From be7bf8d169a7ad9918292ea011dec98e692562ee Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Wed, 14 Jun 2023 12:10:02 -0600
Subject: [PATCH] ci: use specific key for signing

---
 .allowed_signers | 1 +
 bin/ci           | 2 +-
 configs/ci.nix   | 8 ++++++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.allowed_signers b/.allowed_signers
index 0981085..0796cdd 100644
--- a/.allowed_signers
+++ b/.allowed_signers
@@ -3,3 +3,4 @@ aaron@bolddaemon.com sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5z
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC74Cw0fk2g/Fzo2a5bJ+Tw6mEjbGR1/yx0HBt/p3R30
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager
 aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACUwXo7HdoPI9vAMzcbYuXRgsbHA2otn0zF1zsaaj40 nixos ci
+aaron@bolddaemon.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlVMdlJxNwsBAb6UUA0hqSwpbMA23L+UzRgkiodpOGq CI Signing
diff --git a/bin/ci b/bin/ci
index d7c01fd..791e3b0 100755
--- a/bin/ci
+++ b/bin/ci
@@ -8,7 +8,7 @@ CMD=${1:-""}
 
 eval $(keychain --eval --agents ssh --inherit any)
 
-git config user.signingkey /run/secrets/ci_ed25519_key
+git config user.signingkey /run/secrets/ci_signing_ed25519_key
 git config commit.gpgsign true
 git config gpg.ssh.allowedSignersFile .allowed_signers
 
diff --git a/configs/ci.nix b/configs/ci.nix
index bbd0335..ff2455f 100644
--- a/configs/ci.nix
+++ b/configs/ci.nix
@@ -44,6 +44,14 @@ in with lib; {
         mode = "444";
         owner = config.xinCI.user;
       };
+      ci_signing_ed25519_key = {
+        mode = "400";
+        owner = config.xinCI.user;
+      };
+      ci_signing_ed25519_pub = {
+        mode = "444";
+        owner = config.xinCI.user;
+      };
       bin_cache_priv_key = {
         mode = "400";
         owner = "root";