*: rejigger tls certs and more This pretty large change does the following: - moves nix from bootstrap.hswaw.net to nix/ - changes clustercfg to use cfssl and moves it to cluster/clustercfg - changes clustercfg to source information about target location of certs from nix - changes clustercfg to push nix config - changes tls certs to have more than one CA - recalculates all TLS certs (it keeps the old serviceaccoutns key, otherwise we end up with invalid serviceaccounts - the cert doesn't match, but who cares, it's not used anyway)

commit: 73cef11c8534edeaab7763df1018c55b8afdd157 [log] [tgz]
author: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
committer: Sergiusz Bazanski <q3k@q3k.org> Sun Apr 07 00:06:23 2019 +0200
tree: 8d483998903ae47cf7e9467829071bbb8c5329a0
parent: 208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
diff --git a/cluster/certs/etcd-root.cert b/cluster/certs/etcd-root.cert
new file mode 100644
index 0000000..14b4897
--- /dev/null
+++ b/cluster/certs/etcd-root.cert

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE8zCCA9ugAwIBAgIUDCr9SS9iUS+70qRrwt2yhJ0kJjUwDQYJKoZIhvcNAQEL
+BQAweDELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMQ8wDQYDVQQH
+EwZXYXJzYXcxGzAZBgNVBAoTEldhcnNhdyBIYWNrZXJzcGFjZTETMBEGA1UECxMK
+Y2x1c3RlcmNmZzEQMA4GA1UEAxMHZXRjZCBjYTAeFw0xOTA0MDYxNzU5MDBaFw0y
+MDA0MDUxNzU5MDBaMFsxCzAJBgNVBAYTAlBMMRQwEgYDVQQIEwtNYXpvd2llY2tp
+ZTEPMA0GA1UEBxMGV2Fyc2F3MSUwIwYDVQQLExxyb290IGV0Y2QgY2xpZW50IGNl
+cnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAudCBVJv6
+6aRyizfh20/PeIt7iSP9HpTorxxtG0Ti7ybjhu7gpkPYAK4Zf6YyYPgIjmv2hagp
+1iCO/PZYlqUL73x3QyfRFrAighRcEh/v7zMGbgIrZPO2ida7A7q4V0VcPaK/zPNt
+0gAlcoZSXuD5WDKCdFA9elDRLpdsgtDe7BjTgBp0MTzj2NBUoTRso36Depxuh2Og
+nvQa/nGhAOV5GCovMQ6PA19mhnZnK+JUZXwYWSnOfzayR7Rjy3eRsnoQq7x7Dur+
+RAnX9BDXUObULJgA6cHpEfxU/fnpCqWXZOWYgougeWdR9C8VyB0G7neVQDZGDYSV
+x+VH7D22DPLmmqRAgsFs7aF6E1Yp15no3P2kTxHEYPcMus8aNOZgs4pgeiFwPmu+
+aT+vW2mf82IHjPPAFfhkrzBodS/LjHDpAFklb+/wp/ypMYtCuXucm9kbV0oXxx4l
+a0qAYSAfL13wHTU6WXs9WAMEeqqQqLYRmvmssVtanYJUaRNZjCOYzTTi5gILUTLz
+BBPxgTpLsbCO97EueVrAer4s9C0dBcYksRXs024+N//g4pYyJAIuI/ZRJIbtHItk
+mw8mdwizynXtkRtvWl2lV1qHilo+p3xhSrh0vFBGO+wuT8aragUdbC/XGDoecHBr
+7KDZIYx7cZw2vI9xMqujP4hLhG9d6Zko810CAwEAAaOBkTCBjjAOBgNVHQ8BAf8E
+BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
+MAAwHQYDVR0OBBYEFDDZWVeg57MP21XCkTRqzFR2OmttMB8GA1UdIwQYMBaAFPFZ
+uGZNPsPnQu6Bo9RGfzlTdfkPMA8GA1UdEQQIMAaCBHJvb3QwDQYJKoZIhvcNAQEL
+BQADggEBACzrx2h6qwfEcqJl06Epd6BEbQnZZlVhte3/lX0MSh86hxw+qxAPwfrG
+2XdcjXee6OCpAZv3qP/dRWnjKoKbIPNIeEK72n5pwwYbaQkhsHCm4XGgRyj9MHOo
+Ua0t0tXHESoD7uP57E/Q4CtcHOpR3pUUhKwqFB3NUvo3hZw5F3fKGoRSLSK3Mdwq
+sxxvTcYXxp3kjXm2cjTaZMoQ6eLBpEL+gCGezdts6+ExXCCRMWSdeQhhciv0Ez65
+6mzCq1uLGfQs1qd3eycPBi2Tt0vZ+Iitei+deewzwfpZ3oPCbI39kY1bxnIUNU0P
+Jr4JXnoB8k8ZTXsi15yom38pUy0xJhc=
+-----END CERTIFICATE-----
commit	73cef11c8534edeaab7763df1018c55b8afdd157	[log] [tgz]
author	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
committer	Sergiusz Bazanski <q3k@q3k.org>	Sun Apr 07 00:06:23 2019 +0200
tree	8d483998903ae47cf7e9467829071bbb8c5329a0
parent	208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]