{
  lib,
  config,
  pkgs,
  ...
}: let
  mkVirtualHostDisplay = name: value: let
    aliases =
      if value.serverAliases != []
      then
        ": "
        + builtins.concatStringsSep " " value.serverAliases
      else "";
  in ''
    ${name}${aliases}
  '';
  vHosts = builtins.concatStringsSep "" (builtins.attrValues (builtins.mapAttrs mkVirtualHostDisplay config.services.nginx.virtualHosts));

  mkOpenPortDisplay = mode: port: let
    checkEnabled = service: name:
      if config.vhack.${service}.enable
      then name
      else "<port is '${name}' but service 'vhack.${service}' is not enabled.>";
    mappings = {
      "22" = checkEnabled "openssh" "ssh";
      "80" = checkEnabled "nginx" "http";
      "443" = checkEnabled "nginx" "https";

      "53" = checkEnabled "dns" "dns";

      "24" = checkEnabled "mail" "mail-lmtp";
      "465" = checkEnabled "mail" "mail-smtp-tls";
      "25" = checkEnabled "mail" "mail-smtp";
      "993" = checkEnabled "mail" "mail-imap-tls";
      "995" = checkEnabled "mail" "mail-pop3-tls";

      # TODO(@bpeetz): Check which service opens these ports: <2025-01-28>
      "64738" = "???";
    };
  in ''
    ${mode} ${builtins.toString port}: ${mappings.${builtins.toString port}}
  '';

  # TODO(@bpeetz): This should probably also include the allowed TCP/UDP port ranges. <2025-01-28>
  openTCPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "TCP") config.networking.firewall.allowedTCPPorts);
  openUDPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "UDP") config.networking.firewall.allowedUDPPorts);

  markdown = pkgs.writeText "${config.networking.hostName}-system-info.md" ''
    ## Virtual Hosts
    ${vHosts}
    ## Open ports
    ${openTCPPorts}
    ${openUDPPorts}
  '';
in {
  options.vhack.system-info = {
    markdown = lib.mkOption {
      type = lib.types.package;
      description = ''
        A derivation, that builds a markdown file, showing relevant system
        information for this host.
      '';
      readOnly = true;
    };
  };

  config.vhack.system-info = {
    inherit markdown;
  };
}