*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/kube-kubelet-bc01n03.hswaw.net.key b/cluster/secrets/cipher/kube-kubelet-bc01n03.hswaw.net.key
new file mode 100644
index 0000000..6375f2a
--- /dev/null
+++ b/cluster/secrets/cipher/kube-kubelet-bc01n03.hswaw.net.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAhOF+ajKn3GA2JVJTuEWZrKig0LPaO1nnsTWLn1bp1Fmz
+OYdbFe2YiOStNNs03SfcFnoeRN+N8iOdWNyWHbSm0VlkcX8ihMZdM/sv+LLNhytD
+qi/ByfTxbliPumHMWXE5jAQtrC64aK1YXRszR0RBQul0DhdlKMMme5O5HBH7ezX3
+STfo58zcXAtyY1XnNdoWMXKGXtf3XPTEoQV1AuZ4N7e9sKBdrbbos2lDPAf/isJ/
+nUnTTXKFB1hF3O+iI7TxHF62gJpAGezG2iQpgzZTVKWDZ8QrC4ki9S885vCOuJEq
+BjBJCRDAH4JQvGVCVUy+BQmFl+njG+buye/oAA+tXoUBDANcG2tp6fXqvgEH/0Ag
+8qbB1A2qJ0VNrngfux2WtbD/PJfcl0oB0hIdcbdraJsvSDElXiLrQZgWgesLwfP/
+9FilHXKnSbtob3je9VAu4MjaLExXjODsg0Kze1NP7KYlnPbi9upypIZC+Vkxqfci
+sHNhmuZyykvNaKx5rWlnQbMaSj7ROaCYQUsnBGpXoXo/2pnS4ZrCkvUbDU9dgg7A
+3B9NFPeCtSczUOzGGeWlociG7/KzfrtSdMQkuNKTYjCTvMjLR3HF6qz/f0R4ZMsD
+KsJjWa+jZMY/HpMK8CBQl6RI6ekI4yI9d+Y1ULLrP5YwE1HcSfvwkn0pQWlRo8QD
+1S1t+EK+yk92p/yUpeaFAgwDodoT8VqRl4UBD/9ITEK0ETwLC00wkE2oSv3A9KQN
+PGo+7ghhLXW2iBaRuKF+q8kcEz1zLU7YzajAT73iLnAbZBWwNu6FU289KKrMZCOc
+8ENKPsg6/we0ha4HVDyVXch7gNhZV6hlnertLBZBu8VOdd478E8IDNmgDVKOzYrk
+VAJRjXu2kstANnFAWhtdYtV4z5KgP2dN+1cshV8/trisHOPO19ALNqxr8JKgLP66
+S0bVZpkS9HJLIPBgCrqoCO8Lnh8IU5qEpcKhgxIVkupZqA4VznCgZX6NwHKdnSkz
+2azb0faKSNZCX5R+n+H04VTziwLlZU/eHI+yojtWSAsN5fZAlcvwDmYaFeGXnUsn
+99GhDRRm460Wm1dEeZu6bY0Hk8AfDYB5EoiC4HZ1a2r3SlpZvMuvyMiadS75lrwv
+XiOJ3QjW0S3pwO0hTDjI545Ga0E19vvP5lfFPsEf34TTYggS0DV6+t7aHlepkhUC
+jU1IPXFt1ID1HgOVI3jVc/v81yHbjOcG9kmlKI2pi/V+yRsFhMhHy4a6o9UsN186
+S+wt+yqqY3bNvi8+Q/kc3lyzXzRgSRcCEdz2MAWckVtiTlD59qKHdPUnCH/x3q2f
+dzr3ZJmwwJzgakPbjw2BR+g7IWwznnON0dS1WlERhlI5RIRgeLoYrImKirWVltcN
+eCZoRfwY0Tst1wNzY9LrAfg5HX0vJ1jamez7ME0a4M8erMo/nwtPsPSoyKeCeuyA
+tJxFXzgCrRDvs+l4iaH0nPguGN2xcd877EHv0HHLvHkJhfa9s+N8E71xW7CtqEPV
+e3Kctzo3jhHIRySohO2U1DlM2sS6aK47J/t+s5gepC7w3lYJHwAA8svjOIyz3ocz
+YVFPYbJRC0e2KrjssO1XX6lMBZOzQNMSD75h3GGcRf+vr/3Xzu5eegEKmTLqRYFU
+IQPPebdz4/8miZFQ1q2grigUZiQnylMLKxg5wqRvvwealHSb/CVAwQCjCq19OiTt
+7vvYzlWXzjoWC81XHv6KXM8stXC9kHNoRZ+M5bkI91nSF0xNB7bO2Bm4y2T8fKV+
+HqNVmy/i5uevOJ2ugqyxln4Hd8vQOJYZvCUXhPXtgwvrgAIE76ySsraQsMW2OEAf
+vVIALZhw1RW/MZ2KphBPocSZN3Wqubnz3SLBCF/nPVeBMQOTWfa5Tzj7Lq8ZVx2N
+IOFiacscUpbfU8qKO1a698M2afkzfEHNb2k/O5zSWApQ9VlVKH08nN14gBd7Ise9
+cBCulaPmSdkpdp8lbprQAA9VY8MUi4NDgn0eeknK/rjHiauG9M7XsnqftmuH9rS5
+fz2KpCIRR6cxNZsI0yI6AMI0e0dvb1ZPhRTXK+gfRz1hl0GmWC+QBnJW12MR4Vs+
+VkBW1iNIis9eLAwA14LHNH0wGw9NJ2l/6joCyMkumhoRZKmW3RGPunEYZJfxZFFF
+vr602WQSiMmczamh4IP5hl2Q154iAOB2r1LU5Ggpi48mo+qGzu0+VLv6f5NhBNIG
+fEiIW8mQx2Fl5QNNU5ZeEqwWpSL4WZb4qfsNWN9uLbh+m6gOS1VUQl5cXkmWgK5q
+CsI+sVlFVo6K10jNnyfwsV/zdy4Gxbvo/678w39lJByUXQqLO3+2pJUXaS6N2mdv
+pG9wOe6Sxf26YiBM6826Y66QGxAo32SX0FaS4cLBV/6rcaD3FaKwLrZZbddWbx2s
+vzp5S7SWfldOcGdULZAtoYc4sydK8dahl9QczOaCCYWHi7e3ssumstUV9xJA13Pn
+9dUZAvKmRuFI6emWOs67mJAblphuG/UOWS7TZwFYhiOgG26z8FFuzlCjBXRAhh5B
+Qo54BZXxuNDGIzrbzvmJGnPCAXk6ltVLGXOuXUIj+k5Jp/1SETjIjsVXyzQCfg0A
+u+Y26SKifGDTJgXDMAMdDWHOQypBmCRsb+OAMkEfpm/IIsTqOVl9KDOrasUinLex
+f5NVHLmZlysykJ0qY+5v3Rj0DNhi7WYo1Ee/pkpKgC87cFECy4YvAFIKDBJpak6c
+KviwOMjU55/ayK26j6zED39wjOIXAyBLiyak6vUO2XIq0vanFMB9PWMroXOenPpJ
+qXgOzPgMNzd9Z89HS9MMnBKZ+ors7KgDaBWePl8K52hEQOhhdb/X5zAGYXFld/ks
+5bk2cd3dRCk1cziS3C+XcxKBP9YKArEJYkqUBp2XajkQ9EvtQSpkV2GJaEoxmr0P
+I3N6b7IFWYCDzP1s+RN9M2QcCunR5LwqRM5w8bmAH6iMXY5BS0vdL68cpwTzqwgr
+zARCEylqdQPnjG3gUKbcwobj8pySXdbhD/ewNBtEfCMHmUFAQVF1hodQO4bC80hg
+R0xXZdaEPDdbfJ6KhQpe2CP7OwweLTZcujAIPHsX+Q7H6mweujCjh7E4VR8UkL+c
+aEs+m8X+ykKl1T9+fTpwjnuNRik+3A11i5KCS0FYxCirWa91dhZsWK9f/iOaPzJq
+YErQmEEp3R2IszMOgTBVewwT2pWrOBSUZlRnxYMS07J/ZYO6nE65VMECTAYVatKR
+aQnQXbwTZ9O0Fs2xEbPxFh0F2eY24jB09Q5HjN2ULCvio2TiowvGfK9BwZkrJzIp
+oz/XWFlaubYZowUUkel8F+AKS98TPqc+xR49G2WhdCTgT37+rSk69dSfgQfwtZxt
+O5+FfZr0faK40dnoGbAN8qse6pDxD+nmkDCmtbHPDoaTKnzSeMuvhG1o/sdW0UDm
+4nM97t5u2w2emrR/7qGArW5UjdcQkgCABUZlTrKh50OkOTHt53hDn48t3EhZREqD
+M0tiFnnbaMlNhj5FyZoEwvXlScHh+CSi2ICzmhN5yGwg05lICMx+0mE0RYb6TYm+
+JAhv2ZOIAu00oh3OuKeISm3EUXUV3oOIULGrzhZvJ1SYM1jHTrhlZxZ77xOqKMJp
+HcKpXjkkMwtoebMECW9O60hcjjo5AAineq2gyBEu+z+B7fDxNQPHFUxT2ML5QTn5
+STV3fLe7EuGSb5KbK1BDQArMBBtfoYi/nNSeIwFfwSO8sI3ee1kWq6Xhv4ag9r5I
+F1PSobTGviQZFDo8wqTZlMUwRwi0hWc7aWzZ5KIYplns3Sx3bC2odHDuyA0OPwIv
+sqH9i6eqdU1VGCn/LEPlKCGbLvi3iY5Qy+nHGRAVqC5KGTJ5jzMkeJnvltlNJ1at
+n9vLFobLJHpKQrOUtDx0NAjfLMRbi5twNoIo+so3V08tiwVGDCdsBeExhmQVOg+W
+QdKINjMtunCjeSQimbSS/4JD6z2qLY8+vtsvBF6svqL85Xqv3N4smZJb+hu7WUxA
+xO4mlKhCMFlC1oF3rcUmoI9u5te6v/wmrBt8tlW60tUycsNd6hJO+dGQL7YDOF9H
+YePFGvG2ELys/l8CuWtd+ENX7nnHYcZGThDm7NVSs9NxcK1xOpLYJMGBIWLgUcvp
+3/1zaUp9+e19i0rAO9qQBNo40cvjoAYtF5XeqHQecLMM6GPGptg82W9/J/ONcXaG
+ozHbPKWbJjcj4ZsY1BjOmhDnGDluyz5ltbcWOY5ZTGyibmFMKrYsifchbOFpAUhv
+rfRBbm4V+JOT9pwpJ1PnV8r54SmowiHiusPlN2JvjQvOSDIBeqX0ojGlrcU9J7F6
+CTMp8ndf1hK6+1cIQ+AoW8Sh0m2Mv7aZsD18nts2WA2swjlCDr/jy46TykIKnvGN
+o/TASZRdv8N1BtGaGZn9CYsEUBqBoUrd7TDzVdFZa5VBdb3u3E1F93/+HnCfTrlq
+Ll1WrqONEQ4+dwiz2FTEPZIiAMR8nfKd3+hk2fO7RDkCZ0NKjzkknPgXfAHW16mn
+IrVwncMl5dxKEjM0i8mj5b80xy7g0kn2G2ybMLYCOB/tWBsCqoZUaBdQCxcbkbaS
+ByjA3aA8L2Y0RA71R7TwIBLOLWd9cDP1hMExRATJpYZ0KrwlvyW/k2YmP57PA88f
+PPKiScKpyoOt4JoVEfFGDMU1cynMPs5iOEujT4TBQX5B7PV0b6UpbWzUSN3E/SLF
++++9X9Mx6F+356J4tXLGs/JMSQncNOWdv6EVhFXcHmJvlfvWgwuG5kU5XwuUDTO4
+76wCAbKLF1oe6uqia0W2PjCS2aGnvz0ayPbkrDwHNF0Hhkw7Q/zK9g==
+=i3UA
+-----END PGP MESSAGE-----