Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 73cef11c8534edeaab7763df1018c55b8afdd157^! / . / cluster / secrets / cipher / ca-etcdpeer.key
commit73cef11c8534edeaab7763df1018c55b8afdd157[log] [tgz]
authorSergiusz Bazanski <q3k@q3k.org>Sun Apr 07 00:06:23 2019 +0200
committerSergiusz Bazanski <q3k@q3k.org>Sun Apr 07 00:06:23 2019 +0200
tree8d483998903ae47cf7e9467829071bbb8c5329a0
parent208f0058304f5c7a01d239d5bc58a78363982d6d [diff] [blame]
*: rejigger tls certs and more

This pretty large change does the following:

 - moves nix from bootstrap.hswaw.net to nix/
 - changes clustercfg to use cfssl and moves it to cluster/clustercfg
 - changes clustercfg to source information about target location of
   certs from nix
 - changes clustercfg to push nix config
 - changes tls certs to have more than one CA
 - recalculates all TLS certs
   (it keeps the old serviceaccoutns key, otherwise we end up with
   invalid serviceaccounts - the cert doesn't match, but who cares,
   it's not used anyway)

diff --git a/cluster/secrets/cipher/ca-etcdpeer.key b/cluster/secrets/cipher/ca-etcdpeer.key
new file mode 100644
index 0000000..e89762f
--- /dev/null
+++ b/cluster/secrets/cipher/ca-etcdpeer.key

@@ -0,0 +1,55 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAwEPtpFgkXJSH3Ey063nVl9X/48SQVRHdng+vTXsoRZ5C
+u4TZE6l2zcSaV2Ak+rhv0kN2gWlxInc+ItzHzobXJru/taJCz9ckpFSodF9GB9Ec
+njXm485nf5f9FBMZyCOQXedPu4bTFJgT9zq5XTiyoOb371AZ65l+OGWvucp4TdVj
+UMBZf9ayGgcbEOPNxaE2zWnaB2kSsZyq0cunD+46xmndID+bsOa0lpgmuKEjR46s
+FyQSVySjGR3b2UekrJntaDDptumwUtWnysTkbIZWkq3niVuMf5JJ9EmF2+jzs78u
+rEGtunbtAVAhG1OZTfZJSXLUaqEVl4TUsLN3McmXOoUBDANcG2tp6fXqvgEH+gM4
+EvZe3zi14vMZOw6/0941cXB3+oc4CMAM/4vE7L+w3PdjpwlFoN8I0CqrBsrWmqsL
+96+IxUYaqmZWHR1aq1KySO71mDMJRlVP1c280PZETxjwFh99zIgxC5n6CfxZX8ZC
+2GfU8h58AO54aYTfdQTzP9gBDSYZFDKkETBKbKnkJTcbXNNopg/RSlqBjPfM5lce
+D4RKsm2JeAOZDiEjOf5dhHAc8uoqj3IJbW0HFciFo5GX8zBr53cprc4gVu5dccBc
+5+9ozEsBgnrtJMOqiGLzrI2p1UodXJRqy3q+Plg7WT0fTdG3exXG1bB13ZFI3jle
+TT6C4KGpv32E9oNRsuWFAgwDodoT8VqRl4UBD/wKPl7BCja+6EU9C+KFq1j15K9b
+uXjukw3olprYlGSAE2WOsuPVDYzubTg5kZ2Eou4jaY0dDVyleo5cUhW3286av4IP
+fUX22fUzDR0l3zVqpEE8MhMP0+1f9JY94zhPeosX7fDJ5g2+k/JReIY/V7pSBbuo
+izN/wMWlG4bitjr+s6xTk5an/36JjTwqhBje2VhevOJ7ZJU4MaenFcqKj0YLlrZO
+NqIFOT0qY+1C9PC0Dt7aREIDfN/ywWLo9+gO+vT5HfwSVKugfK14l23i/0w2uOlv
+4oCvi0+5hXLy2gXbPdussuwHirG6dLfjRHKVjz+cEJdk74rshv8hKqnr4XKJp6AF
+CySJloldQlmDN4xquNEXvjlnNw8jQHbrLQLh0Vmsog78dE8aGT4CSzNPeEPcpmwB
+qkcaA2XaLCbUoAJg+tk3eWsD/wOm0FJ4fHm7ZcfzkbdIlwjyfA3aFI6lsos6k8Ae
+2LTYrJzvYwrPP5+EkGyxurNU1HBfkbs2CDvM00ujMIOU13RujVXXp6xUabKtYXja
+x0h8RLXrGkDddPMkEb1Y/RzISYC0D33//RdZbV49eDb0sYW49X91M3j/hAyhd11q
+oYnwlXkUR5XXNuXa6XMofDXiPyYtAIqZmhp8q4bHph1kZRzw5ni/g+nrBa3kyn6e
+Sbmu4OagjhS2w68FYtLqAU8MgALTZL1KBbKWacQQoO2s264gFNc3IMxxIF00DXDW
+1N2LVeWt+vwbG5mnhdGAm5ukbETR8/7T7XxyTYzAv0ASfWelbLmIfKsspoSBjE2K
+d8zw+iMWzWuixMy/R2BpRwjaLBJOKJFy+SfKrmUeUYeSD54LNni8pB4TxrPMz1E4
+VT+S9Zq9YkMAe12UHhPV+sNJDAy0UsdGpXWoR2jBM1B/G5ga9sAFIqeZrZRU7L1m
+Fd87EJohWtEXKRF8Ojx6OmTjEkKtd9QMqTvuVDTb4qVQQdNCpO7+M8iEkVTUwCvr
+m6Vo+HHSoeREhdvYf1uDwj0eNSlftRiOEvRXDTKisdkFijlQV0K650UtFmmcuVY4
+DGWKFkGB7nx7QJaIaghuXZeNkZhEXKigLo/8oRYT6Hh7czlazCO8iShwhVsNq7wq
+byYxZgISHotV3g1aabL6xIZ1zlT52yfrnt3O8Xk5UexbKmn/3Zimj9h8vIqcEpMF
+aTufSIJ0JCWSIfri+MLJ2kmQfkaggPl/yfVoUtCP/rtjqAc0Nv2+YIK7addPCcMz
+nZYhxFyZqif7CJ0MnaaeVeIj9Pz2cO3ve2oWtu/dZc1XNt3Iz5qWeP/WA5WDQdeJ
+DqR+uj61n0Hm4a6u7m+K1U1oCl45H0DGVLyaxblAb542fOJj3vQVTI+Ybn05/e+C
+7wmQO17X2j1gbtu6NTVR+CzR42CORaLgLar3wgDAKNyViqbeCvqyQmgPNh7LmEa4
+6/vW05KwThEaQMEQydpO6iZ9ZzuoptRPeSuqtFBR61P0JhVp1ZfOxJujVlFXipnA
+Eist7z4u9jkFSjTvOaSxIVUQULHaIvtaJANf7i1XnP8mednYEXplPreaxc1pKMxQ
+1mMA6yo0WzRkXNQL+FmVNUQnJACzSHLTpQyW/8FQQJMEiILBH9oq3Ashsife2pnw
+tTOhn3FC4SmGDVlnkFuTflW/s+pyys6GyR6Ts+AprNNgPIvRIJqSspjmB5BiybY0
+Z5JgZFuhdePGC5r1NiJ2TkF1PVQ187a0WvwkGg0Rgc4f7uOBpBeBfuMi9HpZJi9a
+dzpzdzCyEcUTQx2c/m03kLlX08Y1yunlQCIrnXxvo15l9ID/MjQRjgz+m/bmtcXJ
+ZxwyIsSI0WeRGsBUptI55XEPgujzN8tBtaRKz+7V132K50wf4ADNMUth+h1FaT5s
+w81K+aNSARN7ZS+TyZNQu6tGzjEAvJ9nYFlDSYphYotDYOYEg42A9FH1jxfF8MfQ
+gV/yfyBKA0KYoWsPadQuIT+hMC0T6VthcyqbQizzT6CsQNYIKa3jOXkb06mseP4w
+8Saa4NZrJfAxBjbs3h3+ofzz5dh75ypeT9iXzfU1pcCc7pbLwS2jYkVrhZ8j0d4t
+CY1nhAykl9JH8Or+BUxMelUHDVeRHQgfyNN464We3YVfIWJRR7q1yVwJNF91GI4+
+arheJ4R4WnTMu1nbtdyG6gIMiR9c0jw2WbI1DkPQR7Pf2eYYQ3Tv51gOgGwgqhdl
+eFvmvEuJ6v3Ws3kCEKqXXoWpo9v7eFHq0Nu3kF+QHu/4Ai+ARYQOspOp347VdZav
+98tfT+tWDq8M3q37WxRRKaH3jh7J/h0yEx+rZtNUysv35rXvXx/yRVNKqQlEbDLN
+TnA46FuaOEJwJPRerafh5epvXfKvJnQjGp9+U0pzQBzgf2TvNopf8MctkNbfPHPR
+cMFnejkjUF4SaENIe1vdSmu9De4/2J36xUgx8WQSjnTPmg8vpDUNJ3x508qS6u5L
+4LEZAqtMutceuYsXtZkQXkl/7o6/5gsG4NeSLgNGoAAJZUYgYPemO+kRxbPl
+=o8/p
+-----END PGP MESSAGE-----