diff --git a/paris-container.nix b/paris-container.nix
index 435f1bb..da12e26 100644
--- a/paris-container.nix
+++ b/paris-container.nix
@@ -19,6 +19,12 @@ in {
       description = "Directory at which to store server state.";
     };
 
+    ports = mkOption {
+      type = listOf port;
+      description = "List of ports to open to the public internet.";
+      default = [ ];
+    };
+
     ldap = {
       image = mkOption {
         type = str;
@@ -26,6 +32,12 @@ in {
         default = "ghcr.io/goauthentik/ldap:latest";
       };
 
+      port = mkOption {
+        type = port;
+        description = "Port on which to listen for LDAP requests.";
+        default = 4389;
+      };
+
       domain = mkOption {
         type = str;
         description =
@@ -137,7 +149,7 @@ in {
     virtualisation.oci-containers.paris-ldap-proxy = {
       image = cfg.ldap.image;
       autoStart = true;
-      ports = [ "${cfg.ldap.port}:389" ];
+      ports = [ "${toString cfg.ldap.port}:389" ];
       environmentFiles = [ hostSecrets.parisLdapEnv.target-file ];
     };
 
@@ -184,7 +196,7 @@ in {
               auth_provider = "ldap";
               access_provider = "ldap";
 
-              ldap_uri = "ldap://localhost:${cfg.ldap.port}";
+              ldap_uri = "ldap://localhost:${toString cfg.ldap.port}";
               ldap_schema = "rfc2307bis";
 
               ldap_search_base = cfg.ldap.base;