{
  lib,
  config,
  pkgs,
  ...
}:
with lib; let
  cfg = config.local.net.vsock;
in {
  options.local.net.vsock = {
    connect = mkOption {
      default = {};
      type = with lib.types;
        attrsOf (submodule ({name, ...}: {
          options = {
            enable = mkEnableOption "vsock connect '${name}'";

            cid = mkOption {
              type = ints.u32;
              default = 2;
            };

            localPort = mkOption {
              type = port;
            };

            vsockPort = mkOption {
              type = port;
            };
          };
        }));
    };
  };

  config = {
    systemd = let
      connects =
        mapAttrs
        (_: connect: {
          service.serviceConfig = {
            Type = "simple";
            ExecStart = "${getExe pkgs.socat} - VSOCK:${toString connect.cid}:${toString connect.vsockPort}";
            StandardInput = "socket";
          };

          socket = {
            wantedBy = ["sockets.target"];

            socketConfig = {
              Accept = true;
              ListenStream = "[::1]:${toString connect.localPort}";
            };

            unitConfig.ConditionVirtualization = "kvm";
          };
        })
        cfg.connect;
    in {
      sockets = mapAttrs' (name: connect: nameValuePair "vsock-${name}" connect.socket) connects;
      services = mapAttrs' (name: connect: nameValuePair "vsock-${name}@" connect.service) connects;
    };
  };
}