{ lib, config, ... }: {
	options = {
		doas.enable = lib.mkEnableOption "enables doas";
		sudo.enable = lib.mkEnableOption "enables sudo";
	};

	config = lib.mkIf config.doas.enable {
		security.doas.enable = true;
		security.sudo.enable = config.sudo.enable;
		security.doas.extraRules = [{
			groups = ["wheel"];
			keepEnv = true;
			noPass = true;
		}];
	};
}