From b385068794dbcad930d9229bbc682e695afd4b6a Mon Sep 17 00:00:00 2001
From: Michael Daniels <mdaniels5757@gmail.com>
Date: Sun, 21 Sep 2025 14:57:04 -0400
Subject: [PATCH] nixos/google_oslogin: run as root

This is needed in order to read the files in /var/google-users.d, as the program
sets the permissions to 750 and the user and group to root.

See: https://github.com/GoogleCloudPlatform/guest-oslogin/blob/20250821.00/src/oslogin_utils.cc#L1337-L1338
---
 nixos/modules/security/google_oslogin.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/security/google_oslogin.nix b/nixos/modules/security/google_oslogin.nix
index 61e62b47a7d4..9faa2851d9f3 100644
--- a/nixos/modules/security/google_oslogin.nix
+++ b/nixos/modules/security/google_oslogin.nix
@@ -77,7 +77,7 @@ in
       '';
     };
     services.openssh.authorizedKeysCommand = "/etc/ssh/authorized_keys_command_google_oslogin %u";
-    services.openssh.authorizedKeysCommandUser = "nobody";
+    services.openssh.authorizedKeysCommandUser = "root";
   };
 
 }