*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/ca-etcd.crt b/cluster/certs/ca-etcd.crt
new file mode 100644
index 0000000..03242d6
--- /dev/null
+++ b/cluster/certs/ca-etcd.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwDCCAqigAwIBAgIUcCMt3kFz7oTod8UKTvyS/5KAU4AwDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEQMA4GA1UEAxMHZXRjZCBjYTAeFw0xOTA0MDYxNzU5MDBaFw0y
+NDA0MDQxNzU5MDBaMHgxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tp
+ZTEPMA0GA1UEBxMGV2Fyc2F3MRswGQYDVQQKExJXYXJzYXcgSGFja2Vyc3BhY2Ux
+EzARBgNVBAsTCmNsdXN0ZXJjZmcxEDAOBgNVBAMTB2V0Y2QgY2EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq97dwVeisx1h8wwNFvCl0XGRHbrCxdOb7
+Znye8X9HZ6biM+o1WFfU1KPMr1+AIDukJwOXZLNYSdaUTjYRN7DFAvEwliScI5dK
+KaM+7ZNoLrEU4JR3I8sjUGjvVml19BlcGAwwV2waodE1a4THxQpyQClygfKlv1NQ
+SxQZ/Ju1b0wTf1Lupm1ZBXPyFmcs8/bgpkjkjMp3lF9JhU2E6Fzc3YOnto5ovSM2
+d46CN8BKyf+FXuTiEqwvsGuOOhby6Uwq3za7OtUu1qld0Ja5vQJgXrjxS1xTJPsB
+i83OqFHhiHhcqFxg5GfQgI0BxGTwPc1BW9e1ZyDumRbnjzRqFGETAgMBAAGjQjBA
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTxWbhm
+TT7D50LugaPURn85U3X5DzANBgkqhkiG9w0BAQsFAAOCAQEAXSFdkAvgj4hynjs0
+X79FVZ4dvv8n+m4q6XJLqQIqfPwxs2FUUowQH7NiKrenZa0aaZVCcr5edcZ7F9n0
+u/HsvrGxumZkqIDT1KhO0/U0SS0nI28PdusAl1CTHX55rF6GVmUAhA2Vv7jJqAdy
+VKqC02AMrUels7Ebf/j+XveBxyEMnfFR5X4piVqip5VKcV0wk4leC3LWNlK6E7rE
+4qo9KM+HLtvj8I3u3MIigUZFSyaqnpMTut52CqsATOvR8qIgerpGKn3Mhq32iyWm
+RLbtLjicTSKWAOxbvfceEcZqJUXyi+akndx0XyJEbNG8tQ5ShIPeqNDXS4cVwgaE
+cMQ1hQ==
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]