Add dots.ports module: fleet-wide service port registry (nixnuc + hetznix01)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

modules/hosts/nixos/hetznix01/post-install/default.nix

@@ -23,7 +23,7 @@ in
   services = {
     collabora-online = {
       enable = true;
-      port = 9980; # default
+      inherit (config.dots.ports.collabora) port;
       settings = {
         # Rely on reverse proxy for SSL
         ssl = {
@@ -51,7 +51,7 @@ in
       enable = true;
       configureNginx = true;
       environment = {
-        PHOTON_API_HOST = "nixnuc.${config.private-flake.tailnetDomain}:2322";
+        PHOTON_API_HOST = "nixnuc.${config.private-flake.tailnetDomain}:${toString config.dots.ports.photon.port}";
         PHOTON_API_USE_HTTPS = "false";
       };
       extraEnvFiles = [
@@ -122,7 +122,7 @@ in
       server = {
         baseUrl = "https://stats.${domain}";
         disableRegistration = true;
-        port = 8001;
+        inherit (config.dots.ports.plausible) port;
         # secretKeybaseFile is a path to the file which contains the secret generated
         # with openssl as described above.
         secretKeybaseFile = config.sops.secrets.plausible_secret_key_base.path;