chore: move doas configuration to doas-service in system declaration

buer.scm

@@ -6,6 +6,7 @@
            (radix packages linux)
            (radix packages text-editors)
            (radix packages shells)
+           (radix services admin)
            (radix services linux)
            (radix system setuid)
            (radix secrets)
@@ -239,8 +240,44 @@
                   (respawn? #f)))
 
         #|Doas config service|#
-        (simple-service 'doas-config etc-service-type
-                        `(("doas.conf" ,file:doas-config)))
+        (service doas-service-type
+                 (append #|Miscellaneous|#
+                         (list (permit (identity ":wheel")
+                                       (setenv `("GUILE_LOAD_PATH")))
+                               (permit (identity ":wheel")
+                                       (nopass? #t)
+                                       (command "guix")
+                                       (args `("pull")))
+                               (permit (identity ":wheel")
+                                       (nopass? #t)
+                                       (command "herd")
+                                       (args `("status"
+                                               "detailed-status"))))
+
+                         #|Text editors|#
+                         (map (lambda (cmd)
+                                (permit (identity ":wheel")
+                                        (keepenv? #t)
+                                        (command cmd)))
+                              `("kak" "emacsclient"))
+
+                         #|Power management|#
+                         (map (lambda (cmd)
+                                (permit (identity ":wheel")
+                                        (nopass? #t)
+                                        (args '())))
+                              `("zzz" "halt" "reboot"))
+
+                         #|Service management|#
+                         (flatmap (lambda (service action)
+                                    (permit (identity ":wheel")
+                                            (nopass? #t)
+                                            (command "herd")
+                                            (args (cons action service))))
+                                  `(("tlp") ("tor") ("thermald")
+                                    ("thinkfan") ("wpa-supplicant")))
+                                  `("doc" "stop" "start" "status"
+                                    "restart" "enable" "disable"))))
 
         #|Special file services|#
         (service special-files-service-type

files/doas/doas.conf

@@ -1,19 +0,0 @@
-permit setenv { GUILE_LOAD_PATH } :wheel
-permit keepenv :wheel cmd kak
-permit keepenv :wheel cmd emacsclient
-permit nopass :wheel cmd zzz args
-permit nopass :wheel cmd halt args
-permit nopass :wheel cmd reboot args
-permit nopass :wheel cmd guix args pull
-permit nopass :wheel cmd herd args status
-permit nopass :wheel cmd herd args doc thinkfan
-permit nopass :wheel cmd herd args stop thinkfan
-permit nopass :wheel cmd herd args start thinkfan
-permit nopass :wheel cmd herd args status thinkfan
-permit nopass :wheel cmd herd args restart thinkfan
-permit nopass :wheel cmd herd args doc wpa-supplicant
-permit nopass :wheel cmd herd args stop wpa-supplicant
-permit nopass :wheel cmd herd args start wpa-supplicant
-permit nopass :wheel cmd herd args status wpa-supplicant
-permit nopass :wheel cmd herd args restart wpa-supplicant
-

modules/radix/files/doas.scm

@@ -1,9 +1,6 @@
 (define-module (radix files doas)
   #:use-module (gnu)
-  #:export (completion config))
+  #:export (completion))
 
 (define completion
   (local-file "../../../files/doas/doas-completion"))
-
-(define config
-  (local-file "../../../files/doas/doas.conf"))