*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/etcd-bc01n02.hswaw.net.key b/cluster/secrets/cipher/etcd-bc01n02.hswaw.net.key
new file mode 100644
index 0000000..fae6efc
--- /dev/null
+++ b/cluster/secrets/cipher/etcd-bc01n02.hswaw.net.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAlSfgmEq7OJG7sYqZUjoPwZhPeTYps1c7s0o7LgDt0zh/
+DJbLBFIEmBakszXszjx2nD2r04Cqu/tA1hVqk5lNSiYrfUAEJvOU8DWki+/x9agu
+6jLxeWRvVB8dStka/gUKoforkZ0BrdiR6tvL5C4vLnz3ED6rg58MlIb2+9ofLIKx
+ZthlIpk+4Dl1YUyxJJpf6eVMWjRY9MM3VqH0n1cF97lf8UUPmJ9t4k8D6/OEVJzP
+wB6lhCGfrBHhnmZrP37JkL/gXCWf8pDPyN9oIWjqZPeMQ7pZ1Y4oHsXcinoTy5Xa
+EZHiNcQMSu7/gCMjuoGIgjJ+sKe3WFtAqhATfUKw9oUBDANcG2tp6fXqvgEH/3Yw
+UsUfPM/TpOArv6tfgMx2ZNkfty9hLzxdviRatBnqSOWAsMj7eGot74+dojECFcXy
+4VfAokqk8WUwDN+D6/EUUGtUuNgC2bjWKzS4BTS39IrJ2+lt0oz6yyWR8ZG75eY3
+f+I5HYPY9x1tVF4UpRdGz5ByZR/bbRAKwd0YuHCeUrA3y0YCB+J+MSpJiMBVA1Q8
+OBBsbkOXfwvzQKR/+27/cY6NuWfEiCt7Cp2BQXDF5b4xz5TXfbgkY7CbXrZyqh85
+kHnTUo4ym9RqSeenazs5OIwv7oOPqIsKEDB+wsW84pbDjQtNeMZ6eNqvg7a740bq
+7jl6rwAIYVEwmSUclCeFAgwDodoT8VqRl4UBEACkks1DwRYEw5Ed7m//mGc/pcTJ
+hDPxqPG3Un5VqfF1wt6Bu/3FxSzf46U8/zIEi1UHdtPQ7LMB3In7ONuHus5VlswU
+QJMxjefeDdRMxZ8TpOFllNYMo12J71+HxqdRWSKTSTMKhrJI7UnGG2DoVPeNdELk
+KZY1ivqBs8gOFv4TPKwo5DvJTXYfODGoY3uiHy5vpVOwYe9PdxChP9cSgK5weF3e
+SwtAdZ3XRuTyNve+99WoktYw3tHRVf5zBbNKpEAerPqGz80190LSMA5IY2eIow4J
+ZjYB6Ef7CofZwcBl2uk6YJl6hocaFWAqXdD9sBQLVAM3hdrToeNtyVScpteRUS0B
+sKIqRRkH6L7K4Ob2Z6bIRPj+/LwAM656/3hxymcH6vjijD1NID749VmsxyVucFeL
+tM1Zguchgmu7of1Uwx6n8e8Rnjqnc/Pnf3GonpPSJ02Am3Q/Kfw3v83ccnpxDayu
+Cvyj3jFaf1bYiy4OfjUWJIj6f7DxD5XyC9nUqarYzpq+xGFYIJ7sM3RdhwIlTJDb
+3wFJ8slnT5SvArOZeQIe++zbYjG4t9T4uQOCzAmsrC9ZgGtyr3p0Y/iZOGDnRDR5
+ICm1e9p54HAKqaVllu0VE1aoJrzf9IZ0NyaPoW/Re4OrDeN8hZKVlH2G359ccDxI
+ZrYTPl/uoTiz0PhgtNLrAWMQpxGsSmiA8tuiVb77WqbIx6b72YVVygMfpkD9wm/X
+DQH7sA+cX916/AHZwyKpSt6UdNZozeoQrQcmfCPUxYpSBt3foWUQZ/uhH3V64/TH
+zLmLeUYHbP5flh1kTaIPNrqcj5NzWbIay5dbMKmG2E1O4MIUTJMQ641iFxHygoBD
+jredU2ipZ7v1SqlhVvjqoCMnuMfw17KSDulJcH0f45LPrufTJ1lpP/SQqO0KvQ6Q
+AnA5zQBD+cbkj+5vMn0XCYnTHfXQUqct09iDnNYYpXecLFgPV5Q/iFj3ovgZxhkZ
+f0/p0CEUQI+78b7tQXeEhgLeIoCgg4FwlW/uVPR8j395Gq8FP7Rjptzt6uuetrBD
+mYwqVnXhkSl9pXzdnXct7NMgjwTuqgeLBOySSFZqrqIX+woC6nItdywszZAUAHgC
+6UjakjyjpXpWbmLOBcDfnsQoWTYyOXp4n4LKSBhoq55pRTsFAPvd7Ho/zgXL1m7C
+Bc8JQgDPw4DsTQ8uN29K9IEaaQqQeB0PNdzKS7EXJU2ocQ9dmdVcIdFMhD3kFR1g
+b32qXbFzbYP7p7XILDw5Wq3Pkl8ae/jMM0jKIhPrCWbUf642Ambp61LZrGUyRIzO
+wYOF4rwx4NvWc6DVeIcHJcKZMVizbzMDHuUY6jHBXPgkrisHx450hOfziLcEr00E
+bgZ4HORju50OunCLtzOknhJjqE+RBDtsj3/BQ4DTxvV5kpF0QuyyfJMMv3RyfWMw
+QoSJ0/Pm0TO3TzBAwo5m63kwMWKXY85lj4+G7iLjvLEhBXNzRdeIqhk6Z0EP6Qsv
+om36J0vWkSwNrs0rQlwYyy7KUP1wnRtoMrXjFQwepLNLSkSE+/xsvGhTI0JM1hzg
+luZ9k4irVWscqreguD0p7757g94FRcfNXtD9hhLPzHttepZ5rYlAi/Unsz5ct3Sk
+gELg+oA22GwTrUbbG3BXaVkWjolPo5fOsG0TVKzqK5fpkaM87iZYmN2hRCxNlXXC
+IUtWN5L5+ISSJ67fzlw98cVtUqJBcVAOFIHaqE/uUwVg4Wak44GQemuIhU6tm0dV
+b0Jq28+zgwwsFeFSWVgGYbLuUEohTmeY5QYOCORB2CUDDta3X6wYibkhzdowQjSe
+Gp/yT1yM/3AUWcp+U9dwVtbXPYEFCL09JbXbKuGfZGeBUV7jEPaBoEPkkLTQ99EW
+Z1a0o9tJhuCMje86ULDca9CyzB7TGAAZx5vbt7/mbgDvOWX+AtmUwBQRlXpyEW4B
+7rS1nRoc/aaH998o2qt6DgoWoJm/aMNZ5vOg2+jYjJoCeBNtM+Xtv+fmxliE5HqF
+T+2Q4E0z01r8ULm0CUHfKQyEhdJkbdQ8ocnVR2ciQ5zoqWWU22ulnffVQXFlAS9C
+1+HDNVKdrutMdqglH5cU2OKoMXl09eLDdt9AcxdsaaIeRWkA8XRjNtsnk/YnwbsR
+8Yi53M2Vv6Y4avXUqx65IrthqjBM6vyC6v4r9SKrbdizrBJH1TQP0ZBd+LbuncF7
+VizisEysajrRsxKtgIWyhgtCQaGHZOE7OhMCoa2ItyDN6s4P/99NDH2Atba2L/Iv
+IkeNbnSCgSt3GVrulrJkeOp8br5VbPUT3uxRRH+bm8+vKLGC0CxwuzKfD+E5M8h5
+yyJXZSbKWyW4KwxCYqI0r6ZCZ+b82IQztf3/2+68oMXUjlKehv5Gksgpb7mNw8If
+vryl8vmsl7jal2y1AtclaJV/LMdkQeTFkWARqMEcyV+or4t+XTURmyk3VIAMaTgF
+5Q35dO0VHadnUCNeHb84gjHk/JeNyymZR+Zp2/Zi2eZ++mVLQKVqdzP2gMkRNfCX
+jDd/jCpHKy1B5usAEm6vydbnEeQt9DpsagcD1pfWRlnFNNO34W6V30ZLQMzJbHtt
+2x/ob3dlwXx9dgeiGvcRLt0cIkNE5oQIZHC8BulZU/IuTFtUsO+vjAKKgfmU7Dg+
+QIbbwVhU3jewu5V79mwv3Yp6MEaRXdfx2t7bX/qCYzjTDbwF7xQjRRQ4gzva8Ki0
+5GGDPWQReXND3ml8KieoRkQaumEIaBqAmMFEvVCyHvwXFRN7kph3YoJpNBjhkAkv
+Z52EGTbtJmeTgf/K8Riv0rajHBWR3NpDBU7/nbPDr3MymcKPP+lLY3igJL1mkyaN
+Nns37hQxbq5ZJpG+gxBl8+kGtxERojDQeyzU5Cqf/O4r9fmI01nHRmwFvS3qv6zu
+nlXT77IABQfQ6jvkVEkur0CPvJQRkyXh/Ez83mh+/YWkl6zZYp52wt/WEYd0fLZZ
+JTXob8pFKFwnVg6wUhvkhWRCKKCa8Z8sFTV2N0z84oEbKHDVkaPtHMcYGlEVu0h9
+veK6kOOt8BcHezsK/L+dU7vDtS85fETS0jrH0rwmay3F++NxWB3pDNCi077tyxuT
++EFA2foh0MI43rtAWC3UQbihy85i+S9LtWTnRENoDQUvl3NFQnpwAparjhbr8Bea
+gc+Xp9QEsDoGcaDhcWT+nhVlW69kp6lLxWj4U64l9nKzwuufTrBeFQP2dM5DA18+
+LMA4XgY6cM1dP6k+9ITYOflpbTp5IrVemDnjBOc8N7y9cEMVZMYOs3KL6pDg4tKd
+9N20kBOInVb5EEyondeK5wM+aJC7qLY+x6xrF27tysQHE1mBH3R09k7sNfc4Rmrx
+rtLF8kKE/G18rkXTcms+JzJ0Hb9qRIwQBfUP6vPH7JDrVpN01htv6sobAv8VQLrp
+tVDudVWB7KMUwjUlC5HJWhytv7hQs1ePzHWXGwZqyzV9g5GBp9MCN0MOg0roHQDB
+A3p5p0soMFT5krVR7OqKc6uRE8EBfBNAmzsDUGn4r/3tWKvdWdIndqnCGrHGj8JM
+OgtmJEeRPah+MNzKmbb0sug/kC25afFJ6QH2S8AQms/ISnCbNzWayLNyWl6RSTRz
+EHscLtgsnnPorSCKdViqNJNdDRTWy5gj9xH3o8pzfNzXaoNOjkrAEQx+CbEvFcDj
+PSsk27QM1LkCZEbeXLt8xfPsJtSjHVq3Q4BXSoMHUnDt7d4hu9N4J6VYtq715Wno
+eubvd9a/6Chf8ZsOdbBcEwiDSG1nd2Jr8ElD3a3t/IsSuCLXDEecfbybX5VsNAUe
+UvSEETD0+clFKOzUFV/G6b3BaHZiQNvP5ez25C47n7UjM7e58SSb5klizkzmU3m5
+f+EEPqWBC5v6261ffSgf7rKFERVTuDHZoSgn0dLDmXfeU8izwyrFfra8z4N++gX4
+9JQ4bS6Bes+1HZgqiR4pMCaP+Y+0+/VuIAxUTBYTrP8qZ/wlVpGuv/hrKJ7r5+2v
+TUM+N8MfRw1Gdxdymop+Y1c3dyNvYQwInmzkGOnHnR+AlvgEOiCRSFfriK7XIkeU
+wjEOfg9xW5eNZwtGPFgLrNc2Edlx3W3EfugXaJAcsJoGFfuARmav
+=kNFR
+-----END PGP MESSAGE-----