*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/etcd-root.key b/cluster/secrets/cipher/etcd-root.key
new file mode 100644
index 0000000..79f8177
--- /dev/null
+++ b/cluster/secrets/cipher/etcd-root.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQf9GqHp0zDIies2nIB32Fl5TjQO8uusD0m/h0dRkz+5Su61
+zbOU25uSxmXt4Io+eCOZx+jV5N6YZF9ejWc5/faCrsllLopEL81mfuIe+T79rcL9
+FxGvYKCJHWYUP6iVuDTRlo4wMb9GUQhKik8Dz/eCGP7FBaRaFcoqT6/ws97K0MBB
+dWTdX/qH6Cwc08Y+PnVTeEB0skW0Drme7zNbAclOBsUrn8EBjQ1iL9YTXE7UF/tv
+SVzg8y1vBedHdLukJgG+xGRC/+FKLNyGz0z9JpWWdOuYs7KSWlUKRrXy2XoCkHxf
+TViITCOqFJteHAz47ebJmpcn62OLPt8d5R1WozK8a4UBDANcG2tp6fXqvgEH+QE1
+uoyqX5JZXy5EFK12aAgf8LOL9y/NLr88T+DfLO0IaRAs+weSbejpwy0lTNHw3VBD
+e6HazEiHQ+IXAjStidai2wXmAi5qXCRvPz1um0py+Gwv1+8zm8HRH/VVZIyjuifp
+Gh3Yahx3+pJMKSPHFZUXzo/FmpwnZ09Oo7aU/v6SooKEX87AKBzI1BOAwJLvLu1u
+pd6xkWvULRgEJQjHUennMdFoEmhk0bPEd3/O2OuOCziJ0PFbmmWZqzS4QXsqq5Dz
+SChprhPUP077NwmNjBphMPoZ1ZTLeNrRw9A0s61HByIaB9nTBRDfjsua9asj1pwh
+VyGoZ2zbinXfIPlgizGFAgwDodoT8VqRl4UBD/4/IS6yz5g4CsT5uTvGIoQ1IO0o
+7ouquQxovD/1eW9FP13PSVfYjqbftGYnTPmTH/dfly75Zujz1vapnSwHY3SuFoKH
+L8aZWyqbmVfHtauRhu+mw4Z74YNxm6X1/ao4VhbwUP+KgeSsVFZbwprwnZlZrFpt
+vf29MQl07SQ8WN47tDzzlA8BgwK/c/aW032+qQCIDvHd17Pdu01vylOUWpGEJ4R/
+zh+peDgKPSJ6KRBYHQZvMejk3juRPoL14HwGtvVX5+xDRWhEOLrtO/hACgU7UNT6
+t5JAC+v0o0QuIGTJe7dnDaIeuy97OnLIhf6NfTZY/uSyoTG0ILyChOVMO6fQh4ma
+/H7qw9y+11LllTHjbGDMftDm6C4WpMhlOZ9qlBmCTMiVFL5sLjkGg/DPSY+gz4mi
+2mx/2vn0q9Nyf+PixKW9xPZfneTR8Iw+7wjFjspKqPpwv/UfFIf1awwTxBXQVehp
+kKUQTmnbdyB7ATcLjLeMGK+DAvehv3mDENxlvz/BwkW6ebrzA8805eygOn55R4XX
+ouQ60pwX+usPwtesiPJRYqdbR4pvIFRZvZLWNX+nwrVbVYeWXYI3x6gr51yc0tBB
+KitsD20XnWzNfk7cuqId1Ne4+RjADZOPjCmVuYWXG290r+IYmAFuswgQESuywI6j
+7NRAHbOYydRF/8Lx49LrAeP0VwZe02eWNW1Mbo2dI31fbyS/GpkDpBXwGb3wKSjp
+CmG9QxYklfIIPpH6F3QpRmwR5NAsL582jmWNXEVX+tN+lx9p81yB2dns/xHk+N/6
+we9mYYlQtTE49o6+mPWURS1oY90eU9Z4HsgsZRM8VuJhTF5plOMvKVlRgoCfiCLp
+71MGSSP0rZCe53QclYcl5byHhVAL4UdvHeeJXDD0n+GyIv/yYYixUq+DhluPo/Cb
+iCsdzLJTwI9WG4yaPXtf15QWI9L4cnUHBEYPLBJexJltZtLbtnIJdUxRXKCHpkJ8
+aPzvsgMdEuhmK0xX/ANhYrtV68K1VIdX7GppCY8S7l3j+YjIOeKLo6sQ1w5tHJA2
+BUcZDD6/BKsJfTwpiiK8s3L5V6ve9B70HikKUYjclGDKwhayzQ64wc1o00+FoQUq
+YJ4qhyljxCcH01fssqAhcyrAllVdsXAaOB64Clmf0+WwMtlMnzguy6LZqNO0+AI7
+09Y6Mh6z91x6ODWj9QpasQae1Bub75nHVexZiClKFsaG0xcUfTxG/zG+UaXFndeV
+6wz27PCwLo/AqWUkWwoYqIWj/Ver5Ib2HoO6XyCAdBjOE1fE6DhhmmaEMZxoSZ0B
+C3Yg01eqKkEpasTMOvHq06wm3+yBfzHjgGgJPjIptJ5KfA1M/+qNkNJMuJDYYGp0
+MVVp/1d6rO3qBVTJEIrPka969X1eWOd+1KGqZXnvKeZB1dRL8kE0U3lNmC/3+JAf
+9Slr262LuBRd/5It397Ivs6ZMXbESFn9xzvZhK0tqLT7YkderEKc/Gk4M570BkKu
+dIUXHMjofEfOVoOOD8Iw4lyJ3XuU+quWV9PGlyj08F05IgfnJF2yDqCOozFGZyUm
++P16uWy7w+1W7KYH7sjWt/uBZoA6+Kf4/u3aiSmcrJ02P0NPbz8TfrFiaNubSrSm
+L8CUzx/HZ/L17gxjoprpjNdW6z0/L7QjJ5Bp1oSES24h7/XX9YknDq7/SKSYrCKS
+ZGXcnpJ/jWF/rc3iUGnhMNVk/jLJYzLrdcRges/Znjn6EWr52FOtDd4axViOMP55
+1xeoZEo09wkvHfyBTCN8ueWezOJ1yLhWPvgbfKLKUzJJSDFxcWAvUXzfxdhqTKzS
+pIzEXBZQhpMMLv7PhBeLM/N9ltk7SqGh7uMz5M0IFaFEr5Dtmw0b5++L5hDMhVEI
+84Um6ZDkDbcQ9+4sZGlL5Q1oMd9P6bMgOfk73UMa9M6vn8Oo5isnW2mwssaEqEBk
+nAqoj25NTCcwEaZLR57eM11Jy6Hw4qM6lQOtKkXDLJzb3BkGucJUpyVIXLcFvb/x
+bEUkBLxSbTq8Iu/09ivwVJMoj/GCZc2KipEVRHaqxjgKuczSLjQc/XWUR48RDEGz
+DIoa69S/aLn8aqE4/iMfF7wh3OnJ4dcZ4yJLaI5WTwhwLgcQY2icchr/CFstCXsp
+TnnxCs1rPGXjJ/jeA1s6oxzfimajduQcFS/JowOGUo4MbwqS6ytJc/GOMQFIjP/e
+WKEoZGp8qeLBFPFMjUyRn8eJbd1SmTZb4/0Zgj58+BXEnt2VzwjafuCuetQ4z0jX
+pEbcn5Wi1QG935drTzioz+byHtsQeKHsmE4SssJH8LCu20a0XxK5HPI/hXWMJp6/
+Cd2ThY9ZasUGTIIR35NvhQ8EbAHi6uv4zDGmTUq6dQBq3toXQQQkk7XBvAKM+8I3
+mSAcTsczSwQEW0erDLbP8ya1nR389Ia/Lsu5IYo5fqG5OQzcfFHcoI234huJb+PW
+fQd9UiyfxulVPz5cDTCS/0worQsb1SyJotnH1pV5h8WVeZ0EH+v6Fv2KPzZRzRWP
+KNyzi630U2UFfEsHy3+MJOwxbkZm+TCt3rXNcJuMC7Ml/b+LRltj/68rKxjce68Q
+zVGY2N+XLX+kD5c4hE88B3cNt6oXFQQqJqd/F0KKR23zr/GYYQrz4WXp7ZklydNS
+2I6IHv8LlOqRFFVPqMK/lQCJZUr0lIEnH7Ym1PbL+OJ/J+sWANVdAZHvEZQ4G99B
+F/pNkLQ/M9Yutg68fNC5ONKC2ZrwCmIyt7fYIhywu617aNrgji80yk8e46lXSAfw
+RH+buuYWO9LMYxuTtFmdGshrCnVe7ZkuKTarRM6kq4xPi+QamFL3n6HlLQeZoQea
+9ST3tjrLYXwXHDlWY6cPeKcry8Gia3b235+bl2w1P2ceFPq121S0/4w2heSPE3Q2
+dN7IA57mHuUykzYcepXUehG8QTxXNR0VIeimoImRg4/QG0JjMQl8X6Nk4WWaIHXQ
+TAFse0JiS1c/6mIiX7MhQWZDqe1oJCBlSJLSL5JBvyY1SjDvVF/dbzuUrAce3uE4
+11gKVcfb9Rv3t0M30qCqLKNG1Igfu/26NlKJfDaf7gZKWWRLz3AluImDWIq4wgUw
+30UAngxSE2BZZvKjtIeXaqbAk/mrdUdQsSB6Eyfgky065v0MfTAH1rufJgLgVA7V
+ePwcfrdvzIH8h9vsFRJ377y8Qx/HiBy+slX+RR02RRqPUnKFfm5duCuTEW9O2glL
+9x9GG1noW8nfzV8L7OLCoHGlGRxuKtQ64S74VUvlDkqhbd/dMA99ShkqPCOI5kOW
+ajjQc+Z53JVSrSnYQHSFE+SckXirTVTwwcICbEttMmaUpqIELu07ecWUtuYLs4ir
+Q7LDnpzURb9ljqHbYwq/dUHitx37vpZucCBnZ6JjHtg3cffjH79EVXX9lAihEyLB
+NKcRTFa+za0nBA4C/mzZfip3p4wQlOY6Zr3/RLBIC1sblQ0huKBkabM3pUJJrbnh
+X2+mmPn2bTeQQiOt+G2WVAbNvmKswDQNADfMockWa3NWKEX/pUhwTi33Q6JTbKJQ
+aJpn+z4gNkHIevlKwsV3vqTTYN2w6UlSzK8vzD5gylT67/BByWErquFcVGCVNTVT
+SywM8hQYMqIaZ5nDQW+ssptnp0sYrTRRbcCeeef7GMle27jI32d3Fu8xrcbxzKSW
+O+lWMx573IpEJC33AuuQBorwpdeJXrm6ovyGRJNGWQb7cdu4ZwVJ1uXUjG2IRqLq
+iNyIG/cD8A1abO8Rb3CcvCYg3dm81/ehxPJDzejjtpA9klY3599Muq6dlkx7jT/G
+qPJQoMrA/pOQ/rMxLD3QrH82Ak4fWbjBKUQDYAhvao5lVdmpr9/Fpp7iRz1Cv3oL
+DXTscN/nrZtPPmPbiZF9DLPco6mnKzlyPxicMDrsRCU0yId/+eRJxpw9EDbF8kCA
+I0rl7u48wT+mLFYcroPk0y/LFMEpJz6FEGzVzlHNOP6LIbipH+rirofNOt3jO3ac
+ZTmgmT4x175y3J8aFwg6Gi5cnA/r5iHTgu6h0zSlf8OqlG1eb3Pd9KZiHtmqyqN1
+0djr2HS0CwAnAdgPCG+5HXH1wgfn
+=HE/y
+-----END PGP MESSAGE-----