*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/etcd-bc01n03.hswaw.net.key b/cluster/secrets/cipher/etcd-bc01n03.hswaw.net.key
new file mode 100644
index 0000000..5c57b35
--- /dev/null
+++ b/cluster/secrets/cipher/etcd-bc01n03.hswaw.net.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQf/X3DeOZxa+fCWbY9PnyMjhvgoCS09J4PPIrpd9DxjVfgk
+0SGa1LvBX+WQB7cBMxGdTwjvxLpM3QnM58TfQlo4Y34gNmjX+b8WzMh5SQ6TO64z
+HqgKI/mrQvuvecD5Qv7CVL1Ks+sVj6EdxKmOqvNKDj+lG2p4gqCnv/0Qf0JjnDyw
+xnIvxCRacW9XZW+90oEWfSX0BauC335UlKDpmEPWvYMkMyXKv4A7Zb1S4Yg62wMo
+1Bz277b1wfu+BllcjHXdM+n29URszd3wMqL77WreJqUJ7hEqvvp7rUr8u63JDevD
+NvvOCtVBhqh6atxjYUWBwRQ0n6iZ6LS4AzRchc5wU4UBDANcG2tp6fXqvgEH/2QI
+SR91ZaX+s5tkoaWok1BfwlSuStdVEp+lGR8d8DE92zR/ogTr9lppoiLcOoJSQrps
+6kJ3wKhwidFjHBZkRQfegtrOIcEp5wH6pPIXBzAvhz1j7xmOpWE8RNEZUMMPJVVz
+RlgNsr5DFPL9D1jH9hDtLC0PeF4UZNQhbJEtyhjK8L1/xtguSVhApqbilcqKERiD
+7hJKCROfMtvJj0QzZLJaEjTGs7Nqrpw+VIXjHMqenxz8hzo9YTV9QlCLHz+RYiBZ
+Dfp6kKiwD88yraudxCToAEGBlh+BZR+4xhrjnjdDCCTor0cn0Q6Jfw8LUf/eDb9B
+ZU7HFT7i5hbYt2x3acqFAgwDodoT8VqRl4UBD/95XkaK8RdNoehkRQO1BqLC7x+T
+xQy8tuimCcEaE08rFe0EpDziHw4GUJDvfvJHuTMo/2kZFtqpqvD5B/rdMTNNTIYs
+cdClk5S9DUc5i5eBJpbJTg+2szY27XDr12oCIGMf/NhYVIas6YG8O/alQ6/1//C1
+5ozHzWC6b4vF3xzAhlQ/YHD6s2EcTHlehCASQ7azJvI9NUqSD6gYEhauqfd7JGN7
+WPtpQgOjxDlSEwB7ZrtTZLCn5A3ZSvDbEWqoaMZr136X4WfbnukJlqGEtgJqhkVm
+9ermDRzWhM7BKE+xsKVOlsjBYeXbvtzNK2oQyLvdBCLhutYppvOkVjjekT/Jjbcs
+iOK0/2qDeaHubkw1zAVfT5UWm2vQnLhktmRxHWGDW+rW8MGa67v0fO1w4cOgKbvh
+2tO63TDzN0Axj2dgtcYSvfsUcxd9SmCprShyecApwlvpbF+UM6Sr/N+67f4HHrxM
+ADAktyxHP1Y88vV2g40x2U+Phxz5/nd7dfDjvSeIIx/w8D40gksvTMtqsn7uG+AJ
+tQn6ROI+KhKxozTbQgQP4NP8bh3Yzr3TupK9DqVIdIuQCLmc5J3cDJazMRD9kLSU
+p/CadCUvyTxw1HgVZuXVl6GKhLTeoYlOtRdm0xjTtQFWCrPmw4VRFb+pZS/SCVIE
+Yyuz1bxd2hnCmLJHK9LrAW7xbt52zxBgUwDtHoMMcr9aWJ0cXDXLO337dxaRwyKx
+Rf5oBlKt7BTPdyZcTVVOzh8T+EQA5yjFQFH0qQqBFr60et6LI6pC2WhrVVG0++Q7
+i6HjvC0Sqf4oqrBUB6pQXH8atREg+UuhbVdyKMvYBX7CTLTqKR1mtSoNsH7Bq/2n
+4G7m2KMoak0yOYorS/cqlcZ112N1+5e1voLNjuM9Q0nHLB6UzIQ0rv8yS+sGXMEo
+XbAcwgrAIzxLNkWGslRtYGyUIVB8HPgWOYEqG0RFowif+LDVHk8lu3w5RDFfb8jO
+3Lz9qrl9bU9NCmvlN3cv4ACLodCE5zbJQIL9GK1sQOB4ICx3KDKVUqQpu8X884En
+xeI34WG/rBtbNOkk6b468kdFMCgEztiN66nijiA0DtLpSCHpkFWLpgvD6ARIIzel
+bl1I04gxzrPdlNt7VqAnoZVeb5N1GmCybeyp5sTBILyoC/Z33T23U6V3QxBQhyYW
+wKeR5stgSatlayCh6tWqDIXBbld0b2gpMf8x6GKdJUnorIxbfFRKMLt0vGtXXEcb
+8OYmnDcUwyE6wP6cTngmrzpfBSYrD/IG4ted+qBALsN1Yjf+9Q5hFfJv1rUlQTyJ
+AB1K5vPOw6LwtldavspLfHzFiY/C0M9mHMT+v2D3Es7nId2iNAMjCsHb7AEQry2B
+MLNRLxFpeZnZAYmzERYg8RZnbxfEyh5EiEpx0LuO9w1puNj8SZ9mK4lsKRGaF7ZY
+h/D3H6+uDaRBZqh34zqpgEyDFKZEpYqBa/MEF5R/n3UJuNuA+enqdlWXTg7y49TR
+tXvDHtGgv8FaeN0XI2hdDuDO6iSw6H1h2hONz7PkHtLHv8IvFrh+NWJb8p65gFWC
+0oryTtKqExRn+cdT5mwnWTVHorKNTQ4qA1IKXBOrOHx2rTxWxTJiyAWtTkrLxzO8
+34iZxOcmy2mqFAcP3LUHH3qXKdvm9CVFabqbWCoMONInJzdW80RR+/wYyhSGIvnA
+mXhyIO3HWwSWzqOJf4h+9Lr+Ag9pvSpnjULWQd9tQn+gVAUwC8kEctEu4PIWCIZo
+DWkaRpBG2MjQxd47Q19W9NErf2q5iuomEayfknFj5f2VDhZBS4Ll+oEC+DRyJfBF
+6110pEIRpDtLpIFfqClvyT9x7aJLHcawxKT+uYQI/ZOwCvOVLTAz6UnU0SHGn7pa
+PCrZ4w4ORzJG+UXZBLH3wqpAnbc7vwAqFxXj8RbI4J/tsPZv7n8D16StOAgjP+6v
+bJOidmmUltW7zraNypiWVHG8ufiEFJHDygbuKRWi4stKW5RAgIn0W9JePP0st9Pw
+gF4O81wS7wJStIR5Qw2AY/Cwsr6zmqWE4tUzGUtsk+0/L/Fgy75Uavq9+k2A8XkZ
+o8v+EvnIkXx2bezoKepza7ENaF68irC9s0CPsxajm/To6en9B2ePb5+5cA7QG7Ag
+a68AxCPcdrbPUTG9bWU2tkQnltb1waPiV+QyF6zgWDj6J4LiMScHVwW5tglYgrmO
+1VZxXNsFbbQbmgffoVahvchjhxhKWdLafMGFrHGJFzq8cowJH0VGVOCEUYZtz4j4
+YXr7JG/VT3VvCXaGYRi5mhBurxpIZypq0Gg7655isYA/LCe3ImJduSjyz+jdkFaQ
+MgfY6xwIzNAGvwROREhaxInOzgsTGCG/ldG3yfF+OJx/qJsqfnF2x+hxx1PIpRKr
+IMFFAhtI+d+FTCB11pn1k+Ue15zgHjwuwDp+ZmB7rKKaQd9ocOGa3tieOx8KxWO1
+D9TYkV48a2TghYf5RSxytiBT8t8YjDNmH/qzg4s4PZkbB+reb4NxIEb/un31d4Hn
+doRCuOz82Ife3Et12UPw98ksNR4nZcOIP9EW4zT8YCcNP6sB/oD3G8A+Fc1q5UPd
+Ytquf7u6Ok4FEk/8gDSQ0Z3OxyjxJG+YTerhwMQdPOYHUW67iWzktKfsmowEROdm
+x9mCQ5evH1hKk+aSacXT5TIsdvp9wsik15ewW7vxbVcyLUpxD58AteaaZQWbUrCm
+FJZFyUGq70ZZqrWu2QQsBoHPl3ribCTPS2HzjNfBsnF5Tqo8iRIxUV0JLMRAu8tZ
+37sk2TemJd3nJFFBWsA0Z4tHkMxsJnqiWLkw/eguj5GIc5OQbSvo5zopbh8v2UZT
+5RoN5/3YRL3hf6L3pnpuH8TF3AMsTADOh0wwl0+I3tfDAZiCOFa4T89pTc+Y4EmK
+XplyleAus/D4SQ9ISdlFD73IN5SXKKkuun57elcoWM6Z6elK73+8u96LWC96Hm+u
+4J6CfNQMLZRLA2MQR4sL8e8fJX2dHKAtjlgVwpPhtR6uguZgmN4wUXebHC7cqast
+JewmhwFQIYaJeTSKQWn42Dblcz66L9SqiKDUVyWlxDcu4ds9cPy6I1uabwsUCJl7
+lIW4jRUlxszV3VIDRYxmHHajI00Q1emyOs+BfOu1VoMkjpWtjjPZOVhJL0Ao8ma+
+TNIvgNJ9nOKBmqB+heHZPXuCYAl8KVU3eAKn2T/4ultH1Fmi31kUsD3Whu+GFHG1
+by6Yf51fhRjmnXhkKncqM+j63U0PxUa9IIYwktH7VHCAwMKh7z2wI+doRu/Klg+K
+aD7ss9LJDNzVCa9wxe6JhvIfPIDo+WkDk3Gl0S7Tr5+izUnwP6cfvDnYw2mcIj0e
+gCDWhIrq7/7DtxMOObhP8oj3L5JIYzysT7bEhx/mfpNzd2mJ4cZ+xZAd+M1OKJ7p
+7JTjHMx1AqFpAYJ9Qn/6S4s5u4p7aE5UkS66eDfDxIfdWD8sXvPwc18nHxNeFgG7
+mG2pgeCKoH9aBLLF5mnJjc61/DxUwEqQwqvxhzlOIkhk2UczJUzuzDWAbpMngMZ3
+a9wi+GfMb9fs5NJwKhhshJJMbpvpPvpdGCFlXeEsp1P9/0+qbV98pyQoX1weuGMy
+7wpLaATIC6UMq+YyizLbhCYkTR7hyf72/ZAW0nS88CvtAFm7oLMmorbQ2acZ44qB
+HZgj9DtwgGMW4jQIZsrFe9BlRmRka5OSBVjZWn5NTOx0RxUCjQjGryCWYU1y4g0k
+rCSvWLqAPQrYqbVyRMEv3i5/bSYcq/4629V97mZ0JlvdWANFh5kEMGP7WV1RHtHE
+na38peCbeKf79nvGAh4d2KWnbtZ/CmWA6jXU3OBfF9xIC5MgcdqODftDlZSaLmXY
+DTPYO0g5zSknWY4Vc7k5S3Xiyrlyc9HAY7oFbv9g4VJ3uTxOed3bhw74P5jn3OwF
+Zt5r4svU3FTPaRO/UYPql9EXlIu0wpi3Xx3HSwll7S9Zla9x+aAlly1DXiJhlO07
+zgM9mSLSf7iGWjhHlF+mOcJrggMVhgNxoXk34qZv3oMlqrS2ZoBp+RoeLiTABGVU
++6CkBsEVo2tzo/kXmvz7bEhcPfM6mWzo9mIcHpjZv+QCIuo=
+=cumZ
+-----END PGP MESSAGE-----