instance records

Browse source
This commit is contained in:
Nick 2025-06-22 11:51:36 -05:00
parent 6b2a601776
commit a32993db4c
40 changed files with 310 additions and 239 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/config/instances/config/acme.nix
View file

@ -5,16 +5,16 @@ let
sopsPath
;
acmeLabel = "Acme";
acmeName = "acme";
label = "Acme";
name = "acme";
in
{
label = acmeLabel;
name = acmeName;
label = label;
name = name;
paths = {
path0 = sslPath;
};
sops = {
path0 = "${sopsPath}/${acmeName}";
path0 = "${sopsPath}/${name}";
};
}

4
modules/config/instances/config/audiobookshelf.nix
View file

@ -1,13 +1,13 @@
{ instancesFunctions }:
let
inherit (instancesFunctions)
audiobookshelfLabel
audiobookshelfName
domain0
servicePath
sslPath
sopsPath
;
audiobookshelfLabel = "Audiobookshelf";
audiobookshelfName = "audiobookshelf";
audiobookshelfSubdomain = "books";
audiobookshelfDomain = "${audiobookshelfSubdomain}.${domain0}";
in

24
modules/config/instances/config/forgejo.nix
View file

@ -7,32 +7,32 @@ let
sopsPath
;
forgejoLabel = "Forgejo";
forgejoName = "forgejo";
forgejoSubdomain = "source";
forgejoDomain = "${forgejoSubdomain}.${domain3}";
label = "Forgejo";
name = "forgejo";
subdomain = "source";
domain = "${subdomain}.${domain3}";
in
{
label = forgejoLabel;
name = forgejoName;
label = label;
name = name;
email = {
address0 = "noreply@${domain3}";
};
sops = {
path0 = "${sopsPath}/${forgejoName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = forgejoDomain;
url0 = domain;
};
subdomain = forgejoSubdomain;
subdomain = subdomain;
paths = {
path0 = "${servicePath}/${forgejoLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 3033;
};
ssl = {
cert = "${sslPath}/${forgejoSubdomain}.${domain3}/fullchain.pem";
key = "${sslPath}/${forgejoSubdomain}.${domain3}/key.pem";
cert = "${sslPath}/${subdomain}.${domain3}/fullchain.pem";
key = "${sslPath}/${subdomain}.${domain3}/key.pem";
};
}

24
modules/config/instances/config/glance.nix
View file

@ -7,32 +7,32 @@ let
sopsPath
;
glanceLabel = "Glance";
glanceName = "glance";
glanceSubdomain = "dashboard";
glanceDomain = "${glanceSubdomain}.${domain0}";
label = "Glance";
name = "glance";
subdomain = "dashboard";
domain = "${subdomain}.${domain0}";
in
{
label = glanceLabel;
name = glanceName;
label = label;
name = name;
email = {
address0 = "noreply@${domain0}";
};
sops = {
path0 = "${sopsPath}/${glanceName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = glanceDomain;
url0 = domain;
};
subdomain = glanceSubdomain;
subdomain = subdomain;
paths = {
path0 = "${servicePath}/${glanceLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 3434;
};
ssl = {
cert = "${sslPath}/${glanceSubdomain}.${domain0}/fullchain.pem";
key = "${sslPath}/${glanceSubdomain}.${domain0}/key.pem";
cert = "${sslPath}/${subdomain}.${domain0}/fullchain.pem";
key = "${sslPath}/${subdomain}.${domain0}/key.pem";
};
}

24
modules/config/instances/config/jellyfin.nix
View file

@ -2,27 +2,27 @@
let
inherit (instancesFunctions)
domain0
jellyfinLabel
jellyfinName
servicePath
sslPath
sopsPath
;
jellyfinDomain = "${jellyfinName}.${domain0}";
label = "Jellyfin";
name = "jellyfin";
domain = "${name}.${domain0}";
in
{
label = jellyfinLabel;
name = jellyfinName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${jellyfinName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = jellyfinDomain;
url0 = domain;
};
subdomain = jellyfinName;
subdomain = name;
paths = {
path0 = "${servicePath}/${jellyfinLabel}";
path1 = "${servicePath}/${jellyfinLabel}/cache";
path0 = "${servicePath}/${label}";
path1 = "${servicePath}/${label}/cache";
};
ports = {
port0 = 5055; # Jellyseer
@ -30,7 +30,7 @@ in
port2 = 8920; # Jellyfin HTTPS
};
ssl = {
cert = "${sslPath}/${jellyfinName}.${domain0}/fullchain.pem";
key = "${sslPath}/${jellyfinName}.${domain0}/key.pem";
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

38
modules/config/instances/config/kanboard.nix
View file

@ -1,38 +0,0 @@
{ instancesFunctions }:
let
inherit (instancesFunctions)
domain0
servicePath
sslPath
sopsPath
;
kanboardLabel = "Kanboard";
kanboardName = "kanboard";
kanboardSubdomain = "todo";
kanboardDomain = "${kanboardSubdomain}.${domain0}";
in
{
label = kanboardLabel;
name = kanboardName;
email = {
address0 = "noreply@${kanboardName}.${domain0}";
};
sops = {
path0 = "${sopsPath}/${kanboardName}";
};
domains = {
url0 = kanboardDomain;
};
subdomain = kanboardSubdomain;
paths = {
path0 = "${servicePath}/${kanboardLabel}";
};
ports = {
port0 = 3128;
};
ssl = {
cert = "${sslPath}/${kanboardSubdomain}.${domain0}/fullchain.pem";
key = "${sslPath}/${kanboardSubdomain}.${domain0}/key.pem";
};
}

24
modules/config/instances/config/mastodon.nix
View file

@ -7,31 +7,31 @@ let
sopsPath
;
mastodonLabel = "Mastodon";
mastodonName = "mastodon";
mastodonSubdomain = "social";
mastodonDomain = "${mastodonSubdomain}.${domain3}";
label = "Mastodon";
name = "mastodon";
subdomain = "social";
domain = "${subdomain}.${domain3}";
in
{
label = mastodonLabel;
name = mastodonName;
label = label;
name = name;
email = {
address0 = "noreply@${domain3}";
};
domains = {
url0 = mastodonDomain;
url0 = domain;
};
subdomain = mastodonSubdomain;
subdomain = subdomain;
sops = {
path0 = "${sopsPath}/${mastodonName}";
path0 = "${sopsPath}/${name}";
};
paths = {
path0 = "${servicePath}/${mastodonLabel}";
path0 = "${servicePath}/${label}";
path1 = "";
path2 = "";
};
ssl = {
cert = "${sslPath}/${mastodonSubdomain}.${domain3}/fullchain.pem";
key = "${sslPath}/${mastodonSubdomain}.${domain3}/key.pem";
cert = "${sslPath}/${subdomain}.${domain3}/fullchain.pem";
key = "${sslPath}/${subdomain}.${domain3}/key.pem";
};
}

14
modules/config/instances/config/matrix.nix
View file

@ -5,18 +5,18 @@ let
sopsPath
;
matrixLabel = "Matrix";
matrixName = "matrix";
label = "Matrix";
name = "matrix";
in
{
label = matrixLabel;
name = matrixName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${matrixName}";
path0 = "${sopsPath}/${name}";
};
subdomain = matrixName;
subdomain = name;
paths = {
path0 = "${servicePath}/${matrixLabel}";
path0 = "${servicePath}/${label}";
path1 = "";
path2 = "";
};

18
modules/config/instances/config/minecraft.nix
View file

@ -7,24 +7,24 @@ let
sopsPath
;
minecraftLabel = "Minecraft";
minecraftName = "minecraft";
label = "Minecraft";
name = "minecraft";
in
{
label = minecraftLabel;
name = minecraftName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${minecraftName}";
path0 = "${sopsPath}/${name}";
};
subdomain = minecraftName;
subdomain = name;
paths = {
path0 = "${servicePath}/${minecraftLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 43000; # Minecraft (Brix on Nix)
};
ssl = {
cert = "${sslPath}/${minecraftName}.${domain0}/fullchain.pem";
key = "${sslPath}/${minecraftName}.${domain0}/key.pem";
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

24
modules/config/instances/config/nextcloud.nix
View file

@ -7,31 +7,31 @@ let
sopsPath
;
nextcloudLabel = "Nextcloud";
nextcloudName = "nextcloud";
nextcloudDomain = "${nextcloudName}.${domain0}";
label = "Nextcloud";
name = "nextcloud";
domain = "${name}.${domain0}";
in
{
label = nextcloudLabel;
name = nextcloudName;
label = label;
name = name;
email = {
address0 = "noreply@${nextcloudName}.${domain0}";
address0 = "noreply@${name}.${domain0}";
};
sops = {
path0 = "${sopsPath}/${nextcloudName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = nextcloudDomain;
url0 = domain;
};
subdomain = nextcloudName;
subdomain = name;
paths = {
path0 = "${servicePath}/${nextcloudLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 8354; # Nextcloud
};
ssl = {
cert = "${sslPath}/${nextcloudName}.${domain0}/fullchain.pem";
key = "${sslPath}/${nextcloudName}.${domain0}/key.pem";
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

10
modules/config/instances/config/nginx.nix
View file

@ -4,14 +4,14 @@ let
sopsPath
;
nginxLabel = "Nginx";
nginxName = "nginx";
label = "Nginx";
name = "nginx";
in
{
label = nginxLabel;
name = nginxName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${nginxName}";
path0 = "${sopsPath}/${name}";
};
ports = {
port0 = 8080;

24
modules/config/instances/config/ollama.nix
View file

@ -7,30 +7,30 @@ let
sopsPath
;
ollamaLabel = "Ollama";
ollamaName = "ollama";
ollamaDomain = "${ollamaName}.${domain0}";
label = "Ollama";
name = "ollama";
domain = "${name}.${domain0}";
in
{
label = ollamaLabel;
name = ollamaName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${ollamaName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = ollamaDomain;
url0 = domain;
};
subdomain = ollamaName;
subdomain = name;
paths = {
path0 = "${servicePath}/${ollamaLabel}";
path1 = "/mnt/media/storage/${ollamaName}";
path0 = "${servicePath}/${label}";
path1 = "/mnt/media/storage/${name}";
};
ports = {
port0 = 8088; # Open-WebUI (Ollama Front End)
port1 = 11434; # Ollama API
};
ssl = {
cert = "${sslPath}/${ollamaName}.${domain0}/fullchain.pem";
key = "${sslPath}/${ollamaName}.${domain0}/key.pem";
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

26
modules/config/instances/config/owncast.nix
View file

@ -7,31 +7,31 @@ let
sopsPath
;
owncastLabel = "Owncast";
owncastName = "owncast";
owncastSubdomain = "stream";
owncastDomain = "${owncastSubdomain}.${domain1}";
label = "Owncast";
name = "owncast";
subdomain = "stream";
domain = "${subdomain}.${domain1}";
in
{
label = owncastLabel;
name = owncastName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${owncastName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = owncastDomain;
url0 = domain;
};
subdomain = owncastSubdomain;
subdomain = subdomain;
paths = {
path0 = "${servicePath}/${owncastLabel}";
path1 = "/mnt/media/storage/${owncastName}";
path0 = "${servicePath}/${label}";
path1 = "/mnt/media/storage/${name}";
};
ports = {
port0 = 9454;
port1 = 1935;
};
ssl = {
cert = "${sslPath}/${owncastSubdomain}.${domain1}/fullchain.pem";
key = "${sslPath}/${owncastSubdomain}.${domain1}/key.pem";
cert = "${sslPath}/${subdomain}.${domain1}/fullchain.pem";
key = "${sslPath}/${subdomain}.${domain1}/key.pem";
};
}

24
modules/config/instances/config/peertube.nix
View file

@ -7,26 +7,26 @@ let
sopsPath
;
peertubeLabel = "PeerTube";
peertubeName = "peertube";
peertubeSubdomain = "video";
peertubeDomain = "${peertubeSubdomain}.${domain3}";
label = "PeerTube";
name = "peertube";
subdomain = "video";
domain = "${subdomain}.${domain3}";
in
{
label = peertubeLabel;
name = peertubeName;
label = label;
name = name;
email = {
address0 = "noreply@${domain3}";
};
sops = {
path0 = "${sopsPath}/${peertubeName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = peertubeDomain;
url0 = domain;
};
subdomain = peertubeSubdomain;
subdomain = subdomain;
paths = {
path0 = "${servicePath}/${peertubeLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 9000; # HTTP
@ -36,7 +36,7 @@ in
port4 = 52800;
};
ssl = {
cert = "${sslPath}/${peertubeSubdomain}.${domain3}/fullchain.pem";
key = "${sslPath}/${peertubeSubdomain}.${domain3}/key.pem";
cert = "${sslPath}/${subdomain}.${domain3}/fullchain.pem";
key = "${sslPath}/${subdomain}.${domain3}/key.pem";
};
}

35
modules/config/instances/config/podgrab.nix Normal file
View file

@ -0,0 +1,35 @@
{ instancesFunctions }:
let
inherit (instancesFunctions)
domain0
servicePath
sslPath
sopsPath
;
label = "Podgrab";
name = "podgrab";
subdomain = "podcasts";
domain = "${subdomain}.${domain0}";
in
{
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = domain;
};
subdomain = name;
paths = {
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 4242;
};
ssl = {
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

18
modules/config/instances/config/postfix.nix
View file

@ -7,22 +7,22 @@ let
sopsPath
;
postfixLabel = "Postfix";
postfixName = "postfix";
postfixDomain = "${postfixName}.${domain3}";
label = "Postfix";
name = "postfix";
domain = "${name}.${domain3}";
in
{
label = postfixLabel;
name = postfixName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${postfixName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = postfixDomain;
url0 = domain;
};
subdomain = postfixName;
subdomain = name;
paths = {
path0 = "${servicePath}/${postfixLabel}";
path0 = "${servicePath}/${label}";
};
ssl = {
cert = "${sslPath}/${domain3}/fullchain.pem";

12
modules/config/instances/config/postgresql.nix
View file

@ -5,17 +5,17 @@ let
sopsPath
;
postgresLabel = "PostgreSQL";
postgresName = "postgres";
label = "PostgreSQL";
name = "postgres";
in
{
label = postgresLabel;
name = postgresName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${postgresName}";
path0 = "${sopsPath}/${name}";
};
paths = {
path0 = "${servicePath}/${postgresLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 5432;

10
modules/config/instances/config/samba.nix
View file

@ -4,14 +4,14 @@ let
sopsPath
;
sambaLabel = "Samba";
sambaName = "samba";
label = "Samba";
name = "samba";
in
{
label = sambaLabel;
name = sambaName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${sambaName}";
path0 = "${sopsPath}/${name}";
};
paths = {
};

24
modules/config/instances/config/searx.nix
View file

@ -7,32 +7,32 @@ let
sopsPath
;
searxLabel = "SearXNG";
searxName = "searx";
searxSubdomain = "search";
searxDomain = "${searxSubdomain}.${domain0}";
label = "SearXNG";
name = "searx";
subdomain = "search";
domain = "${subdomain}.${domain0}";
in
{
label = searxLabel;
name = searxName;
label = label;
name = name;
email = {
address0 = "noreply@${domain0}";
};
sops = {
path0 = "${sopsPath}/${searxName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = searxDomain;
url0 = domain;
};
subdomain = searxSubdomain;
subdomain = subdomain;
paths = {
path0 = "${servicePath}/${searxLabel}";
path0 = "${servicePath}/${label}";
};
ports = {
port0 = 8888;
};
ssl = {
cert = "${sslPath}/${searxSubdomain}.${domain0}/fullchain.pem";
key = "${sslPath}/${searxSubdomain}.${domain0}/key.pem";
cert = "${sslPath}/${subdomain}.${domain0}/fullchain.pem";
key = "${sslPath}/${subdomain}.${domain0}/key.pem";
};
}

20
modules/config/instances/config/syncthing.nix
View file

@ -6,27 +6,27 @@ let
sopsPath
;
syncthingLabel = "Syncthing";
syncthingName = "syncthing";
syncthingDomain = "${syncthingName}.${domain0}";
label = "Syncthing";
name = "syncthing";
domain = "${name}.${domain0}";
in
{
label = syncthingLabel;
name = syncthingName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${syncthingName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = syncthingDomain;
url0 = domain;
};
subdomain = syncthingName;
subdomain = name;
ports = {
port0 = 8388; # Syncthing (WebUI)
port1 = 21027; # Syncthing (Discovery)
port2 = 22000; # Syncthing (Transfer)
};
ssl = {
cert = "${sslPath}/${syncthingName}.${domain0}/fullchain.pem";
key = "${sslPath}/${syncthingName}.${domain0}/key.pem";
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

10
modules/config/instances/config/synology.nix
View file

@ -4,14 +4,14 @@ let
sopsPath
;
synologyLabel = "Synology";
synologyName = "synology";
label = "Synology";
name = "synology";
in
{
label = synologyLabel;
name = synologyName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${synologyName}";
path0 = "${sopsPath}/${name}";
};
ports = {
port0 = 5001; # Synology HTTPS

10
modules/config/instances/config/upRootNutrition.nix
View file

@ -6,17 +6,17 @@ let
sopsPath
;
upRootNutritionLabel = "upRootNutrition";
upRootNutritionName = "uprootnutrition";
label = "upRootNutrition";
name = "uprootnutrition";
in
{
label = upRootNutritionLabel;
name = upRootNutritionName;
label = label;
name = name;
email = {
address0 = "nick@${domain3}";
};
sops = {
path0 = "${sopsPath}/${upRootNutritionName}";
path0 = "${sopsPath}/${name}";
};
paths = {
path0 = "/var/lib/website/dist";

24
modules/config/instances/config/vaultwarden.nix
View file

@ -7,31 +7,31 @@ let
sopsPath
;
vaultwardenLabel = "Vaultwarden";
vaultwardenName = "vaultwarden";
vaultwardenDomain = "${vaultwardenName}.${domain0}";
label = "Vaultwarden";
name = "vaultwarden";
domain = "${name}.${domain0}";
in
{
label = vaultwardenLabel;
name = vaultwardenName;
label = label;
name = name;
email = {
address0 = "noreply@${vaultwardenName}.${domain0}";
address0 = "noreply@${name}.${domain0}";
};
sops = {
path0 = "${sopsPath}/${vaultwardenName}";
path0 = "${sopsPath}/${name}";
};
domains = {
url0 = vaultwardenDomain;
url0 = domain;
};
subdomain = vaultwardenName;
subdomain = name;
paths = {
path0 = "${servicePath}/${vaultwardenLabel}/BackupDir";
path0 = "${servicePath}/${label}/BackupDir";
};
ports = {
port0 = 8085; # Vaultwarden WebUI
};
ssl = {
cert = "${sslPath}/${vaultwardenName}.${domain0}/fullchain.pem";
key = "${sslPath}/${vaultwardenName}.${domain0}/key.pem";
cert = "${sslPath}/${name}.${domain0}/fullchain.pem";
key = "${sslPath}/${name}.${domain0}/key.pem";
};
}

10
modules/config/instances/config/wireGuard.nix
View file

@ -4,14 +4,14 @@ let
sopsPath
;
wireGuardLabel = "WireGuard";
wireGuardName = "wireguard";
label = "WireGuard";
name = "wireguard";
in
{
label = wireGuardLabel;
name = wireGuardName;
label = label;
name = name;
sops = {
path0 = "${sopsPath}/${wireGuardName}";
path0 = "${sopsPath}/${name}";
};
ports = {
};

4
modules/config/instances/default.nix
View file

@ -2,10 +2,6 @@ let
configPath = ./config;
instancesFunctions = {
jellyfinLabel = "Jellyfin";
jellyfinName = "jellyfin";
audiobookshelfLabel = "Audiobookshelf";
audiobookshelfName = "audiobookshelf";
domain0 = "cloudbert.fun";
domain1 = "the-nutrivore.social";
domain2 = "the-nutrivore.com";

2
modules/nixos/services/acme/default.nix
View file

@ -38,8 +38,8 @@ in
"nextcloud"
"syncthing"
"searx"
"podgrab"
"vaultwarden"
"kanboard"
"audiobookshelf"
]
)

77
modules/nixos/services/podgrab/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ config, flake, ... }:
let
inherit (flake.config.services.instances) podgrab web;
inherit (flake.config.machines.devices) ceres;
service = podgrab;
localhost = web.localhost.address0;
host = service.domains.url0;
in
{
services = {
podgrab = {
enable = true;
port = service.ports.port0;
passwordFile = config.sops.secrets."${service.name}-pass".path;
dataDirectory = service.paths.path0;
};
caddy = {
virtualHosts = {
"${host}" = {
extraConfig = ''
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
reverse_proxy ${localhost}:${toString service.ports.port1}
tls ${service.ssl.cert} ${service.ssl.key}
'';
};
};
};
};
sops =
let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}";
owner = service.name;
mode = "600";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"pass"
]
);
};
fileSystems."/var/lib/${service.name}" = {
device = service.paths.path0;
fsType = "none";
options = [
"bind"
];
depends = [
ceres.storage0.mount
];
};
systemd.tmpfiles.rules = [
"Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
"Z ${service.sops.path0} 0755 ${service.name} ${service.name} -"
];
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
];
};
};
}