{ self, ... }:
{
  imports = [ ];

  flake.nixosModules.verify = {
    imports = [ ./module.nix ];
  };

  perSystem =
    {
      pkgs,
      self',
      lib,
      ...
    }:
    with lib;
    {
      apps.verify = {
        type = "app";
        program =
          let
            command = service: domain: ports: ''
              echo "verify closed ports for ${service}"
              ${pkgs.rustscan}/bin/rustscan \
                  --ports ${concatStringsSep "," (map toString ports)} \
                  --addresses ${domain} \
                  --greppable
            '';
            domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
            commands =
              machine:
              mapAttrsToList (
                service: ports: command service (domain machine) ports
              ) self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
          in
          pkgs.writers.writeBashBin "verify" (concatStringsSep "\n\n" (commands "orbi"));
      };
    };

}