refactor

modules/nixos/security/doas/default.nix

@@ -0,0 +1,29 @@
+{ options, config, pkgs, lib, ... }:
+
+with lib;
+with lib.plusultra;
+let cfg = config.plusultra.security.doas;
+in
+{
+  options.plusultra.security.doas = {
+    enable = mkBoolOpt false "Whether or not to replace sudo with doas.";
+  };
+
+  config = mkIf cfg.enable {
+    # Disable sudo
+    security.sudo.enable = false;
+
+    # Enable and configure `doas`.
+    security.doas = {
+      enable = true;
+      extraRules = [{
+        users = [ config.plusultra.user.name ];
+        noPass = true;
+        keepEnv = true;
+      }];
+    };
+
+    # Add an alias to the shell for backward-compat and convenience.
+    environment.shellAliases = { sudo = "doas"; };
+  };
+}