diff --git a/codchi/src/platform/linux/mod.rs b/codchi/src/platform/linux/mod.rs
index 230ae8c5..b55746ac 100644
--- a/codchi/src/platform/linux/mod.rs
+++ b/codchi/src/platform/linux/mod.rs
@@ -287,11 +287,43 @@ tail -f "{log_file}"
     }
 
     fn create_exec_cmd(&self, cmd: &[&str]) -> super::LinuxCommandBuilder {
-        let args = [&[consts::user::DEFAULT_NAME], cmd].concat();
-        let cmd = self.cmd().raw("su", &args);
+        // let args = [&[consts::user::DEFAULT_NAME], cmd].concat();
+        let cmd = if cmd.is_empty() {
+            self.cmd().raw(
+                "machinectl",
+                &[
+                    &[
+                        "shell",
+                        "-q",
+                        "-E",
+                        "DISPLAY",
+                        "-E",
+                        "XAUTHORITY",
+                        &format!("{}@", consts::user::DEFAULT_NAME),
+                    ],
+                    cmd,
+                ]
+                .concat(),
+            )
+        } else {
+            self.cmd().raw(
+                "machinectl",
+                &[
+                    "shell",
+                    "-q",
+                    "-E",
+                    "DISPLAY",
+                    "-E",
+                    "XAUTHORITY",
+                    &format!("{}@", consts::user::DEFAULT_NAME),
+                    "/bin/bash",
+                    "-c",
+                    &cmd.join(" "),
+                ],
+            )
+        };
 
-        cmd.with_cwd(consts::user::DEFAULT_HOME.clone())
-            .with_user(LinuxUser::Root)
+        cmd.with_user(LinuxUser::Root)
     }
 }
 
diff --git a/nix/nixos/modules/default.nix b/nix/nixos/modules/default.nix
index 9b7fb7b4..b142eb8a 100644
--- a/nix/nixos/modules/default.nix
+++ b/nix/nixos/modules/default.nix
@@ -4,5 +4,6 @@
     ./recommended-config.nix
     ./java.nix
     ./docker.nix
+    ./keyring.nix
   ];
 }
diff --git a/nix/nixos/modules/keyring.nix b/nix/nixos/modules/keyring.nix
new file mode 100644
index 00000000..9e282e84
--- /dev/null
+++ b/nix/nixos/modules/keyring.nix
@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.codchi.keyring;
+in
+{
+  options.codchi.keyring = {
+    enable = lib.mkEnableOption "a keyring for applications like IntelliJ";
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.gnome.gnome-keyring.enable = true;
+
+    systemd.user.services.gnome-keyring = {
+      wantedBy = [ "default.target" ];
+      serviceConfig = {
+        ExecStart =
+          "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon  --start --foreground --components=pkcs11,secrets,ssh";
+        Restart = "on-abort";
+      };
+    };
+  };
+}
diff --git a/nix/nixos/modules/recommended-config.nix b/nix/nixos/modules/recommended-config.nix
index 5e9860b9..5b89c686 100644
--- a/nix/nixos/modules/recommended-config.nix
+++ b/nix/nixos/modules/recommended-config.nix
@@ -7,6 +7,7 @@ in
     // { default = true; };
 
   config = mkIf config.codchi.enableRecommendedConfig {
+    codchi.keyring.enable = true;
     environment.systemPackages = with pkgs; [
       vim
       git