diff --git a/modules/server/containers/builder.nix b/modules/server/containers/builder.nix
index 86b186c..a516ce1 100644
--- a/modules/server/containers/builder.nix
+++ b/modules/server/containers/builder.nix
@@ -1,23 +1,23 @@
 { config, lib, serverCfg }:
 let 
   builder =
-  { image, secret ? ""
-  , subdomain ? "", ip ? "", port ? 0
+  { image, secret ? null
+  , subdomain ? null, ip ? null, port ? 0
   , extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ]
   , overrides ? { }
   }:
   let base = {
     inherit image;
 
-    environmentFiles = if secret !="" then [ config.sops.secrets."${lib.toUpper secret}".path ] else [];
+    environmentFiles = if secret then [ config.sops.secrets."${lib.toUpper secret}".path ] else [];
     environment = {} // extraEnv;
 
-    labels = if subdomain!="" then ({
+    labels = if subdomain then ({
       "traefik.enable" = "true";
       "traefik.http.routers.${subdomain}.entrypoints" = "web-secure";
       "traefik.http.routers.${subdomain}.rule" = "Host(`${subdomain}.${serverCfg.hostDomain}`)";
       "traefik.http.routers.${subdomain}.tls" = "true";
-    } // lib.optionalAttrs (port != 0) {
+    } // lib.optionalAttrs (port) {
       "traefik.http.services.${subdomain}.loadbalancer.server.port" = toString port;
     }) else {
       "traefik.enable" = "false";
@@ -25,7 +25,7 @@ let
 
     extraOptions = extraOptions ++ [
       "--add-host=host.containers.internal:host-gateway"
-    ] ++ lib.optional (ip != "") "--ip=${ip}";
+    ] ++ lib.optional (ip) "--ip=${ip}";
   };
   in lib.recursiveUpdate base overrides;
 in {
diff --git a/modules/server/containers/defs/authentik.nix b/modules/server/containers/defs/authentik.nix
index 365865c..ecc3a4a 100644
--- a/modules/server/containers/defs/authentik.nix
+++ b/modules/server/containers/defs/authentik.nix
@@ -37,7 +37,7 @@ in {
       };
       overrides = {
         cmd = [ "server" ];
-        ports = if containerCfg.pubPort != 0 && containerCfg.port != 0 then [ "${toString containerCfg.pubPort}:${toString containerCfg.port}" ] else [];
+        ports = if containerCfg.pubPort && containerCfg.port then [ "${toString containerCfg.pubPort}:${toString containerCfg.port}" ] else [];
         volumes = [
           "${serverCfg.configPath}/authentik/media:/media"
           "${serverCfg.configPath}/authentik/templates:/templates"
diff --git a/modules/server/containers/defs/nextcloud.nix b/modules/server/containers/defs/nextcloud.nix
index 5e742bc..ae1a117 100644
--- a/modules/server/containers/defs/nextcloud.nix
+++ b/modules/server/containers/defs/nextcloud.nix
@@ -47,7 +47,7 @@ in {
         "--tmpfs /tmp:rw,mode=1777"
       ];
       overrides = {
-        ports = if containerCfg.pubPort != 0 && containerCfg.port != 0 then [ "${toString containerCfg.pubPort}:${toString containerCfg.port}" ] else [];
+        ports = if containerCfg.pubPort && containerCfg.port then [ "${toString containerCfg.pubPort}:${toString containerCfg.port}" ] else [];
         volumes = [
           "${serverCfg.dataPath}/nextcloud/www:/var/www/html"
           "${serverCfg.dataPath}/nextcloud/data:/var/www/html/data"
diff --git a/modules/shared/syscfg/default.nix b/modules/shared/syscfg/default.nix
index fbcafe2..ea946ad 100644
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -101,8 +101,8 @@ let
           sops = mkOption { type = types.bool;default = false; };
           ip = mkOption { type = types.nullOr types.str; default = null;};
           subdomain = mkOption { type = types.nullOr types.str; default=null;};
-          port = mkOption { type = types.port; default = 0; };
-          pubPort = mkOption { type = types.port; default = 0; };
+          port = mkOption { type = types.nullOr types.port; default = null; };
+          pubPort = mkOption { type = types.nullOr types.port; default = null; };
           extraParam = mkOption { type = types.str; default = ""; };
         };
       });