*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/kube-kubelet-bc01n01.hswaw.net.key b/cluster/secrets/cipher/kube-kubelet-bc01n01.hswaw.net.key
new file mode 100644
index 0000000..7accfbb
--- /dev/null
+++ b/cluster/secrets/cipher/kube-kubelet-bc01n01.hswaw.net.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAhFwqduPGoy7vIhLJPtapcecn/09wfWXYUxeujnsre3Pj
+uihYPEHXjRuR1ld/B++7AT4uvMospQ7E4XZHWP9cgClDQOOqnz8x4Vl2rsKdQf5Y
+8Imj9Y1ZMjC72s1pr7bAVZKWwx4AY7oCe04iphSmTUDRH5wTjuU6oR0AMdYmdbwp
+SQZH8FAoY+LdEZ1KhknIVQgl5gO0eJxjn1ZDL6FjqpeY/OprnRAo3iJIc8KSNLBQ
+HNz/N/j+3LAljbIbQxtoUeHDGrw9tF2WQNzvzPRAOjUc5dJp+bn2lqk2Bn1nRl49
+fI66WdaBMeoQIr4fEJYrNITvlQcFxfLjPSrB+OoixYUBDANcG2tp6fXqvgEH/AqI
+bXeHbnF0L52iOJGuUJvGZnfNZKmIreMJ2CJYpWOuUJpMCT76l9fZjQZ56vhKGgYp
+Dn7QSF7Ww7vZcUT20fBj5NC4pS5cIFKq2tTBGNsONBiONIwwAsItB2GhklDdN3gV
+UrHviR1BDpw7xzgMYoCpNI2M2dvRHJMQoRBhdGLt9lXLO1JG3bg6Jt9gyVyK1mDo
+65k87wDsDU5kcwDuZb52FzmkL7T85OZPnWkwE0Xj79Y0d31zjL27JyP4JJZQLU2a
+1Hunx1plS8LV58tEddvNZuE4pRsX24Anb+7GXEr85x47IOhJVDe31+QLL5MN2F8l
+DYaO+OUR0UeW7Z9jZCmFAgwDodoT8VqRl4UBEACJzqTi1mMB7W2SXXIDCsxdujSD
+bOWiQN+PoQSvx/UdkRT5Th2vcUHQwN+ZQlMUpOYbeloWSFLOF2dfQQiCm8jKE2vW
+K8LSuNaM6BB6j+U6SFCxBS9Cu2y+GkWFo9KHSX6IfUSTSldQGq8BvqkM9SAoUFGA
+H5+b+m9VjPmEN3X+ZlUo7Za3NCs/H8WiIziKP3tPuWSF16t2PQf0DtrHySLtsRFQ
+fJAwnQmPmP4+QgCpJl0dvmk7SI+ehyeaaAFvsF3focCVZOHFAReM1TxIPcUUaA8f
+Ki87YTdO+20Aqmc9uRjpS9+ijsfDO6sQIq5fqStA3sgTC9XA9jDAComCmdrieWZG
+KOT5UxQnuU78SXCdaUNXNHOu+H8zQDm2TY6NbisPCl686d4VnY5aq5idDoNm5Jon
+BnlitZKXHPCb8fydzvTQGDn13lrDzAo4DWUHNVkkZT+62iUJ3G3NTHQLm4lWA5ya
+IHaoS/iadSin+hSSh3WCihbGdYnaFoR7CRN2K6fj0/q3oeKO0PA5qfO57mLNanV+
+yO2zixF95LopXrtYO7KHZv5E+5VLjmYyiGCoewA5HkN8HBi1PFy5C4NKAZYZoMPK
+lbBZkGnF59JNa+N+xlYJ4vt8xhVK5w8nj7hTHkUtM/XRGM3Mb+YAauHwMK/GCDO+
+t00R1dvmc7rl8ysxVdLrAZw/E0Q+sEbxDflDXEFSYvGZv7sYzLFhQDR948t6HT53
+2J7cyB/2RN8G17ivjnvcsCkiEOyCT94+bQ0Fdprp0Unn9y5vGlbLRo90kJ/g36fD
+qm6wPnTbKXnIFhPnOnL0U6XTbRM2V/QUw/16OLmSO4g/7Jn+6aucxnqcnVPcOQ6B
+Vbe89rsyPdPGByubdcUZZn3uxDykjLn9nquARkoAsJIkZqxKabB1uxrE3/OWP+89
+iX9bXNC/SljvI2kx6nygRg/18i+oKDV3Yx0qaKfWdlKFX9kLyWhtI6Aqf8dYuipB
+MrEgmlH+p3Gk1zyVudEpCHYURgUb/bPMlDhOQiiuOuc6Da4CC5gV/dVdq7pJ0vBr
++a3m7gLQK82qoyYfxfzCZJRyTHYBKLOXQ3GMNg9K5nb9GarrmwwJ4w8d48GSTJKl
+B/NmnLujfpE3x8iyv1HMNTGQYClyzCh6BnuvV2TLeFUjprYFNzwXOWvnWYcrNeWt
+ewBKM7+0YDhN/E92NnsMv55v/02/T29biBv9GolfYU1Bcfpu9rOOojoNu5l3+YY8
+UAbG87FxNHWIsgiVM0IRQ7AATbu8cPnpzV+bMVq2S49gjEX9rCjhp7OwD7ZWIcFt
+Y79ZDEIrDEom8UQruCNjUfKJpSFfAe6c1EMEZayN3G/0F/T6VrPz3ECVKcMvFqMt
+QGdBKvsJ81DrCxcI64rAu20Dszj7XMbOJ1EtQ2mkI3TDSMCQKUz0iLbGueWGi+kW
+CtuTtrRiWmbnle92EHC9Tub5uH9FewKc+odFvNSlu/kHdSYG2P8ok/30uTuGiIKq
+c9oZ9lmifeJiFuaxRpeRXA95BuT4Adpyh1wHTp3c7Qhxv+wCmoQmni4tXTPUIERf
+2LyHpxp3snugtEVP/JI995YOJfH/VZ1Eft2pxCYfdHJXA495Rwjsye6Zu8AYj3pV
+oZSK43/hhidAhLGNgH7Bl4e4a3Mc5o2rwcTtL4YLF+sWLLe8rb4To7iOv3EDb1iK
+jg3Pndizg7lfxdI2TwFsDe4bekG1gzarjJc9sGSPaAbgBmqZudPA6sRMXXpe9phJ
+5bDQyhsh1Yo8lzfvFvSTCoV8Di0l/Q45W/pT8e2qB13z/vRQ0FBu5iq9cvY9uxGX
+sFvEvadcZ2SW0DGW05jJWMtorim7fLKLcV+6K0wnORA0618xkQJPlKQJ8PdYUAF3
+wuDiZZYsosxTX0j/JEBJBtreRrHhzQGWQydjG13a0oNFNV81Wt5Qyy7Yn9UBg0gp
+xpuKkFZJpBfwWaUE1kbWafZAfYnLDt4wzpwYxgwsPvlChWMERyG5P32NnzaCX8xh
+zRgOhJqfYYjNjhvKCr72XH94AYZE6vRcA/8JdAlSau4cUe8mXjjCM5OqFRtMlPxH
+H4tdojMZpWAyK0SP4sFTBHQaWu/QCzdrKddJfeQ65emappBndkBFbDRMw05VDP3v
+LpVvVPXc6zgL6jgsjqt/cmIHPmsjb5yB7Qeq6IXnYW9rsv3EfIIYj02Z3tCi6ZVF
+bnL1sRGmbXdX2OrJMDmRbgSWhHgbGBQLIw1AxvwxgVeF5LRfDWTgMKoB2531OVqa
+9UAglYB9pp7oOu/BE4ez9xa6p0hH7fFMMo30lI99V9/cEW95dcHOH3hDSfAx5RDD
+PaGSAdNJsVDpS5qK5TejaM71O5CTKNbR+swEQtlQIwW9ZH8PMU+eUrrPvBnx59Ro
+Cu59lDMeMHZEKDdmhIwtKY2CY0WUXE2j/4Acy7Id/Sj+ifgOHANuA2IE8m4u0ddg
+gkqVrf0iX03tgZ+UIyVc8bY1c0jXc0FzamD6Y61U10gx1Chs2wsDbbT086mBH1Vz
+85HXRaP9rBD2rMVi+IM4kSvo8OD2Pdu23xmED9NUgcAz1cCJWnXYIbmCSmYo3GaU
+ttIbXDjc+pkNRV/xrSsgnLEJcDVkfQlAEn7dgfJlXf2Zxwh0Ms5PU+CyCGMzIxUl
+iDBnqnkxyBR/eybXjZVy437Q6r5ju54FLyseP0s2INtvNJ/DwP/BgLh5oOeZLAXV
+tZq+gn84jRLiJHcaHM5jbtLgAQaDRQqifVtxLmEUsc5AVGa9QZB5TMGUSjMfaw+d
+jUpg793qhMxME7fMMk6iD7vfPsvkkwNaqwJBI57pTulIiz+BYWcIWvD6CWbj+UTI
+H/GL13BP4FTYNcP27ww1BRhGh9vcQlAN6f3iB+xJeC0bYic163pILX9r4aZpToy6
+hGOXzP9JL6WtNIYapSn90sjc0fNRb0bhPvcManPmw97CZHPIp3zyJIm1bx/+GGQQ
+ZxZDmNm6ym8xnVhnniiuG/rtrd2qANVvsyTeU6MwNzTvJiig8LDRTvnVzxIjRz+c
+lvjlXiNOVLSejo1UBdiCkzZS9z89hImcDhNngf+7Ah1GiRj3Z9WsnCo7FU1f9S0M
+K0Yz5lHzbuE7f0dXrmenl9dlkQXXEGlu+SQDlCAiYHmrd+cMJmIljpZEFTPK38wm
+VUYVRGeja1CiYYcpl4rClUuk0oGSMnpOwKUrKIMS0vkircxraLwa+2DTxU9kioa1
+0EBSqtdTR20QuAbWSH3P8/Az6vHHpBCLYtFMUuMNo6hMqNTwpf6zLoysMojJaf0f
+y7PlbhyLlPKK80nT5JTsFJBWXgFrlpEZBt4w4FwLk0UvemwSm326XMOQ7pPBDey1
+7SaaA+tkbsJkgSuDjFDP1VjNcHOJ6RgPEv99R3EgzKef3samLpXnHLdGFmVCUwzp
+UTWGroyJ9VXK+KRZC8oAIru7JL92XUFnJ59FYQpmOYeDbLMzb0fb24MJ1IIzdXZX
+xe0eGERmnzJeBnUd9JNk4HwOSSI5s4LshBVjssOtw+DPfeS/T0li3XnPM2yztb1h
++A1QinQX8LNdk6bRLrLjaSYI9qPQVpGbo4lnAlwCFYq98uQERkezAisx8OcVcI+q
+BW/aGdPcXLAkzFE+zaeboFCO8BGHnL7XYcbr9G+QvhmX+MyGXAMf0hvNbHXv6GgW
+XLdY0QAdHLcMQynYeAsS+Tc27FGaZWtGoF+v8DPSoNLj7dOXylycN1iYA8ic+PQ3
+pSQOVXJty24dpdqOIaggdClJEC7P1XU1dg7wGrLqD5OLoXLoFNdlF/QFb8X3NC5r
+kQaMR+aq2K1LknTWKv5PkHOs6BPDMlfbrIPnIq0+VnwrcWweM2zj2+i3yPGh5KkA
+lsC72F+bS/RWU4pAUtAtNyHoQAOEMEYh9se4W9a5/aZ1PEaLaOL3XVXxeP3SG4wr
+yTtmCTwhQDsrE2p54nphKj+LLqmogLkM2Q+hVddHtwTcpcmLA51qicw0IpILi+p7
+mHuwrKTBaFi9NE+LvfsGrkcOddRxmyU5cRYODAN3PUZt/TpWMOX4wqd8eFLldaMp
+zK3+ZlMXFURUfAn8GJ4RXmC71xHE1Us23ikdazYUiVULxlSaM0ubGx+tW8Q=
+=XNNR
+-----END PGP MESSAGE-----