*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/ca-etcd.key b/cluster/secrets/cipher/ca-etcd.key
new file mode 100644
index 0000000..2f26b3c
--- /dev/null
+++ b/cluster/secrets/cipher/ca-etcd.key
@@ -0,0 +1,55 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQf+NLutsuRrKa2XnbAJbcZ2ZrhKL1fGe9OEdesk782QNcsM
+fCL7wlCk0sC1s7mgErpRdW7HAv73/lvMbP5RHa8t7VzA3naHjFvmL97XZOXJgagf
+AoWYWIl7+M2M5oyYHnivRuycReqMxPKyRkNyRbIu6mjxlt84PzTzJDzqCkwb3E77
+OsR6rKu11WrL2YzBuoDyTiS6AJ0hGJ4c8fukLBMm5ePkt2JLW5URsvlanx6OeKuH
+huauTUKxU5hG5nDuCQwayO66RDS0mm1UhJkJ/urP//INeeAomPwq8W2UDB4kzS6+
+5+bjPOJz37x1tq5IntlX65Uy8cq/Yeme/acD4b+GL4UBDANcG2tp6fXqvgEIAKVv
+29kmADadqmF2PYT1nVAVGjkmLwLwWqbBV0ot5Tw6YKLvI9Qs3MJEUK6hGZBXpq0O
+IiXJbOnmApKMMmqWlqxfxsMBoNpUFX3+efqjGk0FARgmcZiz/CHrGci1/7f4TUXf
+5MH+n2FP7VKtvS5wbvFDYt5pMY+nvaFo6yLJMZOfT+44fauySyRAHAfgRRpXf3uB
+BMzE1kSrDd8KD08PHrsqVbpbq15kf7bchza3RFKBc7RyNG6IpLDWZW8Cln3dhEbk
+XAxy9r6DNCMr3R269o841W4qglINUrECn11GtBEv3hCZvGgrg+OTX14sSIcNzVX5
+UcRM60snXTQt/RtFSsqFAgwDodoT8VqRl4UBEAC2H2fLzAvS26GbS5cOurizkcTi
+iiqTcbB3M0r1yB+Iq5b2ISxQYdldAdgWvEm99v9mgnQ4nV+ma+QLLiaCvA3rObbh
+xpay8Z7+upK2LSP0gxx3NbO7eIBXpJ/kMC+3NHiQi2gvSeW+hbJApzKuKLvrRsQ+
+TRDHKt9xRKfr12RCTpTOv3HDfoGbXfdTmUG5T8sGAJXlLhW+ndtArHVTyEHImdR4
+8YoQ7sV2mGEgpakUHKyPL23wIEldFOf2Gr0r5J7EGVvOU0WyE6zlrndwQC7R9p85
+owCSStcupRgdaH7NER5urxHGFWtbGjrqZDvRkVtmxLmpxoMo3Jy5UO9kQLFj7WRS
+l1qGC8EBucwCdYxPEWDWQ2ET9P9cWCAWtXBCgb3BeoI0NQUyGkGvAkYtzZeBIL8x
+6qjwhDEHUGXBqgbMztQr/YikTY7mzPLnplfc6/dlmBsAKeFAYa4GCWIL5FUcQePi
+/PrzyUy4ndM8ceuU0p69dRjXDxm0HmAFPWg65fjJVdBq5Yh6o+bk9g6pOVXpYJUk
+o/i5xQSpRvayFG1SYlNIlhb2WZ6XRy3hXFLbKGuisON4k3Uc0XrbsXPpEb3+aK19
+/qAmuxu1h4CxSA7ykVNYgaCcqD4fhdA1kc1DA3EeAXVskXwRfMhemfIA5boMBrMN
+CeiSbj4wXA4030/zd9LqARigkJ/UHvsoNd6PZDypEmYlEwAB3I1JEeXD9REE9KOu
+rvYj8QVRCsP+H3WVBjUuY9f+sfNlPznCrOqe1AupVtQwmzyKvnwE3N0GmHrMh6U3
+R8M1MVFOHFsU+y8jjkRfPZcA+QUDfUFwUnoymlWbm1cs5Zwry4yIk1ZNcoLf/TEd
+BNFBNzcNlc5gR48CjfeWKuOvfKEVn9qbVKQaQ6ZfTWNkvr3ew4Les/5Ko2w411xH
+7I7FoRwJX4hbVKcBjH32M3SLDMUMjb/o3bVYMOdXYpfT6nsfZXTx6c1gG+rTf0xi
+ZjVwVyQqEVHPGEdfvfQR9VXNQeJLKB+sugsrqueqvzq4YP/6X3jbnPZB9fstzRh7
+a3Ar215kNzApfOs5WREtZXm5sNSUOWV0uEbefe3c2RjZBspNiUXevkN7NeRociZP
+gLxEBz80CxCV25vzvYtlD5NUapeTSqdSpKh+AUJG+dxjNeKQkqvkwhWIO1KwYcKe
+KU9GPNUgN87lLGLgvOP984lJ6ZGcxs+ZGRC1y8zuWArELVu6cjLlnMwY+dnDnOSe
+gpQz0FjMGYkJbvWXa1e0AvNLSjr9abev0eSp649DutHwyPXVskl0dL1IB4o9IRTN
+3NfO2q8lXTdsHQnTjymkhk2gR/6yAlcvP8vmAXTDLZkDoe00pN4weXZ0OkON4GAC
+siBK19jJiPFbEuMOSKIRYFcwAp9GC70+Gpc6gCvVdRdTKbdfOTnP65huv8oxgzjZ
+Rr0IXgesDyuCVj4xhYxKYuD+6B1tgEGTBKvzKok4KOkFymy7BvRRkbHagSo5IQs1
+efGIEcvmAnjSfxM3RxVu3ogKJfIUxOfq075prRmKnP3qqRVtJ1AuwPCmwUPuAIJl
+oPoYCuHTUJ6Q6Z1EgZs4JRON1ao2IaTFch4R/kiyXsnKLoZXx6oP7EK2GergXBJ8
+ZBNa+KZsKFjSa+KfFtcdITrdDvSolhupwz1IT+Rk8F67GRvM+Jnu/M9AdaR83CG+
+3F3Zz0l9wH386zcm9bHIZTmc/rMfFq+U+8O9Hu+blEBBvRXKg7Vco8KsS0ETHOG1
+rDrDqidIInmYYJDgLyqiYrLTL1JNthxFj2Ep2R8bBOLPJwnSssG3P8e2VJwPaQRq
+CNHrtuLQVBbbSxZ5nGmYcI9AKyGt2TLs3ebzRlIby6S2Pc+beugByikwURmXgzf2
++9N4nm2JF5cKIAc50C+CHG2dEcCWR+tFQtE1Aei70yc93vabgLH8dkWmB/qrCBRU
+YJf2vZWsWTYSo0x6/OlQgdOdOI26WXUHkjEfJquk1nQq1tUsYURx6dT0pq7qLi06
+2kidoRbi/sV7uy5SuXh/GmXqf+AvmaAobmGfs4NApsCbplJGU6nJeuc+tp1NJu2Z
+YPj7cqFKi3sfaTIWNqmwDbB90VIgZnHi34+835I83ySwgXQZKvvCPuKMcqipxDy7
+VmYmq/GoSGXhw0/MkDUiUXr3NcLsOU9aFd3gtg0TUR+QeIldtGFjwaw0WnZIcafb
+T49fO3xJbxgSkrhI0GoMF88Lv+NYYjnV+eMk7qrLxruLRAy4+zIpLc2rGCf516vz
+QAgZjS7l3igW3GRJgBPI4m6Mu5AG5qq+almivJl7Q+c0jW3x5y/Q4zIQhUZMNKy1
+0Mj3Eome+DdrtOYuGVhoqZO/4dGu5faC+8Mp5oDl+8NDpsM1JXCXXDmJqIl7py6p
+f/Osjz9Yw+4oyLXH3YDkhl0ZhOwCQ5GDNZfoflzjSbrIfSJMBiVBgCo1TXwPvBcH
+C9HpnuXNUUZZ3lqU5gVihtk5Z2jPaAgSjX0zjAyC4tqYbwN8SKBz+51RkaI=
+=gdep
+-----END PGP MESSAGE-----