*: rejigger tls certs and more
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
diff --git a/tools/install.sh b/tools/install.sh
index 82713a2..6a9bec1 100755
--- a/tools/install.sh
+++ b/tools/install.sh
@@ -8,5 +8,5 @@
cd "${hscloud_root}"
bazel build \
- //tools:kubectl //tools:kubecfg //tools:clustercfg //tools:secretstore \
+ //tools:kubectl //tools:kubecfg //tools:secretstore \
//tools:pass //tools:calicoctl.bin