# Keep $EDITOR / $VISUAL when running visudo.
Defaults!/usr/bin/visudo-rs    env_keep += "SUDO_EDITOR EDITOR VISUAL"
Defaults!/usr/local/bin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"

# Pass through interactive/UX env vars so commands run via sudo behave the
# way they do in a normal shell. Specifically:
#   DIFFPROG       — pacdiff(8), etckeeper, etc.
#   EDITOR/VISUAL  — sudoedit, systemctl edit, git rebase -i under sudo, …
#   SUDO_EDITOR    — explicit override for sudoedit
#   PAGER/MANPAGER — pacman, systemctl, man, less wrappers
#   LESS / LESSOPEN — `less` behaviour and preprocessor
#   SYSTEMD_PAGER / SYSTEMD_LESS — systemctl's pager
#   GIT_EDITOR / GIT_PAGER — git invocations under sudo
# None of these influence privilege boundaries; they just configure
# user-facing behaviour of programs that happen to run as root.
Defaults env_keep += "DIFFPROG"
Defaults env_keep += "EDITOR VISUAL SUDO_EDITOR GIT_EDITOR"
Defaults env_keep += "PAGER MANPAGER GIT_PAGER SYSTEMD_PAGER"
Defaults env_keep += "LESS LESSOPEN SYSTEMD_LESS"

# Sanitize PATH for elevated commands.
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/bin"

# Root and the wheel group can run anything (after a password prompt).
root   ALL=(ALL:ALL) ALL
%wheel ALL=(ALL:ALL) ALL

# Passwordless poweroff/reboot (parity with the previous doas.conf).
%wheel ALL=(ALL) NOPASSWD: /usr/bin/poweroff, /usr/bin/reboot