*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/ca-kube.key b/cluster/secrets/cipher/ca-kube.key
new file mode 100644
index 0000000..b2ebd33
--- /dev/null
+++ b/cluster/secrets/cipher/ca-kube.key
@@ -0,0 +1,55 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQf8DRU166IndiPLwG5A1VHGaQF8d3gyUfMQdj5DtiW2SUCr
+Ptqev8ofSrMoSOGj0HK54t76SOIgR8aDFlVVbGFh1EeaZN8c/xdCymHlJqhGJSVg
+NBBh+tsencLjBuI0qyxxiHPKX6+eoJBAyfGDFXtpM9G1iwcphk1kxs0LxWZV5Yw8
+pV0RRoCGKRFcq1FHzri4n1lMB90tyM39BM6dwDHwx6zWDC8o7apsp59I7V46ay3i
+TzQMeo4C+cLR1k5kXzqZw9cU4e/ilbCqDLH5Qsyf7a2N+6mvX4sdHCCqCXiVsboT
+wbQi0DQL3bko91/Id1WmWB1d/euYxRF/3XVNqA6rWoUBDANcG2tp6fXqvgEIAKWt
+LbXm/2rD1PiZ+tyd3hQNqkDIry/Lk1Ncw8jb2OBRqrvfOkYQg72WOk2r6gYr7V/b
+HNIkOuBgAZOy270JMmuwRJfV2lz8imu0RxDGC4pGWvpz4qLsUDF0d/+jowrSMzdw
+WQbj5QgSBMhWp4a1zD2cu0DdZqlMO7NsoGynN6qLwXEvx6FreysH/XoekPdcEzuo
+JsiE58fDA/0zX40FL9URAgz/i4/AzHw1rM3ZzU6fnIAulTF9bz05zE+E3jGvClHL
+VRzXcAw6nYUO10gDhnI5MOZiQkTjqv6MDod4OENQBQ1j+hnTyy2iOxLUXLrmxkI+
+FQhtl/AV3nQPohhkZ+KFAgwDodoT8VqRl4UBEACT2oS9Bx8VYkwJnNYXf6oLbGux
+w9nlI08H7B6TvEDi4DIedmbHt3qJcLJFJC54V1QWd3ZO8TBmhO+xm9x0emxRTzvA
+DvMspNhgsHKNxBlV77EXggAtG/F5YRc4KFUXxFEGlQEglVoSum3sFQmtt/WeRjJb
+8gSLsKExDvh/ffRvtaZBjkqw6IcaLJerb3Y6YjU1jAvT/Qvq6olx2ys6Nw6L7lFT
+M6iN/UYJgbPlkfRZ5LA8r9WMFeyC56Z02MgmikY2+mD3o6M9RLf7TDL8hEGsMf9B
+9f9IszTksap4hRiIU071T6SPFtk+68gH4DQ/AS2pfmuWZt1v+bM9SIkRiSPVGabJ
+Hw3IYELFTjtlpaUCshyIf/UY30WtkYq5NokoXR2HHalcj+rpPm+RWEyx54nmTwxd
+s9GdLMj0emsUE4o7+0gkjTM5YUoYIFoZNo2d+cBCtxTEG3VPaVeS9t4C7Pnm040i
+WdXxl7yoYi+T0+EuBGBOOXbdS2qpCp8giL3T6XHmAXSi45gl32t2PFKJ8izRYJB5
+Zckm5nK6/xeFPLF2jcdBsbUmI+u+8UeuhftrvH/mRbMv18FNZarUu9CjsDTjC5Tm
+hcxM2VevW1AlIIV05l9Vzm+MwReiRlLU+y4Bb4K8VNTzWYakRoNeURE6uWWLj45/
+svjCzdiCVXclcx9lGdLqAahdjLGLI+JwiDDqhCOM2G2b8OvOsRMwqGgmHdXwlb++
+PMmbN9kKMsgBcGhAaBr4Ux5x5Kuw2uAUZdNTJ7lmfvwzXEdvszLsDq8qWOEnJA3D
+6BPL+lzaKZe5BkomvHOYXvpu6cOZYekIuhUeoq328/ybO17MXmbvMgmZa4bUE36B
+gO1hpt0/8EsWxD1dDp7nUyoC1tX5y1jGvS7M1bhF8ppEUP0vIgf62oMolEa5//D7
+/3xSVGYknNxNWNpjW8sn6mUBIyAw4DdP02Yg6NTCnK5Gv3nKOlsSU7VqfbvyC6dO
+INTZY0IcfVoqF806kdvNIw6Qh1VKkRwjf6dV+ikOymvJEkyHfwBD/nSq0OZr7FnF
++Pk6L56fTP1w0lKoAssYimzb+FjyW8sM0scVCQ0DisK+EDNSwBwAPdVS5M1duPTV
+fEhWCjuQTeIlwMZL2pfaY7f+yOb7DII9BgCsKZqRzWb19SOQWFXnOutgjZoEO+s5
+kgiibzU3p2IQ3bohLiXwuGJj36Ss3hEOT7G5msy/xWQt91MuWN5hQ+qcRTw/kqgL
+au4ROGUrNlLy6Zp+kojacqMQKTgG33qh/zK5/aNl3WXF9tiyDnvi9U6ffJr9PsWk
+CqTebtAQ3kb3QlO63twmAKJU+YUX6ygAwk5c+T+6EbVGMRuLCHjo2eXRgbWUGXrI
+UImOwOD5hNohWPqZ0TeQv8xjhPKmrUlF/Po2IK5CxxCQq7obqI7PwAE8LBfqgQZ1
+wGmd64JjsLmZ63x5BdYBnAqu+aMsMmeBbHmRVSXMMpBa7SugLlX5s2L5XL1BeaS/
+FMNAXE3Pnfy1K9faOZ9nu4taJrIuK2MlQ97U8GD5sinWIB99DK+CWKqz3Zqig2O7
+9611txNv2MNIKyOeG/Sz02mkSD/gn8cZBTjJStKcm1NOZo3nKLLxZJWe5qHdBcfr
+3nhbMYslE1dfXIcw8MQtADFWEd0UrtBnZpTQOuRI9wnoynpoSRQ9B22dfQ4RiatE
+DgbbFLjMVJX8djQYlvwj+jRimiKubbkBFhyUMrWwkiM1lUIxJokSv/uUqEpKjcP1
+tsTrDv29YBKoCPjfByW9IMN5tslORxCBp3swTPKihTWMl+iyOTemkAqOKq/vT7f2
+5rbWhsr9GiQZ581aok14Ah59hNxGLBe6OI4gkhzMRI3AxpI36HEcG/6ovPXLKLgN
+2ob26yJs97Si9sCs/yEATcqM872n8ZnsY9MbXlsTJQpR3bIr287Zld7Xk3oAFjhp
+yXWjKE8DCtr0V86smMe5O1bDbr8bdcAppfUX++Mi5PQvrubSDB7Xyiv240skzH6u
+PN+8oodp9VZESS/dhCdbpMRY4UeHdlpCfSuF4voZXsCWImE5SbWQLmAD5G3sZbMX
+uS7d5EzuTrF5EqlsMBLQGnuaPC6emymF7Iq5hjyrM7labEUkupu/6jwkORElUT9B
+BncD7/ddlWfCAiLtX7K1pBq6Nm0/7vbkriOnQmLVWW4AGlvk5LIAqLqVvHIG1Myo
+CwmtPHFIn28XTrS1iHKBAUWBUMBMM2il/w54RECqo/u9FXSYc+p5yW79Da7QgH4J
+DN7eCm5QASjq58Dq0fzhcRM7spSIzyeYWbHZIBlIwISDRngNhs5pZQUtumuLvEZA
+wC48devfmA+AknGmDKuqYhpauWN0WKq5CNLpx4fxMZmo2TZF6bJVyI0rTNATy51Y
+R8Q1Xzq0BhoR94R5ybz7V/uhwEPzDOSZwULMsTLHMQxZGmeZU+nSM6fPTrgvYuRE
+kSj+xlRQmTNhhEvvLBI3X4dCMGZvLGWoqH2ivpF/GAVBzFUNR0RO
+=rwOv
+-----END PGP MESSAGE-----