*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/etcd-bc01n01.hswaw.net.key b/cluster/secrets/cipher/etcd-bc01n01.hswaw.net.key
new file mode 100644
index 0000000..9995cf4
--- /dev/null
+++ b/cluster/secrets/cipher/etcd-bc01n01.hswaw.net.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAh4Lhvr2vK1YxKdIQ0hXxiRqdioLZNk+V5mptO31i6zo8
+P20fbTi5SHuun9MD1ZB22IzNXol2/Zt7dxry25qoof/rbkVJQpgvLJ1+I0U9Kn2+
+Gf8E2QmIOzG6VIeGWD7U9SpRpdAfPwvS52iNanF3wPUTuOk6di0iEt4XwdApTI1y
+vcZci0Dg2CWDS9w2/kxh/WbUEomTvgI5I0jCFijyioCHNnthOWwAcZPR0CKGqmEA
+Yc5L+K7F29DL4/iu7ac3RvMzF4UxhaNMdobLtSg+HPTmKXLxbq78SF6Z0ATcw+EI
+2f28hrQIwZ+rwrqKfafAAYdzpp6ZZSc5y5wdT8UhvoUBDANcG2tp6fXqvgEH/0KS
+caNn9YV/Bpidi5b6/IRUTOBWg8pqq3ge0LwjWCeobJdfc1Rr8/GcXUSx35grM1QD
+oTg1dOiYO8Mect0H2lpsRxEUbBfACLvWPaI7gSA1W/roJN//u+YzVe0u1/6mrLAS
+MyOHo7COTMciC3MFdONxTEh4nvBz5RolY8eHNV7hOD/O8g1LnbSQ00OrM9I6qu5R
+FoBXHKnGwJ4a4rNt2zUc6l0qnz5HwtpBheTLKmMjCMSRLa7UvuWWKymyNWB3Yuac
+4eyS7RwS6mweXNIz/AQ6+qzI+Bz/WTI8aGfMac5ccJIxGX/Z5w14KdJwLqk4AYGy
+WPkpPfBewRtDf760UI6FAgwDodoT8VqRl4UBEACsL+1oe5GbPzlkbA8Z9lyxYofo
+AW08d0qotOkNW2JMCXb+5QCl/rhG6vM8csV3NFLGkbzMkUP0oj+PhEfDhw2GhxE4
+yf+D7xFUJ6VnYVjjypkKOpOJPJy+AQJBpxBSP7dqfYeZouJSpgAan1pxHaRLmgbB
+z43MVnH8y6nZE5LshIVhYkMyFLVtTZrQ+dOQBbrXr9WMTXGhe2ibKe4SRUqSFoO5
+KoGs31r4sNpC5mxFxmptaLjBRagJDb03YnDtbKbFxIdJzVrk3RhB8wylduGmwVsY
+0TyYvRTuNAycjHl/1Kem/vO7zuEBqcP24IpdtcW6NFgUIOx8oHVNTYCAyhsRJN9w
+IdKXE+m8ej+CsYrVxvXUZzl5fc3YjQnW/ShHubU/uBrxxXRy7vhJw8dK6a4FallI
+kiy0OelffMuAsXCs9f0KymbXooyUjeElJSWRvCBDr2sxv9Kmqy9NJiqdFQUuLfmO
+6atucltz7k8shTH7VyqpjmbH1t9w5RWYeTgR0WFqdWYtOh8IHIDv++ZaAPz1IbbE
+D71gMjwBP5CvDrVn1awDMmuFOSfd0JCVSSHA8Uy2KFDxVcaTEsBggZqykgsoYU8L
++qElbWU4s2f4t6o41hXKTD3c7l3c8abyGp8S+ULDGVZmjjNpZUmOrQcQ5jNMU8uw
+USxnO9afo9nClEcrfNLrAUfo1VQlLUo8tOr/lzUlQrV6WshXmepH48E9z2DwkSWf
+euh+/r6WONI+SGc58/D/7hYU/msqBOVE+eF1Gu30ZREbSLBBdBkGl3Dt4V66dVQd
+9kmge0kZkDnBh5h9RjbfcZrO3LRdBvx7QsYkYKYdoblOd48NfzaAoza4RaAFK91y
+j2J0h8JxZ7/UYLpHYr4KbFPrdRxThWnID9f36RwZvMkhgh5LHs3gXepMYN/1WOPd
+YJVUMFugFyg0TWPKmBM4YhbhWlCppMaVc240WxRR36uD/9FOR02ef+0LBQFZCK50
+QGKW9XmNDERRZc41jswSrsHY6AFNta96mDYmET81e0CC9vd1k3RVMutqFzNm/A2+
+TGKnT49pIc+aEAklBVo8VP4pj74vFPX+Q/L5FdPy3Tm3W4jIPBMeJGkqDXekRdC+
+x2bhWkiY+oGANSNpKRu87uzfydiv3KKZn+H9Io8/GZ8j39tX9AKfyjiJ8xfCsjE1
+J0OYvzTjk7DzeMVkPcEtSe+skFX+UDD6jQehApH34Qd1QMoREkZI6N08uuW+8bjO
+oP43XYyq5Xdj3ufJAyl08BOjbcAi76KmLHUBBRO+Ib9ll00s9v9nN8bvDMLU6Abb
+Rr2z6mUzOFPBzmDoWnm0lT8k3gvVrw63W61u4g8QycmRu6W+EaciNiURwXty5GNW
+HSnbuFipC1/GiQz+pKvVKv39fe7kW/TIBM7tG1+FS8bLpGcr1K5Bjec3msb1gq/5
+as+EhIWEfbiNufYySv3/7425SPF9r+f/Vp7t8+ZPN1SyGrlfz9IBzeWOFpNI/DBB
+wJ/rnjww3CK0hKLMCD1M6b3JJfSQ0MVbIDk8hvGmUu/maNeMhqZ+eTpiX4VcckoH
+nLaZpf2/44wxbP5eG2JMsJcJsXlO+WW0w5TlucqMqinVjaGHWMoRQWxspEfBwZk1
+DUhPHrL4HBVu4xSLvW/b6Jb3nyHS5IY6OzQ8sJgez1be7LDpBPq4jZ9FBvP2JDJn
+m+sur4EtyHUACcj0thirhp70xW1ubxscJeSxQ/NSa+ty1qd/DZFfCM6zg/3CzKiR
+hDbvOLhIKIUJL/GLTlBWtO0YSLE2TwRIpuE3M3zZssQE/UmC22XIG63sKkNbRR3l
+qw8/2yj8AhcB9NfR+kEkrkTJjteb9yoZbcyb4QxBDRgbZZPz+CD5XB/Ldk2ASVDy
+9RQQ19CR28zzW4GygBdYE8H3NR2+7yuccPI23IDPOYydkz0uireLFCSguIqKQUv5
+zeTwZ+gGH+SLpgsJKC/WqXOTn9WyxI4/0d/DdIge2K8CameDx0BHt6olzj7dv1nF
+LhGQLIbi97nk3xE0Nb07bdhOPbZFz5KzLIEYosCALJIOKfn3HcS74skZroL/kiz8
+kfWzBItcufpNfqoNjTrAPADMJsaALWS9gt42y/vjpQjvR2Em3Uo0Sbv9fmqC/tym
+XGCg3WMmqnegOFui2F0zdtVplW8H6fqGy303V+/y0g/Bvw0iBZQRSx2BGQ21oEwx
++D2J19/o26wLdDpb1x6QxiH+gp6zSbaTeza0GYdjt4gGhZHDdqkyRdpKmyMrgFjZ
+gcwQQYqURTuqMHRa43CYFBtdqbJX4fNI+10y/27UJvdNhVW+arO+UoGuVSIxDZG6
+4VmFBasIQqFK+FbRrvP7l/b6YW9Khmh7jAdKB2tka4hEV80KQUaDO1GgEl5OPIaZ
+HpkGjnMXcWeQALdUadQ7NSh2WA1O0f6+qcoDnP9d0R72rZ2nsqg/Js3nfx4YxqU+
+DmVKgp6I3jktxE5nsgz7xycycdyHi0LxEzj6wanP8s7JDUhzkI2+JvUG2vMa1o4e
+2cgBMGArXLS5v0m0vhthf7rpQHXguKI3yfLXOP1pQG10GomH9vX37UCmnnS51Bj/
+UcXC9nM9rqGH95YX2RYaR6/1x+aO3VsHAumBkEcaplooJD3Cv+aMZKcgb817V/US
+AHkqY+eNIIT7eZTvW960rI59WZ3prWhm2Ql8vJfbSxDyDIgdCmp48Zhl4uUE+kSU
+CX1eIuRdZhWge2w30ZmZlVKShhKj+367xZ17kAGw4YJWKE+1qxAXXIHslgrCxyZ9
+d4vtuv5H/m9ZVFCoGB8lY4RvQwDIHaLiXXCiWksmexVAICr3TIOXNyrRs47MuXXc
+2lGNHz+u23pIRfexywa08z0NDhi2bKkpsto7vRgo/IRp7hB82uvs9cCAmliG1Hvp
+lZ9BQ0RasGiZdsm4Caj2N2iFtF6dh76kasWIwgppXd40+98IXG0Ntv2FQLJSPjxl
+yq+JZkelCj3F58h5x2CBEFXyOMlktaBiB8uqStfmUEGU2U562pctkJyMcv+7lDyY
+RFdPr0oYcWpab6M5r/5gHtDG+qOoq2ZDdPA1y8E0RaNpB5FE472zKpf4Sm141ypD
+t0AhYcWHx1/5wEHMpnWBn1C/qEXWdAnK91BWvJsyN9v9Aa2o1luFoYy/UUbc6LLL
+8Wsp+Mu/Gcp/mSgwolfBEOShvbAaMEdMXAL/hCLN4hCXmaRqu7ina6ZaDuYkFsuJ
+45PxKUkv5b2xTqm0oi+PFDW/D+E60nrNZZOlz/frIb1PtoMKfMojWt/7X6y3qzkk
+tux1f6DH1HJ5mDlcJJdAEFQOnCSlsiAGmjShJD8Zc4dId/A5f//KhGJDSxkGdwXk
+WdKJYvlrtM9DyZzicjAw0JHagA275lIczzhpFscnrCxicHhSYhLS4+izDnvw9Lvp
+BBzPVNm/rYU5d48NEMeR/lqgHXW5Ck5xAfRAkYMSbXrBSW9cy7khXs7Ds8lJyTsD
+QfU6hB8+/we/FeUSSp+1mMN/c7ouelI4wmObN7hn/50HsoWXgtbhEU2qGOmCgH5u
+OUsONj24aBdAhwwDXq2hfjNUMIR2dw+QqLllPSm1GPCSybmCcFbFQ4h+sys6SKMS
+YMsSq7NZgqV9WnnfCo4xV3+mPVNQW9CiHV667w9biPa5HHV//SrLtkM+qTggE/kS
+NeywH60TnHSJsfqKbgKYW3VdU32WE9F5hNsM7qqZJ5OL70p9Zd6j5o/YbFn5wdiX
+JybLJ6J3Mvda+DClr+kx7YgH//H+XBgAsWkwwRmuTDnEzvNA+5LRIIwE64Vbdppw
+OjQ87PcguvGFJLb4Bn21ZMKn583ra+MXm+NBqXT6qURPwB3cQR7QyClfXStQ4J5y
+WxrwTxJfbK6wpNzI8PhHZGG4SEOGG61M3vfSG9a7DQi3ruECRzNfWmiwsU/f1H/S
+3VRIyo3ZCFOCJgXhL2V6bZOKZrEUd0sNBrgTY2WOgvLgFeES6LVmOK4wYXzWGaqv
+4XpUh14E0CHQXQtUDoBXd0KPwiPqnjLp+ltuHD76KkktUKBn2lmcJ4jxxC/JNdjp
+AaSF+Jt+ImLNssxQn5cyPdQ6XSrvn17YxKu2FnjMytgCnD0=
+=mvVU
+-----END PGP MESSAGE-----