*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/tools/BUILD b/tools/BUILD
index cd4642a..2be1cea 100644
--- a/tools/BUILD
+++ b/tools/BUILD
@@ -2,8 +2,8 @@
load("@py_deps//:requirements.bzl", "requirement")
load("//bzl:rules.bzl", "copy_go_binary")
-py_binary(
- name = "secretstore",
+py_library(
+ name = "secretstore_lib",
srcs = ["secretstore.py"],
visibility = ["//visibility:public"],
deps = [
@@ -12,11 +12,10 @@
)
py_binary(
- name = "clustercfg",
- srcs = ["clustercfg.py"],
+ name = "secretstore",
+ srcs = ["secretstore.py"],
visibility = ["//visibility:public"],
deps = [
- requirement("fabric"),
requirement("future"),
],
)