*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/kube-controllermanager.key b/cluster/secrets/cipher/kube-controllermanager.key
new file mode 100644
index 0000000..737a9ee
--- /dev/null
+++ b/cluster/secrets/cipher/kube-controllermanager.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAp9Ma4QDGAPKzAxsYIQGBayp6ggsWHJZZWo6XfpK0FlW6
+SCIcJSl4qDEoxGVA10YppcrFC0avdVz2DZuYHJV4q6WBhriD1+ToizrTQ3XHJ4co
+LVuDaXumqPo1KtOTVQ8ex8U1PgJCO7xq24xgU2goWxkH2lpAtSP5NUVjZxRkUttS
+2PPaK6DAS0UR6gIKF5FhprVoEbUU3I6dM3QAK008hdiJjxVdZndGu2K/lM/b08Qg
+KEj+7tTpIRmR/FdPAlyWPGG4ZTHO7RyEBQn3yBQKUtkW4+SPgzUoBuxzH6nv7ZO4
+LsRAxRGeyd7GvL6KJA1CCz00Hs1E3wqpjl3afN20N4UBDANcG2tp6fXqvgEIALKN
+nS47Q+STN+gLwbXmFrQFNEH47CYwuqkhzuTS25vq12j+h4iSQsNZRQvQ4UsoGuvj
+moFW2ae3t4wPQ6kwwLySECNipvGeEKqG/Gh/eJoJTgHBw2odprLnBEZ9wPUVXN1o
+ZYkfB9SrgfjkCGDVhj3YF2s1leHv17TzHuzAc/JR8RefS9kI84VdOOPbEEALMj1h
++HdmDmR751cCqz4hz+xjFaFl1ZOezL9j7TdA4weVjuEAikThJTAv9qcofQndAU+y
+6wNqks5G2FSKrwA5vn6V6h5IupUlQxoILbT1uGsI39x14gUK5CZS5QVgP9PtR5th
+prtxT6OFO27gC4NMQkSFAgwDodoT8VqRl4UBD/9o2CKmGnMy5YJM2Re/cHtA0WYr
+6gPzVgTX0p7XHFHOU+nq6wYQq8BxdAeXg/YGnaacY7hu02mWKdSPWc7K9O0YMCzk
+4YBeFSZhlSmq6HSCd1LVkSQX65b970n0ml0PPDjP0Ud5uCajsVGM4XBgwonMrOd9
+ToGF8k5YwCcF7vNvphlS3hJi+YvIUh2YGTYbl/fuHP6UFKnnnv1UEwnqhU43LWCa
+qkvymrf6KOlJRpdYEeM3NeAtbKHNLEoLeRf6wrVSlzHtvht5ylGsztYPiIXqLdK5
+Q206LjlK+F3SE+Hi75vA1F3xsexEb9ik1qZt21G6UqGrsqWuSFeTHAlBS6XyQiBc
+VepcSWyne0/n6vU5slaaXGhCqbxfQ+hEtLeGh6rqjgno/9AM2xA33Y7d8Cy72BrZ
+SVQgOQkXWZjsxfS8J+FxAtlG1nIE/q2DbIctrqq77+SC+pOjVzvY4NgjlxVLxraU
+vZYAvdtF7rPznv7P3Tc4FBB0SoVFPetNwViK0dTgkGjaFrNJa/aRnGEB/wmNjwnY
+61R701HmK9mkuoaBqkk5V78MtOGd9ufv/ZUncM1gW3++xpKhvdFRcJH2z0+4zYtK
+6RdNLSOWU0FzHLth7wYPVUVEtTVw1+O57+rDoSfTKKdHrXj0sWumTFDDtCLed4DQ
+ZijAq4ZIiore6KN7cdLrATfQjUQbo0eo9ZkqmVD2pD0pXtA7AyF5qW+Vv40pHm/t
+LjkL89AZPstR0klJPLtmdnARKAOZP/xypRzSdlAaU8nIaFAARBf4wh0CEu6yOMl/
+RnTwIWpqXpOvP+8lSNHEI/VTWvcqVYA9tDAU0N2P8UjK8ly90/FihfRkCqu4R7XU
+JKDqwt6xqKLLLtII3vrScSK1isJTNd3UpaVPSyHgnTVtm3zB91LKkE2vTqgykeBU
+Fn7CC1t0qdgQ2ARUaPVCfA2ktjsjfrKeU5R7blxNVE8T42dUzMZzGrK8kDZ/FEHS
+hoIK6nuF88p9nR1aisVPerupuLawNOpQIB8XpsFZcNFw0QfP0uA4ljnkQ7DvIhZD
++u0qR41n2LHsY318p5LVzAOrV9OGhtSb+feQSqxbqCKG1dCYtGTcQce8MSMdnK7S
+X4BhZgCA3cXMtHNXHuweHwg5Pbja+gGhT02Zqx79DTO4IYPgVZKBT2ao9COsjU0A
+YNljDU0Bdphto75zoneBmmWX6MHer3/sx484txb5QTCBDeEMdxt4GLhHvoB2tMxf
+vmb4R3Bv4Y4ut8Pc6N194mMJAqlkaSVa9dQFGCGmjJgSBVlq59tLWXv8xAyzzRrl
+S4rK50i3zmHk2/H3g+Oa4+pe47uGlE3PEZZUdb+rutbc/NDm1i6cxSpR7lYd8ExZ
+e4w1A/kqpKKhZbqDmmVylyTgPP3hob3KDxH2i0bv+8pOLXQhtNV4IK272a/rQRr7
+rwnus2p5vztr4B0RbsUaKjoovFxrwJ+RpKj8SCVCxs07T2mPFqI+wg4qBxvwmKEr
+wUPTAsval1OZSWQlzHIWJfy9z/m8VYl1VcGZDK0iiH7pS24wB2T7RCu/xwZbQvY3
+hLLKwQx/mENouTKN1YBCjOAPqg9hgK466wNAVLycwUAtEYcJqFw4Ncn2itAfy0vr
+Cz2wc9Wkds1fpFgSTtexRLENktSCwNdPWq0h2Keb4Z9GiBkgt/dZD5JocGnhGeYj
+BRA6QiR3RMq3WTs0oCJ9tE5tFiPawS6LgcDO4LNc0ANtybicz14RSKo5ZVgcrwpv
+AwX8MUeHnSeQjeFrGIyxVfXXSzZD6SOvsnfOR10uf7I+NY+IwQ1k3t46BnoZI+AN
+16gGeNn3tPti4vIt+j8TVFO1AoQ/5m6SKflZB8qTnHs11Y5femP8esHUnGxWpeDw
+0LOwyBK5fCtDBlbkxQLxaJ8U1c1o3vErCTC6gv+PMooUz2/CDMH3Kj0iKAfebHPl
+p+XlFno+uRtlvbl+j2er1XVraoo358rwmh6Gm3DWzgdwx8UK/lWb+RyYyNWgnmOW
+INhJcqOjThOxTZeKUGBU4wUNqtK1Bx2mJcsLXn7gnPuhDB2jWETaMdvi0HmorbbZ
++dTGxLyHcC5jpArkL0oADj18M1AdA+4upV4iOAyesbTKXza+eTuJamoBMFmjOUCj
+1jRx3FsZZPDLpIGqZo2JysPCQbEXTTW3rovdqaLCwYhChZx1yK39vZy56mh4Bb+0
+YpR0pF5zQB3Ky83YExY88/FsRO6wSg2xQG9bGHFPDDQkSkXPQQUUm9u9tH3jJqqw
+nZxsZQzKZM7IlYkDz0OOHazljoEvMXYW3wBozm5ajSRoI+rpVJ11MPudF8XehoWV
+TBSufF66GEUDV3xFinGtx5vwKU7ZJedS6KV/T5xspn6tfEwFKkt3pcCeOSnG2U88
+66uu8/d7TWQ2zRb1YYNmcFYWEacidBpFa/WfRDH3EMo2SeFzL48zXVoK1wQ+DtWh
+Y0A4H36nOKBfP9atMpzmtD4L7yTjftTPf02y46jkDfCkUxhVbIvpCCrJbT5iTdaO
+ubD3c46AZdbjNfy9lsH+C+ReZlnwAjJTQrnvk1rDAwXH3Au4VkErbx6bQprdlebN
+On9tbF2BN0GRl1Oh064yQ4rw6SetWG4kep9K+q9eO/3x1naKJobuQPOwr9uN7aub
+u9VI3bJOCfsqCE6IW7h830+ruEzj7PocbDo3Eqh81oYJxJPj6LTyamJbKU6oZz4/
+GcvovRHVuCGVvMw1JEKLhT3IHBvQPHVEGOyQaT/i5qn3XB+lpTI7pVer688nZGeh
+UmyH1vQ74ZsS9XtQu5sBSY3pQ+gPylTxT0bm7rggIeXLRM2qBvuSMHGIoR+En7bL
+Wix2erGry7iJ5zUH5loNLsHE2kA3NSAWsU4B5OdtWColG+FvEpAE5fuB53aNpE2S
+V5VSPRvFJiXyuNujxN5VGlDoOUO5rLQzb6y06ojPVeuShAUfRJi3VHPsvlNja8DR
+QWO0nmBypF5ydQE0cIcBqNqk7Yf6DIwBZKXecyIoI8vZqWjAEuQ/iicQtwaeQltP
+BdVxbtpBFomNsBuPZmJGiNOON82Cb1GXwMV85BIqWE2ZPatpxqmq7xrkbE4Vx7NB
+2PnVAJ8UvQwUvOT5WYUSWmQ1PP238COb3owuRG6dMouPh5ap7MGrbGpBKDGQEq2r
+C31hiZgP+5QMKj2pQSFCJYEp5cnANJmTpcpiMWQpKP1D10XkXKGaJIGPBsNEp49r
+6DaAXNyD9Avyzxna/9fXTHQjNOGVS1dgW/Be4Bevkv4cdzSvhRUgH6CCH2Wo7Z7x
++GqBIyqMylu7wxOK1TMXazRcBhh/jveHZX5/dKmaJnmQptxVEI8vLBd0RlHvNT2+
+oz95O6o6YXB9on+C40pcLYbFFiHo7T87wCBNwWgyaayZNWDWuK4U9CaV/U85Tevp
+fMSvXT7WOcvwY2QdBUqbAhSmQJCiMAshxt/RrujWyLUW5iymHlWTTqB3XZ9dRi9J
+lJXGdaewqtHQ3Yp992Q6TkBtkDaTEYuPPUNw3zzFXdKzgEzjPqzTiV+kUQb+QEZi
+Czy2ezCIRjbBFEIS6n9E64zGtqA+rZ5iG5hH+aCaCf9NcuuEhMydJZY0Uve6SwpU
+nZlvWHjJnlVKO48JT4BGscqizT15J0jdGo4iVC03ZbVY7gu6bsCtr705g1wzSGuA
+eUyHzgvhWV8uuHVed+FE8dZ9v3CYOfK4HCLWD0Pktawr+7eZ9q+CPYwByWaPpVhi
+noXPFPmNpQ/SpcCbknhBxEDwzcIKhiPgX/0b5ybnjue7zRLSRlg5xLftURR27/o5
+M9jelXdX8AgxJAQXVO1xvRKNN0OltoZqfsJe5STP5AtNm5fsrNS913NrdO9zNhzg
+ApwLSTZVbj3LcIvjKjIylphaLdo6naayVrKz8JDIBgPrxVaWNuY+yG7f27VzXM2M
+M8Fu8Yewvrty/N6MHsP7qEK6hQCS7KxXnKbRRSTx4isLnk1RvM2Or0CtGG5Sz5Lw
+ZGkbSkTM3OS4eszF2HWACPXLBeQE6T+4CKETpZBagXfJ46haII4gkEhPUTkQAdER
+z5A9iB05/KJIhjVVL8iVLJA8+XQ8ZtgD2toMfgWPQHUGTMyqEzRu
+=Rf+Q
+-----END PGP MESSAGE-----