Dev/sudo

 * This one's slightly trickier, it allows certain environment variables to be preserved for a set of commands. With sudo, we're using `Defaults:ALL env_keep += "var"` syntax, but doas only supports environment variable exceptions on a per-command basis. However, it does allow doing this on a per-command basis, so this is workable. (EDIT: actually you *can* specify environment variable exceptions that have a very wide reach!)
   * `Defaults:ALL env_keep += "msgdisptacher_username"`
   * `%sudo ALL=NOPASSWD: /usr/libexec/msgcollector/msgdispatcher_delete_wrapper`
   * translates to:
   * `permit nopass keepenv setenv { msgdispatcher_username } :sudo cmd /usr/libexec/msgcollector/msgdispatcher_delete_wrapper` (command-specific environment variable exception, can be adjusted to make the environment variable exception more widely applicable)
   * Note that this syntax allows arbitrary arguments to be passed to the command listed after `cmd`, blocking this requires addingan `args` parameter that specifies no further arguments. The sudo command shown doesn't block arbitrary arguments either though so this should be an accurate translation.

 * This one's a problem. Whereas the previous files provide nopasswd exceptions to specific users and groups, this file allows *anyone* to run `/usr/sbin/sdwdate-clock-jump` as root. doas lacks the ability to express a universal exception such as this, you can only grant exceptions to specific users or groups. The only files that actually attempt to use sdwdate-clock-jump via sudo are:
 * `kicksecure/sdwdate-gui/usr/lib/python3/dist-packages/sdwdate_gui/sdwdate_gui.py`
 * `kicksecure/sdwdate-gui/usr/lib/python3/dist-packages/sdwdate_gui/sdwdate_gui_qubes.py`
 * `kicksecure/sdwdate-gui/etc/qubes-rpc/whonix.GatewayCommand`
 * It's likely that all of these can be coped with by using doas's configuration by simply determining the users or groups these run as, and adding them to the configuration file. Adding the `users` group to the config would also be advisable as Debian's `adduser` tool will automatically add new "standard" user accounts to this group. Unfortunately `useradd` doesn't do this, but the end-user can probably resolve this themselves if they so choose.
   * `ALL ALL=NOPASSWD: /usr/sbin/sdwdate-clock-jump`
   * translates roughly to
   * `permit nopass :users cmd /usr/sbin/sdwdate-clock-jump`

 * The file is entirely commented out, however both of the commented-out commands should be translatable. One is a group-specific nopasswd exception, which as we've covered already is translatable. The other one adds `PKEXEC_UID` to the list of `env_keep` variables, which again would have to be handled on a command-by-command basis. The command that needs the sudoers configuration is `xfpm-power-backlight-helper`, thus assuming the user account running this is `user` and this should work without a password:
   * `Defaults:ALL env_keep += "PKEXEC_UID"`
   * translates roughly to
   * `permit nopass keepenv setenv { PKEXEC_UID } user cmd /usr/sbin/xfpm-power-backlight-helper`

 * Entirely commented out, but if we do need the commands here, there's trouble. These are group-specific nopasswd exceptions, but some of the command line arguments to the `xfpm-power-backlight-helper` application are being validated with regex matching, matching a number between 1 and 3 digits long (probably between 0 and 100 I would guess), doas does not support regex matching. This could theoretically be hacked around by using a tempfile rather than command-line arguments for input, but that requires modding XFCE most likely, which isn't going to happen I don't think. Alternatively, 100 or so configuration lines could be used to match every possible option here, but that would be horrible.
   * `%sudo ALL=NOPASSWD: /usr/sbin/xfpm-power-backlight-helper --set-brightness \:digit\:`
   * translates roughly to
   * `permit nopass :sudo cmd /usr/sbin/xfpm-power-backlight-helper args --set-brightness 1` and so on

 * Complex, but looks doable. Many user-specific nopasswd exceptions, however some of these are targeted to allow the user to execute a command as another user *other than root*. Thankfully doas supports this.
   * `user ALL=(sdwdate) NOPASSWD: /usr/libexec/helper-scripts/onion-time-pre-script`
   * translates to
   * `permit nopass user as sdwdate cmd /usr/libexec/helper-scripts/onion-time-pre-script`

 * Mostly translatable, user-specific nopasswd exceptions with environment variable allowances. There are two worrying lines though:
 * `Defaults:tunnel !requiretty` - as I understand it, this allows the `tunnel` user to run commands even without being logged in at a TTY. doas allows users to do this (and there's no way to tell it to not allow that), so this doesn't need translated. 
 * `ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *`. This looks like it allows running openvpn with any arguments? In that instance why is the `*` present? Assuming the `*` is superfluous, this is translatable, but if it's meant to mean "match any one argument, but only one argument", then this isn't translatable and any desirable arguments would have to be listed, each on its own config line.

 * Environment variable whitelisting to work around a torsocks issue. Due to doas's design, this isn't translatable, environment variable whitelists have to be attached to specific commands. There isn't any clear exception for torsocks in the sudoers config, so this may require some redesigning to work around. Almost easily translatable, the "applies to all users" bit won't carry over, but otherwise it isn't a problem. (On top of this, I don't think this environment variable is even needed anymore.)
   * `Defaults:ALL env_keep += "TORSOCKS_LOG_LEVEL"`
   * translates roughly to:
   * `permit setenv { TORSOCKS_LOG_LEVEL } :users`