*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/etcd-kube.key b/cluster/secrets/cipher/etcd-kube.key
new file mode 100644
index 0000000..5b2d0e9
--- /dev/null
+++ b/cluster/secrets/cipher/etcd-kube.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQf9Fc1krMmIc99YY/p59P65Wk/ObgmLLvWI0aG44S7A1PrZ
+kbNj17Ki2B9qz1woNqHIBOzAq9lHhYjhhK9RA5fXNMsgUubzljfcNZmhaykzlzp9
+cmnfHqVaW3yizLLmJh6sa1Znu2SuHsp9OcuwJdX3yqRQ9I8tcicqWahhhCQxD2oG
+FToh1/SUqX4eVQSBfDXIU+EgSIoen3QpSLX7sWG3KgJb9p2SFBDZH9HPm8YTRHuj
+/9IWrWy/qpavhx7Mgpyv5o+Pg8AvR743GkVrX31UrbzTI+s2UllHJXtsG6Y6gr1f
+2oWZVnFFHT0uCh2BIuG0UXo8If2ryg5kT8HJBTfxNIUBDANcG2tp6fXqvgEIAMmw
+DBQoiznpg/05CB5FefI3LPB/6+0tT6C8iGcHrCn3USITAlKqGYAX5LYVqL5eaO2r
+Z3T+P0NakH/94vXqwwNEib4YmnKw0G5WGBUNoBfj7edHffjNOLqs1lz21iOKXKCN
+LZlPQvGTG8iOG7lU5DKBIXBJY7Ue4WZ7t2L5eWLcUDjzp/KEnEMSLkaaig2oZ5+M
+CRMbi0+vFdQDQ/Hoi+1qCaAmugZONzgwMdwbZZPAA5/elkSvzYYfVoCvnrHYrUga
+vTihCXRjMoa2bgwLkwY3gl7GcJUD/UzMFnWE24apigMDDanVw4ln4eYeDmb52k/B
+Pr6fS0t1htt/yo/h9aOFAgwDodoT8VqRl4UBD/sFBKBOhUdqv4HlgVb7p6fGSUo6
+7azxo2p/XnGeox+5ACEog6msB8H9T7B3GhYqOWRZcKWwEJMUYQwZSsQAT7dcQhI8
+Zk7z+c/ReyktcvfxYszFF7IrVbbaW7d4ZqF0G2/70uIeSbUsr9TTsXWR4PL4AWTN
+rjXXEBkYCGltSTgAaNxwgJsClduZ11aH7NRM24nSTWqoYbaCcHjQDFtbLbxRxibA
+x4h5lgxLrpXOSlli6QqSUQLTBXrHK9ZRs7E2u3/IDTaljZAVgyuwvxyDb8UNlUoE
++T3xpPUAnkNM+C4mAxQqr6PtelOsMUWW9n8GR3EPmwuq4eNAxWFbD0N07z4QokVe
+2MR+zoxWHe4M9DOJNGex+iKPNg0HTxFSZCMXzNwuUs3USTHrODG+FBYcNLHVhcjn
+pJ6ZxG27sUJDkkeI8SAFEYkez0inNGJJ/mgrXS9lgZVgj/HgssCuxdadOwiHQ661
+XLJRD5X2lMATEsQ2fdx8p21kgo2ipJdWiEbZhtTRh0Dp046v+EYt6WYBNmZfKa7N
+2PDU1C6nslxwNW4MYVcdrEVkTKH+HYIc5x8WodYP7Texyvn1PNw4NzEggg2bEsAH
+uXTrEzANRRw+RbXoOgSEvPe5AjwsOB7SmpugdYYGv/KC1DFeUu/ukHehxrRhpYJv
+mTBl63sB49USyW/4CtLrAX+tuDac79aQMCHg3VZ1hFj/0yOulV7y6QSw+8833oW2
+Eb0DFkr+6kDpzTT/44U2ID9MeDX4QOe2F7SN3rSrUGmmnI4LUgGOgH+n/SDTR/vf
+qLjACk7d62Hs7rpx9THXVeEXKdkLQWS/gUnaODeZftuKGXWNRcR5qfUc2NqTOJ3O
+0VbdPsSdFu7opHYtP8i2J8uu8PGhdAe8uBTtP6xw4/eAt4pzr5hQ3hyPmYTRXieu
+zDe7eFVZMW7xVgTD97S837RsV2jIgtPrz+4FK7vPxNi4ATX+vIEv/RT9GTzhe80D
++h4LXQxAp/Is7Y/eifSohz9Ib8T9xoRv5sz75/SeKA7S5BJnLkx+1UmhyVGSCTmd
+Q2e9fd4d1GyhTM61naZmtVZgDDOXggHHO7okCEQ7RbF1RTzxuk7HzVa/63iyzrzj
+/4qYKhUyZjESePEmvZyzegAbnm7s1i7sbqvXQHBhaH0YV2OaZUE8CUEw7QYyzuVB
+fwnJcs8qPQjSDoRT+ckTvx8XJj2hEwCFZACz3ZBAwVAXrZ6UVQkRAu5IsiZd4ITY
+FhsbDSNNSb5cn7khL6+NhMFMHtfFBr3HOXO04S0hL1ppy7HAyLwldtoc6rap3Mix
+FUBg2HASWd99FvmTgJVenoxligU2bsmaPrvEofo4j7/LNbJ2L8K2+NsoiL/c2S1h
+mGuhMp0Q+FduLEzA3TiuReS9Hbo2fRpCtarGsFpEn5h0Vc8ZlnRh934UCzo7GfYy
+HiVoQglm1mxVQjcNOD4Anf1vZXStsD9yhMBzOWxK4HTJpnF5rl/puxaj/dHQUgPN
+lEbnvO5GIaKnKcOinUe6phSPwXP5Mp3BU4SI4gujHWphskyy/m0W4TBcIk1fK6kh
+5ZgLzQvyZ28xr+uHSUedsYXVoLQ0omw9XEUpo3PMqYALPF35wPFtj0k49BzpDGrs
+Yju0OOF7ngdp3RBAvrccgqsPbyN/UEKDIOu/uPUqNCl5/eNh6GTL3fIck769xjra
+xO2lmq4iGJZ7JvhmzkuCJSLcnz+Bfe90W7XIfGnM6LhL8IGTv1SfKQAZWf3/4EJB
+SKw9+8WOejYVJGReAyoLmLwM+ZUv5OEysENwdFJprY/sjdvk7rMObD+BMSuki1iL
+a0fY/k0JLJm5DeTTGTWIROUSChPzFaESSYChZWy95iPaBAygWzC/TJ86j7SsxrLO
+wybNSXVzLnHv8+oVI06eTEHvkrU9Ei0uuBKgfJZnwJSWnqUbnGEVcwLhwB9aLr4v
+gMXHDGlEUWD473jeQwhQ4GIfoQ2A6x/77ykBE6DTOvlZb/boppT2WfVcV3veyXqy
+MiNvLKIq4toSs1mskwl2nHt5aXSvmRh3Y66u9ym53cI+BLn9HTndYYvZ5MVAqtOS
+NczXYnW0TIroBwuUWlGDeFG2FNdMwGloOorgO+TrDXpR9X6X7eRZACK00849WUPN
+h0OyB86ZWJZujXenlJeqlQJYe3gjmUnZ8nIRf2O8ix0PRpyl+NxcXsv4eQnp+mli
+DoU0cglpLPeBdhQ1bi7iJAWlj4p1v8qw06Rxbz1BxWxsNUlEzNgukRZKzsDP6cOq
+q35rR9YdMnxZ/vcb/ZLJNEBLkWZzu3RG11ngpIIWAqFUh62V/TK1XNgMLUESmyza
+F+0UT1PJFKgMIg11tjk/g3ZpL32ORZtloO7X+2uPyDeotQRVeXtFWJytBMagPPZK
+7bBU2OolALhbUdbT05s5LoNEmtNcONSvpStt022CgXDsYUa5j1OtHQfvmgW6ijgF
+nSGQFuTc7V1MX49pLF0mIWe6fQ1g60tyITLQOeUHMncRBVLpLXNqxb/X0lh67wsx
+Ofc32Q7QwxDa4nFXDk+W0b2/DU623ZFBpGpgIcjktI7spxrYyq45tNs5bmsX/6qd
+FlkLbti0EYfwi5JFt7ysn1wItMMR65ZVpA+CbQaL7/vUHNB7lGUDtMEqVA3kkOkY
+Qsoue5D02Hq7kAkUB29byhEh2B61u6SNrCnSCAqKl3HBT39qjBoEM9sTykbjjJGd
+TEDkaHXtcJ7HSRuvJC9XqGmMD9xjXv+Pei4/Bl1nzNm6q7u6OXmoeVB4+NWnsYI7
+9PhTjfxoe/2HqIV7f200hvLJ2tyDuCLbP5i2M4BGkROOPU075gG6TZ5zZxNfdwLH
+7dyYR7B3qmwkviqYl675FJW/x1rUhKyzq9y1mcFWN3MznUtHKFoogOwI2cTIHLmg
+Ozwc2IAcoEPZgl3sl4wqyWPa1BI2FpN8lkLNBajHmI5kAZlASVmlT6vTahi92w+s
+WPsCRokn3UFW8c51y1sWrxt7w7sdVohPys2Sr8prv6PZ9d3BXRq+gz7om72+KVzD
+iapo0JyMAmM8q0rd+KJReEOIeHcsLD/L7T58WPsQHBbgyMs3vD3qhC4xs30hbJHl
+Vp4C8n0lV8urvkmX5K2uwrPTxesz1gcMG80XTeXO4L9Ckci/pA85CZG/b7z5+3hq
+Qh9dhKln5W+FT8fYmzx00AmtdvVlvAhdMq3o2vd2Cnb6F8l1nXToXW/gw6IOJlbX
+YY4gaCoLS3C62l7cviBSko3BwJm0PG8UikITWGtD/EkUp/GB95PhQ1ij3C1pJ7PK
+X8D8GwuGOoXNp78TWuMmQ8V+Ws7BKnEpwKTsXfOOdl18DAmrIkSmsEQIS6s1g2cB
+XvvB1W1jJFbO+xwOdfEIa2NvcQB8+RuywrHH4tvnMfoRx+rUEepmZJYNiBNxUwbB
+PVegiOcNvfAmvdeKiE++mj4910pHXtyzC21Kz9wLbKCkKw52nhWZJgu8eUGjBL8P
+0SgjNgZI5+tR3tSOvqXOslkEV1RZ2aj3WZn+8j+yncISt+D7GNH9GBOJ12wABpEi
+mD+BnricknzyPIq2UuaFatBMj7McqgM+S9e/Gu33obZIUH8ZD1goMtu3+v6HuT3W
+omrAF2HgSzhxw4pBVO1AI1fpRA5zn2gelSuq0uhpIlzYldJz/faTQEiQRmvVoxxV
+Dr0JkD8lwmgKx6+o1hLWWoGn4tIM1QuTug85hzMLVQabsyglsridHPTQ1LxKN90t
+dEF/cZvJIlXIMJt1bqXl29lOVUCiBkfHBJr1BXbznOZDM7/hYn45oP51SCIWS0Fd
+TQPITz4yObZLmH13W27D0AQ42q0790/ZQqH+Ufh2uNB1WaeuHVexQmvKFXLWquWG
+UnMUv4/cxWmOsKqxsoF0053kbWfusSggPpBGGJ+apTdK1YYMMoz1QwSDNpaAmzU0
+MTieNW7OVfyQoZAsnEBvQiIrQlgng8JaUTWtrneDsqMOSVncyZ9F+Ddk63dWHq8y
+JhaIALI6J7AoYy/UxpJp5Zdf5zjXbH1qR5fz0Tb33jjDdJGy9Yie0ECs/K7KliGF
+D75PNtspMLtcFfPhVqRLbW3JOHkSLkW8dzgyzpso
+=ePL3
+-----END PGP MESSAGE-----