From 7b8e742d6cf3ee8f8d9727c7a2c2e73b6b240de5 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Fri, 7 Mar 2025 14:30:06 +0800
Subject: [PATCH] sops: move munge key

---
 .sops.yaml                                    |  6 ++++
 .../{secrets/default.yaml => secrets.yaml}    |  0
 devices/srv1/node0/secrets/munge.key          | 24 --------------
 .../{secrets/default.yaml => secrets.yaml}    |  0
 devices/srv1/node1/secrets/munge.key          | 24 --------------
 .../{secrets/default.yaml => secrets.yaml}    |  0
 devices/srv1/node2/secrets/munge.key          | 24 --------------
 devices/srv1/secrets/munge.key                | 32 +++++++++++++++++++
 .../{secrets/default.yaml => secrets.yaml}    |  0
 .../{secrets/default.yaml => secrets.yaml}    |  0
 devices/srv2/node1/secrets/munge.key          | 24 --------------
 devices/srv2/{node0 => }/secrets/munge.key    |  8 +++--
 modules/services/slurm.nix                    |  4 ++-
 13 files changed, 47 insertions(+), 99 deletions(-)
 rename devices/srv1/node0/{secrets/default.yaml => secrets.yaml} (100%)
 delete mode 100644 devices/srv1/node0/secrets/munge.key
 rename devices/srv1/node1/{secrets/default.yaml => secrets.yaml} (100%)
 delete mode 100644 devices/srv1/node1/secrets/munge.key
 rename devices/srv1/node2/{secrets/default.yaml => secrets.yaml} (100%)
 delete mode 100644 devices/srv1/node2/secrets/munge.key
 create mode 100644 devices/srv1/secrets/munge.key
 rename devices/srv2/node0/{secrets/default.yaml => secrets.yaml} (100%)
 rename devices/srv2/node1/{secrets/default.yaml => secrets.yaml} (100%)
 delete mode 100644 devices/srv2/node1/secrets/munge.key
 rename devices/srv2/{node0 => }/secrets/munge.key (50%)

diff --git a/.sops.yaml b/.sops.yaml
index c36b2c5a..fec92cca 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -36,6 +36,9 @@ creation_rules:
     - age:
       - *chn
       - *one
+  - path_regex: devices/srv1/secrets/.*$
+    key_groups:
+    - age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ]
   - path_regex: devices/srv1/node0/.*$
     key_groups:
     - age:
@@ -51,6 +54,9 @@ creation_rules:
     - age:
       - *chn
       - *srv1-node2
+  - path_regex: devices/srv2/secrets/.*$
+    key_groups:
+    - age: [ *chn, *srv2-node0, *srv2-node1 ]
   - path_regex: devices/srv2/node0/.*$
     key_groups:
     - age:
diff --git a/devices/srv1/node0/secrets/default.yaml b/devices/srv1/node0/secrets.yaml
similarity index 100%
rename from devices/srv1/node0/secrets/default.yaml
rename to devices/srv1/node0/secrets.yaml
diff --git a/devices/srv1/node0/secrets/munge.key b/devices/srv1/node0/secrets/munge.key
deleted file mode 100644
index 67d4fc2b..00000000
--- a/devices/srv1/node0/secrets/munge.key
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRTJCOTJqclZqV2ZTb3NG\nSUV1VVNnUVpqZGVCc2hlTVBkQUVtVGlQdEhVCk1aNjhhbDZuajhQL1l1allHOXV1\naGRoWEpTZ2haTFFqRDhlclEySjVmMXMKLS0tIFpPdHZvekhDaS9yam5GSEVhZFlw\nZGN1QTVYQjZuUXd0NklqdytYRjRSNWcKC+AmUlZiefdfnP1l/sbQHBUaZGN6ciT8\n/yI2ed25uFGwCo0h+yLywbuNQTv7AiBFM3R+KBSjNDkFSgiGfblVNQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VHhFMi9RZ2VjeUxqTHAz\nZklRbkRGVkg3NDR2elYwbXRHZ1dSQTEwNXl3CkdidmwwVUZJWDllRVdYRWM0WEtX\ncXlHbnlZd1h1Ni9UTEtHK0Z2YzNHcWMKLS0tIHl5ME9UaDBFSkRXeEh4OWNRajZu\nOUdGcHA4Q1I4dS9RMUV0YUZBYmZyK3cKSxvVdG+P9+esK3miJdW9BqgJdEMEq4iS\njWgh5lmSQaat3UzjkOVPPp9Xu3DRpzTFq+dM8bdGDTbzAdrUhxj87w==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-09-15T11:11:36Z",
-		"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
-	}
-}
\ No newline at end of file
diff --git a/devices/srv1/node1/secrets/default.yaml b/devices/srv1/node1/secrets.yaml
similarity index 100%
rename from devices/srv1/node1/secrets/default.yaml
rename to devices/srv1/node1/secrets.yaml
diff --git a/devices/srv1/node1/secrets/munge.key b/devices/srv1/node1/secrets/munge.key
deleted file mode 100644
index 1e15674b..00000000
--- a/devices/srv1/node1/secrets/munge.key
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:GHsftJ/b50XSTy3wCX/ms8iGhs7oQMrqw5R+7PxrjAm/VzcYJbAQjYButIeNYB2/r87IGKDEMAskowocqyuhamTZS9n6eElDBZrEoUXc9J/lZvXrNqBa2pDsR5a58X6Paj2kMn8Ke9M3vwHcgniEgZtC2h5u6VwbgPMZniqYT5w=,iv:KhGKrf0tXdLb0sWc6kB9lXjj9jOU+wsy76xGFRmwdz8=,tag:s+NBphi1n00GflKqujZcfA==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYWdxSzIrQzRaVnh3K292\nVGkwdWUxanpQbEllWlNvaHBoQ2VYR2pXcVZVCk14ZmxlK1pSWnpCZC8yaE84b1Ew\nNTJUTDErTUVxZzBqdGFORDc1TEo0REkKLS0tIFZJeFIvd3BDOGkwenMrWlAyVHdh\nTzRHNU02RWY4clJ4dk1IV3R4c0VTd2cKeX/tLKOnkbcAhkgCY+T4XWBgc7eUFecn\nfqd6Kxfg6P75OT6Z4ACKsHDGznGk8fYk+Ms67MSCGzr1HXaR14/eVQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxODlXSGpsYk5BZ1piSUhX\nUnlTQXpycmV3YlhLM01SMXZ2ZzFXWEU5MVNZCnVUNFRUTTVNaWVUZWY4dklFMmhW\nWUc1azJFNGJTZFVlRkdSZEd0eUozbk0KLS0tIDhUTFE3cHpFblZTa056R0lscHR4\nSXpoT2QrOU9mcDV2ZjR1bjV4cHZCdXMKyVyxBRY9oyhfj0ZMVRtjf8TT0qRJULwN\nosghj6bPqOFl3C9zBne1Xn/2mOj5lkMZP6MAMPtaW8nvsf/LkZx/Hg==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-09-16T03:08:59Z",
-		"mac": "ENC[AES256_GCM,data:SjmuJVeJsamHE7Yv5Lvoyjp0CysTo3K1nyJgPI7KKp21H8Xq59g9/zbth4pCdIMHyt43MNUXFkhYD/Ox9ySoDEi2pr7H2kM9fcFM0W/ObM/gm/lt5jTLzzS+OkKys+Yw/WA2nIStSNq7rAb/SKFbHvj1P9YBsJxlOnBzTW7uu8g=,iv:tNjnqRX1D+vY8w7RxZzo+HdfjK9pXJpB5MKnb7EyUXk=,tag:PuLU5zmUH14ZxuTUPIz20Q==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
-	}
-}
\ No newline at end of file
diff --git a/devices/srv1/node2/secrets/default.yaml b/devices/srv1/node2/secrets.yaml
similarity index 100%
rename from devices/srv1/node2/secrets/default.yaml
rename to devices/srv1/node2/secrets.yaml
diff --git a/devices/srv1/node2/secrets/munge.key b/devices/srv1/node2/secrets/munge.key
deleted file mode 100644
index 57318131..00000000
--- a/devices/srv1/node2/secrets/munge.key
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:04fSLZEkne1LqLZNYpy1tFlKTVUgQNuX9L3cL66FVHD+LqGAyWJGlAnduY+fQMZdDhbBdeEnJKXjyQ2jdDCttuqbPRiJQChtD7ztf+oiP877N143iSY2G245aCjIrAzmFORkGZaQT7nD5oxgCPiLqJzkNPzgjN4HIDsVoYz6jtw=,iv:gTbiJmdXN/62/t53ddfDrYlNLe3AoujT4G03eFQXyZs=,tag:eAYfhXPERqsVKFSkcm+Abw==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBb3JtVi92M2JUc3dKVzRt\na1kzNU8ycE1LTmdVZVNFNDNJZmpsTEdCK3hZCjNXajNpcGxXMDJxRjhPMmhFd2la\nZy8xUFZNZXhiVHFtbG9xVmJ3Q2d0NE0KLS0tIDlNWEJqcSsvQTFzc2FxL2F2bVVs\neS9UenMrYXNKbGJVTnZzN3VscWlrRk0K24RHbcTz56GV6AbQt7Yy9+1NClMpQFtk\nf/NO2RYuS0ciHwkJQEw7M48iJuwTSiv1pflXXkNvkl6/I7wPgS/eXw==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSjFQbWd4SUhoOExTdnFk\nd3dVVytZaDAyc1F2eUowdmY0azFKbWJ2Z2pZCnhYQWJtVXVjTTRvTlI4SlVyVHh1\nZlBZTlFheVNKdzN5a0RHM3RkTDhzQncKLS0tIFlpbjRUSzdzS3ZuMW8welNRODdR\nWis0ajQrdUNqVWcwMWF4bVlUaWsrc00KfL/zF2RiAanljrNhRT99i2jPvLySMWXx\nEyzYRuTH8ZGXsX4T2VAPjreBt1ahJ/EgBWmCLibEVK62zWfdquAZKg==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2024-09-20T05:31:41Z",
-		"mac": "ENC[AES256_GCM,data:7kp2KNU4O1yuBdu7cxzg8BytPWiP8hQ0/mWVKPPn4BXjFleyo8KzLC3XZn9Ovt2fHWiF/4hMreOPIDW1W+8n/DedLa2G+zkHiQDVBCyiLJ+FCELvNPdDwR37RvOJ0Oo3RtQaSK2xBhNwS2Qs1G7DemEGFrWXrZ/SeCG5H6bI4X4=,iv:zGG9jcC3McICjeYZd1aGud+VaUhLXg3J/demAqM4vUM=,tag:RINzMA36WfaTRuEy0cTQKQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
-	}
-}
\ No newline at end of file
diff --git a/devices/srv1/secrets/munge.key b/devices/srv1/secrets/munge.key
new file mode 100644
index 00000000..06c945be
--- /dev/null
+++ b/devices/srv1/secrets/munge.key
@@ -0,0 +1,32 @@
+{
+	"data": "ENC[AES256_GCM,data:ul1xMmQ5FZVIKct4KbgnTStsT5cH3sRvmaApZez4WZ36zF3q3M4o0dcwuWXxl9Ay8+Kd1zzUCZy26FRj85IwAel6POkmIlXl51Awou3iWuGBqUlS6IL9MIERMR6lTlisOK2l2PJ7IJBichFwwDrxImnt06B68Z7JWOyrLMfQhwg=,iv:nHePsGpRWMj4CdZ8wxr4xCJAcSndHsRju+AMyK54vNw=,tag:+CC0EJbTmIjRijr1SZpF3g==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c0lOZnZXY0ljWCs2aFoz\ncHVQNVJJK3loVEI1amIzYWU3YUJjbWtUa0I0CmJnaUhhT2pEeG1ySGxHOU1LMk5z\nak9RNkxXRkxBelVTYks1TXJuazNjRVEKLS0tIE9JbktPcGFvYWk2NWV1K2J1SXhT\nQVpubWhsUTJ4SWNXTFNvRjQ3aE1kUFEKeuatL0NX6KbvZL3hafjbNPeBFDFBxSOv\no6Jvm9s4/Lp5m6YRVcQyInAoycC+O7GYwfCKVbPNMAamOhDraIoE4w==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOEFXV01sRXM5bTc2TGdE\nMWZraktqOUpTSWk0Vk1KNUdqNnVVNWptZkJJCktYMk5jL2ExTTMyY2NOUXdybUNi\nZ2hhTlBtaVZlZ3BDd0xBWTRoKzBJbmcKLS0tIEQyQlByNmtxdUFuQVZ6N3I3Rjdk\ndW1ldlIrZ0lxenZPMVNBcFJDMDM5QncK7p/F1Usnp2OQZ0Mp+cpQBY+ELu5n3UrD\nZN14dzPqnPpoC5nKOzGp7veg8ssH5VCX0xxI8ZJCihKwyJG/FP3pBQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpeDhuTkJFclM3dS9wV3Nz\naFdrVS9KSENEMklhdVgxcFpEU2N2ZWVKL0VFCmFVSHhybW9YNU5HVHliL1VVcmNk\nWHpsQTFGMWYvc1loNGVGUm54K0VwYzAKLS0tIEhYOE9nMnk2OFl2dFZRWlNTVTZt\nM2VBaGpTMSs5bzJwMHdJREV5ZzVzbGsKu0al3a6aJ40GbcCH4tF0Va6XgNxXOZmM\n7HXqH6s25dqbKTa8iNpGeaJhjRBzkyLjq1uRtQ9X4vXg9RuRhNYPxQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaHJ6U0hlZGVkWHptby9T\nVk1ONHovUTZKZUFZaW9XZVVoRk9UVWMxUldRCkNacG5FelBQbVZCbWhvSkx2TFJi\nZmd1VXFRODZNWmlGT1hJcUszbTM1Y1kKLS0tIElXRzRsTldKbTV1ZlZLNUJhVWdn\ndnRTMnc0cHpKaC82Z05VYlJ3a3luTm8KNBEKH7yeyzSyCh5D6YYc3Oayie6xDWEl\nyJVZHVmk87fzDtmVSP07KbiWeGur9epHCEjA0et/76+RXObIQQ6XGQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-09-15T11:11:36Z",
+		"mac": "ENC[AES256_GCM,data:bV7T1HfvM2n8+Vus9oDO5yoWDGtWYOd6d/zJ86/sXB4psg7aXVNedYSn+98SJdpYKHRcSuMJ9D4h62nAawERB6u8EmW8kxh8fuVLb6tj+9fWF1iVqinL4LE3916+XzMqGzGVZZEXaVtPHqOue/D1sYtBrBCOEMMyq0cmLFY2JrE=,iv:eSrtmJLARmwuAQ1//x4XqCKDZybJmMtyefWyLPk+1j0=,tag:M5W+vO4RjVwS18C9wTIe2w==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.0"
+	}
+}
\ No newline at end of file
diff --git a/devices/srv2/node0/secrets/default.yaml b/devices/srv2/node0/secrets.yaml
similarity index 100%
rename from devices/srv2/node0/secrets/default.yaml
rename to devices/srv2/node0/secrets.yaml
diff --git a/devices/srv2/node1/secrets/default.yaml b/devices/srv2/node1/secrets.yaml
similarity index 100%
rename from devices/srv2/node1/secrets/default.yaml
rename to devices/srv2/node1/secrets.yaml
diff --git a/devices/srv2/node1/secrets/munge.key b/devices/srv2/node1/secrets/munge.key
deleted file mode 100644
index 36bede90..00000000
--- a/devices/srv2/node1/secrets/munge.key
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:fkOaCmCk6e8KTUq9zvhYPL6o24Vcja909NoKl7CIy+8H1D2bX31JEa42D0CfLFxvkA/kVcUehVbwL9Ax0ufBa33O73VrTggU9u4qolgpjmibIINXlQrl1MtEQu66MHpq971czzTCACGHz27/cUCUU2wBZWCCv9Zyk22OJgzDgYs=,iv:cDAcl4w4MKERttP4Bv7TZ701jSHVMquSqj6HqyyQ1sU=,tag:aSm/gR7zWYMZN8Iu6VEf6w==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVTnkwcE9RWHdrOEdyaW8v\nbUxiQ0pmcW1ha1E3ZkRmaWpqYWFXUm5NVVZRCkVHT2xhbnQ2MkFiczdPRktaRTlI\nT0lhcDdOd2hoeHZMM1RnVWdiUHpoZ1UKLS0tIGxZaDdMNW5LNU9DWkt1ZHJlQ3M1\nTi9GaFEyMFFYLzFyL05kaEVQTDB6Vk0KUlNgX2N8n9NsLJuFflkH92EbxnMp37dg\nArhpRuUXscHZ62Z9eR3cgXwfFTAYzYBhL0M6uE/jwfDEV3jw9fNyaQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTjcvWVcxSWRVdHp3amtj\nVk54dTdRZUdXaGFuUTRLNVk2Uk5xWkx6WlRFCkxHUlhoTlJOTnN0TjhNZHFIV0tY\nQi9kUFh3R2lZYm9UdWFGZmFKZDFQdFUKLS0tIFo3b1IrNGFZaVVYZXpTYlFiVjNo\nV3QwU1RRaFExOXlnUmdJMlFmQmZJdm8Kzs/5XnsdYfJvLMCS/Uidwz7zQ2AphqRb\nWD+ua4DLsGIzVDCFzkuVcROBrJC8zkI8PGSd0pgFiV8zUKwEbyHG3w==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-01-11T12:46:25Z",
-		"mac": "ENC[AES256_GCM,data:qqwInEypo5r5bCu8r2x/CHdLxFZRxjlBfvSdhO9DeINGOtPB33WvjNei3UiuqROKWIa6tOpXSjz4jUdhI88aA4lip6JUPu4rfat/GaJDP6FjtDqtKuBoZRv1YG1QY1cAuENjzi30092rZNhC1vnh38IjmcyHffM2phgkG2JRmL0=,iv:f1BbcrBH6YmEODUh6SM16LiJH85/MU5GhW4hpy9k0yE=,tag:/c0/783cQ1c4oJ0Rfcw+Mg==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.2"
-	}
-}
\ No newline at end of file
diff --git a/devices/srv2/node0/secrets/munge.key b/devices/srv2/secrets/munge.key
similarity index 50%
rename from devices/srv2/node0/secrets/munge.key
rename to devices/srv2/secrets/munge.key
index 0171b9f2..67624a3a 100644
--- a/devices/srv2/node0/secrets/munge.key
+++ b/devices/srv2/secrets/munge.key
@@ -8,11 +8,15 @@
 		"age": [
 			{
 				"recipient": "age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYmNFOFlnbm1FdXdGWUNr\nOGN3THhDUyt4SDVzcHY5dEYrSWsrQm1UOFJvCmhXaWFlcC8wazROaXZzcm9tUnFM\nQlphZ0x6c0RhbzY0aGVFbXdOa1BHbG8KLS0tIHF2YUNTVnZ3Z25FSnFlTEdmdXhE\nb3Z2UEp1c2UrOUp3NEdNcE5HSFptbzAKWGSTwv6xUNs/f+p0Bhpzg8zZ7EVK8kMm\no13fru2Cnqrw8Cj0zfx+7LODpBVzo03fLYKqZ6kbPZGa12ihk+fD4g==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeDlnOGlTYlY5a2wyaUxo\nSk5uaFVQWTY1Q25ad0NkSTQ2bTZEYU5ibWg4ClpnM1NLbFArUEtndjFGamgwdDBF\nWnNMalNRWWhLL2V3S1RWRHh3MGErUUUKLS0tIGt0MGJ4SzNDTWZNUHM0djFDSjdo\nbDMvbWRDVURzQmVWdGFQeDVWQmN5Q2MKBpbH7QXL1sf0c7ix9yd2r7vEBScixvBM\nom1tHgJmwxhep7DSyvjg/xslag7U2vF69gPrcAlnAndZsLCtsYdvyw==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRVMrenM2Q1ZheFVPc2Rz\nYVd6UGoxbkpSQlZsNFN1dmIzSkl6SERwaTBRCjlHV3MvTEpxbDY4OHZjeUd5NmRF\nRmc1NzVCMTA0bDhwajNlMWZKTlNKK2cKLS0tIHRZZ0cxY2dwV21iRDlmeE5UZkM4\nK1dKV24yY3FKV2J3U2VzZWt2QnBSTHcKn8mq+1RnJG/nBbH2mAFpSFSTHDWvMqJj\nsziW9lK0cH6bPxhcpDO4oG8K08bdGHUVGtx2Zk81CDqzfamlMzzG2Q==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwa2Z5V0VPRWhYaXZ3STBa\nMWVsS01CYVBzeHM0T29pUWtQYlVyWCtheFRzCk5JYUpqN1cwWDFwUkZ2Q2xkL3U5\nRlNpMTQ2QTBQZFdYMmJIZjdnOWNjalEKLS0tIEZZREZPVmQxZ25MaHlMZ0VuWExT\nR2dJZ1lWdGt5dWNIM1FyQ2dZV0dlTTQKhUnA3pnoXb18/b/Jzyk0fC6GnmIMmYfl\nVgzCoCDSHNSvW/qUoT22hJfZCMFvIzOHEpmufMHCecZdisUozfWFuQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYnBaYmprYTIySWFnOVhk\nTThHNEptc2luWTFxSTBBMnY1Q1FkQjNBaWlBClFRbWlIdmRRVnZ0TGJVTlhNRHN0\nS1JZZnJLU2xCS3Q4ZTBDWU9ScnBtOEEKLS0tIFNCMmtDd0VJR0JucUJSZHo3dHZl\nWm9ZQ0dOamZvSTNQNW1uWW85TGxRTWMKKm7NdN69Q7F+KcR7u3kTxhQuzikGUdEZ\n8AkowBgHRndxNgdC6wYV1VeqEkDxXqR/430+EQS0jQQrIXpuXkCDkQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2024-03-09T07:59:38Z",
diff --git a/modules/services/slurm.nix b/modules/services/slurm.nix
index 1a7b4839..5aaa3cf7 100644
--- a/modules/services/slurm.nix
+++ b/modules/services/slurm.nix
@@ -187,7 +187,9 @@ inputs:
       sops.secrets."munge.key" =
       {
         format = "binary";
-        sopsFile = "${builtins.dirOf inputs.config.sops.defaultSopsFile}/munge.key";
+        sopsFile = inputs.localLib.mkConditional (inputs.config.nixos.model.cluster == null)
+          "${builtins.dirOf inputs.config.sops.defaultSopsFile}/munge.key"
+          "${inputs.config.nixos.system.sops.clusterSopsDir}/munge.key";
         owner = inputs.config.systemd.services.munged.serviceConfig.User;
       };
       networking.firewall =