This service enables declarative description of doas.conf. A simple example would be --8<---------------cut here-------------------------------------------------end--------------->8--- (simple-service 'miscellaneous-permissions doas-service-type (list (permit (identity ":wheel") (setenv `(("GUILE_LOAD_PATH" . #t)))) (permit (identity ":wheel") (nopass? #t) (command "guix") (args `("pull"))))) (simple-service 'text-editors-permissions doas-service-type (map (lambda (cmd) (permit (identity ":wheel") (keepenv? #t) (command cmd))) `("kak" "emacsclient"))) (simple-service 'power-management-permissions doas-service-type (map (lambda (cmd) (permit (identity ":wheel") (nopass? #t) (command cmd) (args '()))) `("zzz" "halt" "reboot"))) (simple-service 'shepherd-status-permissions doas-service-type (map (lambda (action) (permit (identity ":wheel") (nopass? #t) (command "herd") (args (list action)))) `("status" "detailed-status"))) (simple-service 'service-management-permissions doas-service-type (flat-map (lambda (service action) (permit (identity ":wheel") (nopass? #t) (command "herd") (args (map symbol->string (list action service))))) '(tor networking wpa-supplicant) '(doc stop start enable status restart disable))) --8<---------------cut here-------------------------------------------------end--------------->8--- This generates the following configuration file: --8<---------------cut here-------------------------------------------------end--------------->8--- permit setenv { GUILE_LOAD_PATH } permit nopass :wheel cmd guix args pull permit keepenv :wheel cmd kak permit keepenv :wheel cmd emacsclient permit nopass :wheel cmd zzz args permit nopass :wheel cmd halt args permit nopass :wheel cmd reboot args permit nopass :wheel cmd herd args status permit nopass :wheel cmd herd args detailed-status permit nopass :wheel cmd herd args doc tor permit nopass :wheel cmd herd args stop tor permit nopass :wheel cmd herd args start tor permit nopass :wheel cmd herd args enable tor permit nopass :wheel cmd herd args status tor permit nopass :wheel cmd herd args restart tor permit nopass :wheel cmd herd args disable tor permit nopass :wheel cmd herd args doc networking permit nopass :wheel cmd herd args stop networking permit nopass :wheel cmd herd args start networking permit nopass :wheel cmd herd args enable networking permit nopass :wheel cmd herd args status networking permit nopass :wheel cmd herd args restart networking permit nopass :wheel cmd herd args disable networking permit nopass :wheel cmd herd args doc wpa-supplicant permit nopass :wheel cmd herd args stop wpa-supplicant permit nopass :wheel cmd herd args start wpa-supplicant permit nopass :wheel cmd herd args enable wpa-supplicant permit nopass :wheel cmd herd args status wpa-supplicant permit nopass :wheel cmd herd args restart wpa-supplicant permit nopass :wheel cmd herd args disable wpa-supplicant --8<---------------cut here-------------------------------------------------end--------------->8---