diff --git a/machines/orbi/configuration.nix b/machines/orbi/configuration.nix
index 1e6d728..f1b66c6 100644
--- a/machines/orbi/configuration.nix
+++ b/machines/orbi/configuration.nix
@@ -73,7 +73,7 @@
 
   verify.closed.wg0.domain = "10.100.0.1";
   verify.closed.public.domain = "orbi.public";
-  verify.closed.public.ports = [ 4317 ];
+  verify.closed.public.ports.opentelemetry = [ 4317 ];
 
   # chungus rsync
   users.users.root.openssh.authorizedKeys.keys = [
diff --git a/machines/orbi/media-arr.nix b/machines/orbi/media-arr.nix
index a9e5f9a..05bfd6a 100644
--- a/machines/orbi/media-arr.nix
+++ b/machines/orbi/media-arr.nix
@@ -6,7 +6,7 @@
     8686
   ];
 
-  verify.closed.public.ports = [
+  verify.closed.public.ports.arr = [
     7878
     8989
     8686
diff --git a/nix/verify/default.nix b/nix/verify/default.nix
index 08d56a6..39835d2 100644
--- a/nix/verify/default.nix
+++ b/nix/verify/default.nix
@@ -19,14 +19,21 @@
         type = "app";
         program =
           let
-            ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
+            command = service: domain: ports: ''
+              echo "verify closed ports for ${service}"
+              ${pkgs.rustscan}/bin/rustscan \
+                  --ports ${concatStringsSep "," (map toString ports)} \
+                  --addresses ${domain} \
+                  --greppable
+            '';
             domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
+            commands =
+              machine:
+              mapAttrsToList (
+                service: ports: command service (domain machine) ports
+              ) self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
           in
-
-          # todo : create an alert if one of the ports should not be accessible
-          pkgs.writers.writeBashBin "verify" ''
-            ${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable
-          '';
+          pkgs.writers.writeBashBin "verify" (concatStringsSep "\n\n" (commands "orbi"));
       };
     };
 
diff --git a/nix/verify/module.nix b/nix/verify/module.nix
index 1ecaa10..0c35fc4 100644
--- a/nix/verify/module.nix
+++ b/nix/verify/module.nix
@@ -14,7 +14,7 @@ with types;
         };
         # todo: make this an attrs so I know why port xyz should be closed.
         ports = mkOption {
-          type = listOf int;
+          type = attrsOf (listOf int);
           description = ''
             ports that should be closed
           '';