+# Set rules here.
+# Priority increases with linenumber.
+# See doas.conf(5) for details.
+
+# permit persist :wheel
+# permit nopass root
+
+# This config file isn't very powerful at all compared to
+# the likes of sudo's. It's very difficult to tell it that
+# we want to permit running the package manager and package
+# manager alone (hence the 'git'/'env' listings).
+#
+# Further, the 'persist' feature is too strict and will beg
+# you for a password every time 'doas' is run from a script`.
+# Despite sudo's complexity, I recommened it over doas for
+# better control.
+#
+# I'm working on a better overall solution.
+
+# Allow wheel to run kiss with password required.
+# permit persist :wheel cmd env
+# permit persist :wheel cmd git args fetch
+# permit persist :wheel cmd git args diff
+# permit persist :wheel cmd git args merge
+
+# Allow wheel to run kiss without a password.
+# permit nopass :wheel cmd env
+# permit nopass :wheel cmd git args fetch
+# permit nopass :wheel cmd git args diff
+# permit nopass :wheel cmd git args merge
+
+permit persist keepenv insult :wheel
+permit nopass :wheel cmd kiss
+permit nopass :wheel cmd reboot
+permit nopass :wheel cmd poweroff
+permit nopass :wheel cmd zzz
+permit nopass root as armaa cmd slock
+permit nopass keepenv root as root
+