{ self, ... }:
{
  imports = [ ];

  flake.nixosModules.verify = {
    imports = [ ./module.nix ];
  };

  perSystem =
    {
      pkgs,
      self',
      lib,
      ...
    }:
    with lib;
    {
      apps.verify = {
        type = "app";
        program =
          let
            ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
            domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
          in

          # todo : create an alert if one of the ports should not be accessible
          pkgs.writers.writeBashBin "verify" ''
            ${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable
          '';
      };
    };

}