# Set rules here.
# Priority increases with linenumber.
# See doas.conf(5) for details.

# permit persist :wheel
# permit nopass root

# This config file isn't very powerful at all compared to
# the likes of sudo's. It's very difficult to tell it that
# we want to permit running the package manager and package
# manager alone (hence the 'git'/'env' listings).
#
# Further, the 'persist' feature is too strict and will beg
# you for a password every time 'doas' is run from a script`.
# Despite sudo's complexity, I recommened it over doas for
# better control.
#
# I'm working on a better overall solution.

# Allow wheel to run kiss with password required.
# permit persist :wheel cmd env
# permit persist :wheel cmd git args fetch
# permit persist :wheel cmd git args diff
# permit persist :wheel cmd git args merge

# Allow wheel to run kiss without a password.
# permit nopass :wheel cmd env
# permit nopass :wheel cmd git args fetch
# permit nopass :wheel cmd git args diff
# permit nopass :wheel cmd git args merge

permit persist keepenv insult :wheel
permit nopass :wheel cmd kiss
permit nopass :wheel cmd reboot
permit nopass :wheel cmd poweroff
permit nopass :wheel cmd zzz
permit nopass root as armaa cmd slock
permit nopass keepenv root as root