opendoas: Update config file

extra/opendoas/checksums

@@ -1,2 +1,2 @@
 baf5a2c73116781519cf03b5b9147eee8db69e8b052eaa81caf093107226b4fe  v6.6.1.tar.gz
-677b59e402a1b4dbdd119d5a8bc4c6c27315419feaefc9e06f7b3f43b0b9dd39  doas.conf
+846a251c646e61329086eda6abde26329f5a358d5eeab1a0f075db36e5997687  doas.conf

extra/opendoas/files/doas.conf

@@ -2,21 +2,29 @@
 # Priority increases with linenumber.
 # See doas.conf(5) for details.
 
-#permit :wheel
-#permit nopass root
+# permit persist :wheel
+# permit nopass root
 
-# KEEP THIS AT THE BOTTOM.
+# This config file isn't very powerful at all compared to
+# the likes of sudo's. It's very difficult to tell it that
+# we want to permit running the package manager and package
+# manager alone (hence the 'git'/'env' listings).
+#
+# Further, the 'persist' feature is too strict and will beg
+# you for a password every time 'doas' is run from a script`.
+# Despite sudo's complexity, I recommened it over doas for
+# better control.
+#
+# I'm working on a better overall solution.
 
 # Allow wheel to run kiss with password required.
-# NOTE: The setenv { ... } is required for the package manager.
-# permit keepenv setenv { HOME KISS_PATH KISS_FORCE } :wheel cmd kiss
-# permit :wheel cmd git args fetch
-# permit :wheel cmd git args diff
-# permit :wheel cmd git args merge
+# permit persist :wheel cmd env
+# permit persist :wheel cmd git args fetch
+# permit persist :wheel cmd git args diff
+# permit persist :wheel cmd git args merge
 
 # Allow wheel to run kiss without a password.
-# NOTE: The setenv { ... } is required for the package manager.
-# permit nopass keepenv setenv { HOME KISS_PATH KISS_FORCE } :wheel cmd kiss
+# permit nopass :wheel cmd env
 # permit nopass :wheel cmd git args fetch
 # permit nopass :wheel cmd git args diff
 # permit nopass :wheel cmd git args merge