{ pkgs, ... }:
{
  security.sudo.enable = false;

  environment.systemPackages = [
    pkgs.doas-sudo-shim
  ];
  security.doas = {
    enable = true;
    extraRules = [
      {
        # Invoke just with doas directly as a nixos-rebuild helper
        #
        # Specifiying just here is impractical, because
        # - Use absolute path?
        #   Works only for a specific version of just binary.
        #   Also, for some reason, the rule won't match.
        # - Use relative path?
        #   doas's docs says it searches in a "limited subset of PATH" if it's relative.
        #   I suspect that it doesn't search the PATH added ad-hoc by the nix-shell, also not a good solution.
        #   Also, for some reason, the rule won't match.
        users = [ ":wheel" ];
        setEnv = [ "PATH" ];
      }
    ];
  };
}