*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/cluster/secrets/cipher/kubefront-apiserver.key b/cluster/secrets/cipher/kubefront-apiserver.key
new file mode 100644
index 0000000..dd7f8bc
--- /dev/null
+++ b/cluster/secrets/cipher/kubefront-apiserver.key
@@ -0,0 +1,80 @@
+-----BEGIN PGP MESSAGE-----
+
+hQEMAzhuiT4RC8VbAQgAgCkswSG9zjgdR3TYUYyp86KRh+6zKFyzVC8ggJJk8L4e
+T86uP9DPpDeeEI2eDLw6mh9FAj7zuEc0v5L0fAciJxgANyAbHZzrvgfJfSc2va2B
+3X0b+RFP7djSrRA59EihEN/iTB8mqE/G8fQQv3jZnjL+N3V43/qJapADdSpIT1cd
+Pj1GZHM/Igj14PIZc6aFQxfaonFi17gWfWhbNYc66RKZV14KpaYzRlDdArN7BI7v
+UAShflHexzHiqUFv1BIvpMbx1rVhFF/rkNzlAE9c7472S/H6Q8Wu9EpcGAeDJGBg
+DnUbayQKEoDr6Jxcpdy3lTikXAGbtMGPim4Q/8xcFoUBDANcG2tp6fXqvgEIAIqW
+6YeEwG2sNgSTXAAjbpyIhPt6hYKZQlX0z3ogA9uUAH1m9olo4W8qb3H4HbXIPanB
+XR6n5owbyX9AsuUoG6SwIyFkGA7UHtxWihPGmD6czwsrJp2M9uOdo/PyDJhQxkkI
+2Dwi81oszhsWu+1nXFoi1feVW3VgoQyerSsHHoTLm1nnbAgzID77oBaoxS6B1Gxu
+GbXg7uxkgZ6Oc2+Ut1QF0lKxiMxKm7Tp82EpfkbBPSxwTqYZ/uhY50Svf24aACPY
+DpALa8BO5r0s8g7WG95qjMcVLiif4kHJv0OuKf/ivv2F8/R6BhYce/wiDPyiwtU/
+atXz9ljhS1hrsCsKnVyFAgwDodoT8VqRl4UBD/9J4xdq4CdMMAqI6tmKKudknJak
+tS1B/tUb46GP3IPzdWA/m2710zkI1S6s0ZzS4L3xTDrAc104ux4QpJ4QUxl3GcPA
+t/VWP0t20unF2UwS4LQbS+utpcUw34voxVDfCilu5emRMbLzHTSbJ4Iheg9KJVpV
+Kpd6QrPFXbuOsCtpZ7YgFTvZyJ8KCGNWdmmSJud/Sq1NC9qbYwvDd+NQcMJK91Q4
+02MHVmjzVYJQEDm8K2ShtlKs9L0b77XNxRKYOTt4vAq9P7x/ufg/vwsbcxoHbq+6
+RD5DIXWAzMPYA/OXwQrQoHuFxoyr/IXZCr6UZ+ziD6glM7SQ7MH508L1RXM/233a
+QM+l1f/qRx3svHxBvrxnEcF4ovtTbn5paLBflbbR+1XnvDxPlFwMoCia7V5cJchl
+wLnoHm7TtnCfPOaiIBRoDtGQev+Vbnr3XJ2oo9oT1iRBMRt7jcg7llVbw9FiK0pm
+UpSvUwr8qqQkKPpVYfm/JKmbPJ7Fq9yVq4tviakfjfRLyGx5TSKz1R/o9HIgUC6k
+CZTwu8uj4hZsyRQkpmR1yX+VPcugnNUUtEv5Wg4RqCmddMOPafUAJzIC5gXy5wfZ
+fIwRanKwJXQDhq7+NSWhDIpmtg6LrF0/6ezvEKMcJWgVaHQTN+i5fdt2b55P44cl
+LeauATriR726c8iI39LrAfIRYTg4zwSLcjrRtBsyLvm+fTSazXKV1CCT61XtKHxi
+FE6CcnaTRbGy1oJnzFTNKmiPds3FqLeJl/l39wePrWnlypVcVcJvQGFQCDq2SYBV
+hSaQIVZEPnWArYUz08V85N33F9XRhsN4Pdluyx8HBzEKMGJg6sIM7RirHnK7F0Kv
+QpIwZYpelTpO+J1hO2nBA6tc8GHRXompyrbGOjmtsigklLneWpPUR6k106DqJub6
+OID0MeQCl3YtLEJYaOb+00gS6rgLxz8gnoXP5NqQadLGltP5kYS1gK426i6TKJ5P
+tuTLP5Qve1PSbQLHonoVQ+PPjjqJeHCxZGdySryUETHV+O3EaAOkED52uz9vng+K
+HnG27khbjhhbW/K/ArLa2V9lEospp0zxNcnulnn0X5merJ5q3/1ifpWeB0bkCndz
+CJtjoEy43ae9Le2TsCqX8KChQfLiLsqsSz1vuXAasF17jE8c9a9S3y5rdec560jc
+s1yfTxupb5xGYk/2fgq6+2UxSrpJtUe1ozE4YVeleY24Keix3MFk0d6XBuLpZyu2
+40Q+DkV/0NTaWufVf/mfwHJ11Hl4V5K0gEt55VSSUX9Jvb8lkEYxxZ/Dxws0AcRL
+7xkR3PyoHvuGS9yZnUpZY6okEBpMqYG1b41XfE0g4RPIV5yk9fY83gQn3vvCJg2C
+d+X3vRMX27tQVBW8yhBr7sj+e1ulPcUwfrTIsoZqfW8Klse0H3XK928kLKF8XkxU
+q1Ia+iohqUt2k7pKG6rOBf3be8jChhLKP50WosRDxyRunzJUJ/y8oLR+oY8g3eL0
+vX8jx6XKd0NrgsIeJjJg2zJqms61VFsnjSo9/xsejM3ecYY7/oy4HhIjj7uf49tt
+WwV92hsYWc+YpHBneWNHOP1fZJxPVTFcO7VS+d63Kl+XqRg2Slf3teB92t+ypT1h
+Bq9o1pObQUS6sGmwXG6oYdXMhS4mkOp4FZ9K46230jQDMk+8jDrtVgn/yAT+GV0L
+IF7ZwOeRD/OcwosHvY5kQUIhZiK1sTsSW05yoMTBZU4gMwa9aLcSIftbPlcl9h+v
+geur2flUF73OPTC0MMZGDGn8H+KowqtKFWtCXuUSPMnFAntNhmchg/5e+Nygo1jS
+1pILw9a9GNhdFxt6/xCfc4ZxDIoT6+8AgaVd4cIj7Q4p1rafbdSUckzN/obI4X94
+6VpJWIq58OmWBTm90ChUXptecGVpKryLcXCNLwxNFFAFiWD9I9Liy2qxHiriy0r8
+F90eet4zbPVXsQc07h9qHFOwiFbjPT0s72MEmbey5qrr0J7U0NFYZcStdGupZg8y
+SahkgtaNnNfoKH1DdBPvYPlWcGCObkDsCz9do7+uiESK9mRbrip4XLuNc+OjYt7W
+U29keIbD7m3Y1Ii1fff2DF5OaurPmJJWDdSHmjt8/LrESV9jvG57iSG7r/JhLVQv
+cLVWCfMncRXhyiyhKroa15fTMTPSc2YM+czrCSkAUKJJv+SCMg+41XUp+ehaW4xL
+uq8bXrbMUbji5RYDZl8fgYu8iwGP6lUjeiV7Aa9BKb00bBCNNQ7sxm0OtxBxafvx
+yPzQAYkmbvUxkdRdewTlnIVe4Ij9tE5eOiQL1pRZaw4rGHBA3jmIBJW+JC5hou8E
+kReRafQUC2JAP3/JPoI0WGnV03/eY0G5hiFow0QkT1bHvXd3CiwhfIXCY3QoTaqu
+vtIXEXtHrQvaEKFGS0wu1tITtxZHXEbtKPLXy1Qilu6x9vLslLTe0SYqeR3fF+0H
+5LmYnHMJKwmBrF7gypIiPz7oduaPCIZKueDE+tJW1ikStbQ134a/wLgU8kROkdjN
+Nmpey/6D1R0trwT1+DdiOZHd51Vw0EkqgY3GyzDm1eDtQRknRWDrjU9LqP5CN+bV
+N/6oIQshqmkp4TgXrTZMiTgOSn/Wc8lX8UIXvNYE+rlP1IlO12G1bGuURxSRsRrP
+ttBhVLElaQA/RRCszEo/r/8+kdBmto/wTnAPhF3voEmgPfZb8FzMG01U7R6a3t18
+nBF07FwEaFjNoc8s+Aesvin8a3w87FyK2OcXjgwlutcE/3fYBHTZjlOqXxG7XwfH
+egLgeyCXeyv+QLROG41qqjG7yRzt1jpr0Xy8mRq0V9Z5ANxnKSVP6zpgU5GyYGkn
+vfO3MlHE9CQHzxlUjh+RMLm/Oe+XHYx9ieUMxeAc6Ssx/4rnBOi86ALQq6Q3nKyb
+bsVBgCFxUyJ0G5r9+Obs9W3bY9sNoxCPuM6EyhYU1f8ly9yPD8whIC9/vZMsR2CA
+XgsvNrVWQlDWqPUtkkiL5zrcETHUlrf8BFs/EfudQmNV20Iyu8IxuINNVOpvqCKM
+ADBUUYO3R0oQmx1cyCrkolaemu/EA9BXyQcqkDtCLkiQhZQXVwEg3815fQAzquM1
+CaeEmyoCORCOTY1SST5h63c/go0HpmHk9NNwIRcxDbRYsM/IgRqbL87lmbL4przG
+R/PZw0+ZG54NZzUmjsPGtNWPToIWdNen1YeTptjlO4jsHZIkR195en1pxgcNGpw+
+OLlRqpmMsFIy1AZDL7+76VipHnU7McVT1PlJI4Jq5n5LTHWHCGnAyKy+HsEG95Ib
+apXW3oUk3TQakZ9lnXCCE9MbpVI1zspa0FygVJ1m6mThLVUZzmLaFzgXNKaY/ARw
+ZH6j6E3/9oPa5g7twMjm4uaKtk2+RX1QvnxsN3LGCFLSAm2OkCsL0+ke6W2VaI/p
+Scz707aA33vBGEDB3EYpdoNdyRUl2rKIpANvftgsp7KEoVLllaT1ki5dpFFBuW1/
+83kEDqSuGY87XE5Cyn3hQ8V5ON+WCyezUpO/mKQ3a6PZzCXiOlIn9Sp6+6cge1qj
+kz0IPJVlWTlf3yq1iMM5bfnhYfnvjBYONv0I9Q1d4BLvYQGECN09nYNq+0ima9vM
+/C9OP9rwaV7pR6dwtvf3Zvcfnce7262xD9bdO3vwfqrLxrZzqTiWBIYF2njdvNdm
+q8Zd7V9MFeAD4Dy2lh+iNuaTRFwYwbtbfL9xyOsyQ4e3u0sZGAJsZ/lAaeIODTPN
+EbcPLps93fkudHl2p5bgzkkc3HUglR6FMfLe1AlTduscXiYoUfc6d6M2gXHWgh6+
+7zaDj3vBfF5cDz06OyuW4Xbka+wb9yrH9SHekcTlXf+FDdQ++gJL1QEJsqpF8s8w
+M/KTKeAdhyZw4rTn+Ccmaf7CTx5jaIzSKy/oEIpdsvuP5BarTc79HNRxflSQXvmR
+WFIn1EN0wf/wgDwsI70fHgY19FBbfU0K0IuGz+ITfvupbdGllXa/3X/wS/9jYw6M
+XsjqARxReXEq4G04E95+YgCV/OcrZya2ZUz2oHtqTBVSXigmUJfbxPo97E0GHSwG
+Ra1XRgpziqB4oDmueGeEiitiskrQhl5YEZWindu1VDYBOw==
+=onQ2
+-----END PGP MESSAGE-----