Befor fixing linting problem

2023-10-22 21:03:06 +02:00
parent 545d389df0
commit c7c47b6527
87 changed files with 703 additions and 3929 deletions
--- a/pkgs/clan-cli/tests/fixtures_flakes.py
+++ b/pkgs/clan-cli/tests/fixtures_flakes.py
@@ -1,4 +1,5 @@
 import fileinput
+import logging
 import shutil
 import tempfile
 from pathlib import Path
@@ -8,7 +9,9 @@ import pytest
 from root import CLAN_CORE

 from clan_cli.dirs import nixpkgs_source
-from clan_cli.flakes.types import FlakeName
+from clan_cli.types import FlakeName
+
+log = logging.getLogger(__name__)


 # substitutes string sin a file.
@@ -28,73 +31,85 @@ def substitute(
        print(line, end="")


-class TestFlake(NamedTuple):
+class FlakeForTest(NamedTuple):
    name: FlakeName
    path: Path


 def create_flake(
    monkeypatch: pytest.MonkeyPatch,
+    temporary_dir: Path,
    flake_name: FlakeName,
    clan_core_flake: Path | None = None,
    machines: list[str] = [],
    remote: bool = False,
-) -> Iterator[TestFlake]:
+) -> Iterator[FlakeForTest]:
    """
    Creates a flake with the given name and machines.
    The machine names map to the machines in ./test_machines
    """
    template = Path(__file__).parent / flake_name
+
    # copy the template to a new temporary location
-    with tempfile.TemporaryDirectory() as tmpdir_:
-        home = Path(tmpdir_)
-        flake = home / flake_name
-        shutil.copytree(template, flake)
-        # lookup the requested machines in ./test_machines and include them
-        if machines:
-            (flake / "machines").mkdir(parents=True, exist_ok=True)
-        for machine_name in machines:
-            machine_path = Path(__file__).parent / "machines" / machine_name
-            shutil.copytree(machine_path, flake / "machines" / machine_name)
-            substitute(flake / "machines" / machine_name / "default.nix", flake)
-        # in the flake.nix file replace the string __CLAN_URL__ with the the clan flake
-        # provided by get_test_flake_toplevel
-        flake_nix = flake / "flake.nix"
-        # this is where we would install the sops key to, when updating
-        substitute(flake_nix, clan_core_flake, flake)
-        if remote:
-            with tempfile.TemporaryDirectory() as workdir:
-                monkeypatch.chdir(workdir)
-                monkeypatch.setenv("HOME", str(home))
-                yield TestFlake(flake_name, flake)
-        else:
-            monkeypatch.chdir(flake)
+    home = Path(temporary_dir)
+    flake = home / ".local/state/clan/flake" / flake_name
+    shutil.copytree(template, flake)
+
+    # lookup the requested machines in ./test_machines and include them
+    if machines:
+        (flake / "machines").mkdir(parents=True, exist_ok=True)
+    for machine_name in machines:
+        machine_path = Path(__file__).parent / "machines" / machine_name
+        shutil.copytree(machine_path, flake / "machines" / machine_name)
+        substitute(flake / "machines" / machine_name / "default.nix", flake)
+    # in the flake.nix file replace the string __CLAN_URL__ with the the clan flake
+    # provided by get_test_flake_toplevel
+    flake_nix = flake / "flake.nix"
+    # this is where we would install the sops key to, when updating
+    substitute(flake_nix, clan_core_flake, flake)
+    if remote:
+        with tempfile.TemporaryDirectory() as workdir:
+            monkeypatch.chdir(workdir)
            monkeypatch.setenv("HOME", str(home))
-            yield TestFlake(flake_name, flake)
+            yield FlakeForTest(flake_name, flake)
+    else:
+        monkeypatch.chdir(flake)
+        monkeypatch.setenv("HOME", str(home))
+        yield FlakeForTest(flake_name, flake)


@pytest.fixture
-def test_flake(monkeypatch: pytest.MonkeyPatch) -> Iterator[TestFlake]:
-    yield from create_flake(monkeypatch, FlakeName("test_flake"))
+def test_flake(
+    monkeypatch: pytest.MonkeyPatch, temporary_home: Path
+) -> Iterator[FlakeForTest]:
+    yield from create_flake(monkeypatch, temporary_home, FlakeName("test_flake"))


@pytest.fixture
-def test_flake_with_core(monkeypatch: pytest.MonkeyPatch) -> Iterator[TestFlake]:
-    if not (CLAN_CORE / "flake.nix").exists():
-        raise Exception(
-            "clan-core flake not found. This test requires the clan-core flake to be present"
-        )
-    yield from create_flake(monkeypatch, FlakeName("test_flake_with_core"), CLAN_CORE)
-
-
-@pytest.fixture
-def test_flake_with_core_and_pass(
-    monkeypatch: pytest.MonkeyPatch,
-) -> Iterator[TestFlake]:
+def test_flake_with_core(
+    monkeypatch: pytest.MonkeyPatch, temporary_dir: Path
+) -> Iterator[FlakeForTest]:
    if not (CLAN_CORE / "flake.nix").exists():
        raise Exception(
            "clan-core flake not found. This test requires the clan-core flake to be present"
        )
    yield from create_flake(
-        monkeypatch, FlakeName("test_flake_with_core_and_pass"), CLAN_CORE
+        monkeypatch, temporary_dir, FlakeName("test_flake_with_core"), CLAN_CORE
+    )
+
+
+@pytest.fixture
+def test_flake_with_core_and_pass(
+    monkeypatch: pytest.MonkeyPatch,
+    temporary_dir: Path,
+) -> Iterator[FlakeForTest]:
+    if not (CLAN_CORE / "flake.nix").exists():
+        raise Exception(
+            "clan-core flake not found. This test requires the clan-core flake to be present"
+        )
+    yield from create_flake(
+        monkeypatch,
+        temporary_dir,
+        FlakeName("test_flake_with_core_and_pass"),
+        CLAN_CORE,
    )
--- a/pkgs/clan-cli/tests/helpers/cli.py
+++ b/pkgs/clan-cli/tests/helpers/cli.py
@@ -1,6 +1,11 @@
 import argparse
+import logging
+import shlex

 from clan_cli import create_parser
+from clan_cli.custom_logger import get_caller
+
+log = logging.getLogger(__name__)


 class Cli:
@@ -8,6 +13,9 @@ class Cli:
        self.parser = create_parser(prog="clan")

    def run(self, args: list[str]) -> argparse.Namespace:
+        cmd = shlex.join(["clan"] + args)
+        log.debug(f"$ {cmd}")
+        log.debug(f"Caller {get_caller()}")
        parsed = self.parser.parse_args(args)
        if hasattr(parsed, "func"):
            parsed.func(parsed)
--- a/pkgs/clan-cli/tests/temporary_dir.py
+++ b/pkgs/clan-cli/tests/temporary_dir.py
@@ -1,3 +1,4 @@
+import logging
 import os
 import tempfile
 from pathlib import Path
@@ -5,14 +6,20 @@ from typing import Iterator

 import pytest

+log = logging.getLogger(__name__)
+

@pytest.fixture
-def temporary_dir() -> Iterator[Path]:
-    if os.getenv("TEST_KEEP_TEMPORARY_DIR"):
-        temp_dir = tempfile.mkdtemp(prefix="pytest-")
-        path = Path(temp_dir)
+def temporary_home(monkeypatch: pytest.MonkeyPatch) -> Iterator[Path]:
+    env_dir = os.getenv("TEST_TEMPORARY_DIR")
+    if env_dir is not None:
+        path = Path(env_dir).resolve()
+        log.debug("Temp HOME directory: %s", str(path))
+        monkeypatch.setenv("HOME", str(path))
        yield path
-        print("=========> Keeping temporary directory: ", path)
    else:
+        log.debug("TEST_TEMPORARY_DIR not set, using TemporaryDirectory")
        with tempfile.TemporaryDirectory(prefix="pytest-") as dirpath:
+            monkeypatch.setenv("HOME", str(dirpath))
+            log.debug("Temp HOME directory: %s", str(dirpath))
            yield Path(dirpath)
--- a/pkgs/clan-cli/tests/test_config.py
+++ b/pkgs/clan-cli/tests/test_config.py
@@ -9,6 +9,7 @@ from cli import Cli
 from clan_cli import config
 from clan_cli.config import parsing
 from clan_cli.errors import ClanError
+from fixtures_flakes import FlakeForTest

 example_options = f"{Path(config.__file__).parent}/jsonschema/options.json"

@@ -29,7 +30,7 @@ example_options = f"{Path(config.__file__).parent}/jsonschema/options.json"
 def test_set_some_option(
    args: list[str],
    expected: dict[str, Any],
-    test_flake: Path,
+    test_flake: FlakeForTest,
 ) -> None:
    # create temporary file for out_file
    with tempfile.NamedTemporaryFile() as out_file:
@@ -46,24 +47,24 @@ def test_set_some_option(
                out_file.name,
            ]
            + args
+            + [test_flake.name]
        )
        json_out = json.loads(open(out_file.name).read())
        assert json_out == expected


 def test_configure_machine(
-    test_flake: Path,
-    temporary_dir: Path,
+    test_flake: FlakeForTest,
+    temporary_home: Path,
    capsys: pytest.CaptureFixture,
    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
-    monkeypatch.setenv("HOME", str(temporary_dir))
    cli = Cli()
-    cli.run(["config", "-m", "machine1", "clan.jitsi.enable", "true"])
+    cli.run(["config", "-m", "machine1", "clan.jitsi.enable", "true", test_flake.name])
    # clear the output buffer
    capsys.readouterr()
    # read a option value
-    cli.run(["config", "-m", "machine1", "clan.jitsi.enable"])
+    cli.run(["config", "-m", "machine1", "clan.jitsi.enable", test_flake.name])
    # read the output
    assert capsys.readouterr().out == "true\n"

--- a/pkgs/clan-cli/tests/test_create_flake.py
+++ b/pkgs/clan-cli/tests/test_create_flake.py
@@ -6,6 +6,9 @@ import pytest
 from api import TestClient
 from cli import Cli

+from clan_cli.dirs import clan_flakes_dir
+from clan_cli.flakes.create import DEFAULT_URL
+

@pytest.fixture
 def cli() -> Cli:
@@ -14,15 +17,16 @@ def cli() -> Cli:

@pytest.mark.impure
 def test_create_flake_api(
-    monkeypatch: pytest.MonkeyPatch, api: TestClient, temporary_dir: Path
+    monkeypatch: pytest.MonkeyPatch, api: TestClient, temporary_home: Path
 ) -> None:
-    flake_dir = temporary_dir / "flake_dir"
-    flake_dir_str = str(flake_dir.resolve())
+    monkeypatch.chdir(clan_flakes_dir())
+    flake_name = "flake_dir"
+    flake_dir = clan_flakes_dir() / flake_name
    response = api.post(
        "/api/flake/create",
        json=dict(
-            dest=flake_dir_str,
-            url="git+https://git.clan.lol/clan/clan-core#new-clan",
+            dest=str(flake_dir),
+            url=str(DEFAULT_URL),
        ),
    )

@@ -34,19 +38,21 @@ def test_create_flake_api(
@pytest.mark.impure
 def test_create_flake(
    monkeypatch: pytest.MonkeyPatch,
-    temporary_dir: Path,
    capsys: pytest.CaptureFixture,
+    temporary_home: Path,
    cli: Cli,
 ) -> None:
-    monkeypatch.chdir(temporary_dir)
-    flake_dir = temporary_dir / "flake_dir"
-    flake_dir_str = str(flake_dir.resolve())
-    cli.run(["flake", "create", flake_dir_str])
+    monkeypatch.chdir(clan_flakes_dir())
+    flake_name = "flake_dir"
+    flake_dir = clan_flakes_dir() / flake_name
+
+    cli.run(["flakes", "create", flake_name])
    assert (flake_dir / ".clan-flake").exists()
    monkeypatch.chdir(flake_dir)
-    cli.run(["machines", "create", "machine1"])
+    cli.run(["machines", "create", "machine1", flake_name])
    capsys.readouterr()  # flush cache
-    cli.run(["machines", "list"])
+
+    cli.run(["machines", "list", flake_name])
    assert "machine1" in capsys.readouterr().out
    flake_show = subprocess.run(
        ["nix", "flake", "show", "--json"],
@@ -61,6 +67,17 @@ def test_create_flake(
        pytest.fail("nixosConfigurations.machine1 not found in flake outputs")
    # configure machine1
    capsys.readouterr()
-    cli.run(["config", "--machine", "machine1", "services.openssh.enable"])
+    cli.run(
+        ["config", "--machine", "machine1", "services.openssh.enable", "", flake_name]
+    )
    capsys.readouterr()
-    cli.run(["config", "--machine", "machine1", "services.openssh.enable", "true"])
+    cli.run(
+        [
+            "config",
+            "--machine",
+            "machine1",
+            "services.openssh.enable",
+            "true",
+            flake_name,
+        ]
+    )
--- a/pkgs/clan-cli/tests/test_flake_with_core/flake.nix
+++ b/pkgs/clan-cli/tests/test_flake_with_core/flake.nix
@@ -9,6 +9,7 @@
    let
      clan = clan-core.lib.buildClan {
        directory = self;
+        clanName = "test_with_core_clan";
        machines = {
          vm1 = { lib, ... }: {
            clan.networking.deploymentAddress = "__CLAN_DEPLOYMENT_ADDRESS__";
--- a/pkgs/clan-cli/tests/test_flake_with_core_and_pass/flake.nix
+++ b/pkgs/clan-cli/tests/test_flake_with_core_and_pass/flake.nix
@@ -9,6 +9,7 @@
    let
      clan = clan-core.lib.buildClan {
        directory = self;
+        clanName = "test_with_core_and_pass_clan";
        machines = {
          vm1 = { lib, ... }: {
            clan.networking.deploymentAddress = "__CLAN_DEPLOYMENT_ADDRESS__";
--- a/pkgs/clan-cli/tests/test_flake_with_core_dynamic_machines/flake.nix
+++ b/pkgs/clan-cli/tests/test_flake_with_core_dynamic_machines/flake.nix
@@ -9,6 +9,7 @@
    let
      clan = clan-core.lib.buildClan {
        directory = self;
+        clanName = "core_dynamic_machine_clan";
        machines =
          let
            machineModules = builtins.readDir (self + "/machines");
--- a/pkgs/clan-cli/tests/test_machines_config.py
+++ b/pkgs/clan-cli/tests/test_machines_config.py
@@ -1,8 +1,8 @@
-from fixtures_flakes import TestFlake
+from fixtures_flakes import FlakeForTest

 from clan_cli.config import machine


-def test_schema_for_machine(test_flake: TestFlake) -> None:
+def test_schema_for_machine(test_flake: FlakeForTest) -> None:
    schema = machine.schema_for_machine(test_flake.name, "machine1")
    assert "properties" in schema
--- a/pkgs/clan-cli/tests/test_secrets_cli.py
+++ b/pkgs/clan-cli/tests/test_secrets_cli.py
@@ -1,30 +1,33 @@
+import logging
 import os
 from contextlib import contextmanager
-from pathlib import Path
 from typing import TYPE_CHECKING, Iterator

 import pytest
 from cli import Cli
+from fixtures_flakes import FlakeForTest

 from clan_cli.errors import ClanError

 if TYPE_CHECKING:
    from age_keys import KeyPair

+log = logging.getLogger(__name__)
+

 def _test_identities(
    what: str,
-    test_flake: Path,
+    test_flake: FlakeForTest,
    capsys: pytest.CaptureFixture,
    age_keys: list["KeyPair"],
 ) -> None:
    cli = Cli()
-    sops_folder = test_flake / "sops"
+    sops_folder = test_flake.path / "sops"

-    cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey])
+    cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey, test_flake.name])
    assert (sops_folder / what / "foo" / "key.json").exists()
    with pytest.raises(ClanError):
-        cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey])
+        cli.run(["secrets", what, "add", "foo", age_keys[0].pubkey, test_flake.name])

    cli.run(
        [
@@ -34,73 +37,80 @@ def _test_identities(
            "-f",
            "foo",
            age_keys[0].privkey,
+            test_flake.name,
        ]
    )

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", what, "get", "foo"])
+    cli.run(["secrets", what, "get", "foo", test_flake.name])
    out = capsys.readouterr()  # empty the buffer
    assert age_keys[0].pubkey in out.out

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", what, "list"])
+    cli.run(["secrets", what, "list", test_flake.name])
    out = capsys.readouterr()  # empty the buffer
    assert "foo" in out.out

-    cli.run(["secrets", what, "remove", "foo"])
+    cli.run(["secrets", what, "remove", "foo", test_flake.name])
    assert not (sops_folder / what / "foo" / "key.json").exists()

    with pytest.raises(ClanError):  # already removed
-        cli.run(["secrets", what, "remove", "foo"])
+        cli.run(["secrets", what, "remove", "foo", test_flake.name])

    capsys.readouterr()
-    cli.run(["secrets", what, "list"])
+    cli.run(["secrets", what, "list", test_flake.name])
    out = capsys.readouterr()
    assert "foo" not in out.out


 def test_users(
-    test_flake: Path, capsys: pytest.CaptureFixture, age_keys: list["KeyPair"]
+    test_flake: FlakeForTest, capsys: pytest.CaptureFixture, age_keys: list["KeyPair"]
 ) -> None:
    _test_identities("users", test_flake, capsys, age_keys)


 def test_machines(
-    test_flake: Path, capsys: pytest.CaptureFixture, age_keys: list["KeyPair"]
+    test_flake: FlakeForTest, capsys: pytest.CaptureFixture, age_keys: list["KeyPair"]
 ) -> None:
    _test_identities("machines", test_flake, capsys, age_keys)


 def test_groups(
-    test_flake: Path, capsys: pytest.CaptureFixture, age_keys: list["KeyPair"]
+    test_flake: FlakeForTest, capsys: pytest.CaptureFixture, age_keys: list["KeyPair"]
 ) -> None:
    cli = Cli()
    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "groups", "list"])
+    cli.run(["secrets", "groups", "list", test_flake.name])
    assert capsys.readouterr().out == ""

    with pytest.raises(ClanError):  # machine does not exist yet
-        cli.run(["secrets", "groups", "add-machine", "group1", "machine1"])
+        cli.run(
+            ["secrets", "groups", "add-machine", "group1", "machine1", test_flake.name]
+        )
    with pytest.raises(ClanError):  # user does not exist yet
-        cli.run(["secrets", "groups", "add-user", "groupb1", "user1"])
-    cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey])
-    cli.run(["secrets", "groups", "add-machine", "group1", "machine1"])
+        cli.run(["secrets", "groups", "add-user", "groupb1", "user1", test_flake.name])
+    cli.run(
+        ["secrets", "machines", "add", "machine1", age_keys[0].pubkey, test_flake.name]
+    )
+    cli.run(["secrets", "groups", "add-machine", "group1", "machine1", test_flake.name])

    # Should this fail?
-    cli.run(["secrets", "groups", "add-machine", "group1", "machine1"])
+    cli.run(["secrets", "groups", "add-machine", "group1", "machine1", test_flake.name])

-    cli.run(["secrets", "users", "add", "user1", age_keys[0].pubkey])
-    cli.run(["secrets", "groups", "add-user", "group1", "user1"])
+    cli.run(["secrets", "users", "add", "user1", age_keys[0].pubkey, test_flake.name])
+    cli.run(["secrets", "groups", "add-user", "group1", "user1", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "groups", "list"])
+    cli.run(["secrets", "groups", "list", test_flake.name])
    out = capsys.readouterr().out
    assert "user1" in out
    assert "machine1" in out

-    cli.run(["secrets", "groups", "remove-user", "group1", "user1"])
-    cli.run(["secrets", "groups", "remove-machine", "group1", "machine1"])
-    groups = os.listdir(test_flake / "sops" / "groups")
+    cli.run(["secrets", "groups", "remove-user", "group1", "user1", test_flake.name])
+    cli.run(
+        ["secrets", "groups", "remove-machine", "group1", "machine1", test_flake.name]
+    )
+    groups = os.listdir(test_flake.path / "sops" / "groups")
    assert len(groups) == 0


@@ -117,104 +127,114 @@ def use_key(key: str, monkeypatch: pytest.MonkeyPatch) -> Iterator[None]:


 def test_secrets(
-    test_flake: Path,
+    test_flake: FlakeForTest,
    capsys: pytest.CaptureFixture,
    monkeypatch: pytest.MonkeyPatch,
    age_keys: list["KeyPair"],
 ) -> None:
    cli = Cli()
    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "list"])
+    cli.run(["secrets", "list", test_flake.name])
    assert capsys.readouterr().out == ""

    monkeypatch.setenv("SOPS_NIX_SECRET", "foo")
-    monkeypatch.setenv("SOPS_AGE_KEY_FILE", str(test_flake / ".." / "age.key"))
+    monkeypatch.setenv("SOPS_AGE_KEY_FILE", str(test_flake.path / ".." / "age.key"))
    cli.run(["secrets", "key", "generate"])
    capsys.readouterr()  # empty the buffer
    cli.run(["secrets", "key", "show"])
    key = capsys.readouterr().out
    assert key.startswith("age1")
-    cli.run(["secrets", "users", "add", "testuser", key])
+    cli.run(["secrets", "users", "add", "testuser", key, test_flake.name])

    with pytest.raises(ClanError):  # does not exist yet
-        cli.run(["secrets", "get", "nonexisting"])
-    cli.run(["secrets", "set", "initialkey"])
+        cli.run(["secrets", "get", "nonexisting", test_flake.name])
+    cli.run(["secrets", "set", "initialkey", test_flake.name])
    capsys.readouterr()
-    cli.run(["secrets", "get", "initialkey"])
+    cli.run(["secrets", "get", "initialkey", test_flake.name])
    assert capsys.readouterr().out == "foo"
    capsys.readouterr()
-    cli.run(["secrets", "users", "list"])
+    cli.run(["secrets", "users", "list", test_flake.name])
    users = capsys.readouterr().out.rstrip().split("\n")
    assert len(users) == 1, f"users: {users}"
    owner = users[0]

    monkeypatch.setenv("EDITOR", "cat")
-    cli.run(["secrets", "set", "--edit", "initialkey"])
+    cli.run(["secrets", "set", "--edit", "initialkey", test_flake.name])
    monkeypatch.delenv("EDITOR")

-    cli.run(["secrets", "rename", "initialkey", "key"])
+    cli.run(["secrets", "rename", "initialkey", "key", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "list"])
+    cli.run(["secrets", "list", test_flake.name])
    assert capsys.readouterr().out == "key\n"

-    cli.run(["secrets", "machines", "add", "machine1", age_keys[0].pubkey])
-    cli.run(["secrets", "machines", "add-secret", "machine1", "key"])
+    cli.run(
+        ["secrets", "machines", "add", "machine1", age_keys[0].pubkey, test_flake.name]
+    )
+    cli.run(["secrets", "machines", "add-secret", "machine1", "key", test_flake.name])
    capsys.readouterr()
-    cli.run(["secrets", "machines", "list"])
+    cli.run(["secrets", "machines", "list", test_flake.name])
    assert capsys.readouterr().out == "machine1\n"

    with use_key(age_keys[0].privkey, monkeypatch):
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])

        assert capsys.readouterr().out == "foo"

-    cli.run(["secrets", "machines", "remove-secret", "machine1", "key"])
+    cli.run(
+        ["secrets", "machines", "remove-secret", "machine1", "key", test_flake.name]
+    )

-    cli.run(["secrets", "users", "add", "user1", age_keys[1].pubkey])
-    cli.run(["secrets", "users", "add-secret", "user1", "key"])
+    cli.run(["secrets", "users", "add", "user1", age_keys[1].pubkey, test_flake.name])
+    cli.run(["secrets", "users", "add-secret", "user1", "key", test_flake.name])
    capsys.readouterr()
    with use_key(age_keys[1].privkey, monkeypatch):
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
    assert capsys.readouterr().out == "foo"
-    cli.run(["secrets", "users", "remove-secret", "user1", "key"])
+    cli.run(["secrets", "users", "remove-secret", "user1", "key", test_flake.name])

    with pytest.raises(ClanError):  # does not exist yet
-        cli.run(["secrets", "groups", "add-secret", "admin-group", "key"])
-    cli.run(["secrets", "groups", "add-user", "admin-group", "user1"])
-    cli.run(["secrets", "groups", "add-user", "admin-group", owner])
-    cli.run(["secrets", "groups", "add-secret", "admin-group", "key"])
+        cli.run(
+            ["secrets", "groups", "add-secret", "admin-group", "key", test_flake.name]
+        )
+    cli.run(["secrets", "groups", "add-user", "admin-group", "user1", test_flake.name])
+    cli.run(["secrets", "groups", "add-user", "admin-group", owner, test_flake.name])
+    cli.run(["secrets", "groups", "add-secret", "admin-group", "key", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "set", "--group", "admin-group", "key2"])
+    cli.run(["secrets", "set", "--group", "admin-group", "key2", test_flake.name])

    with use_key(age_keys[1].privkey, monkeypatch):
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
        assert capsys.readouterr().out == "foo"

    # extend group will update secrets
-    cli.run(["secrets", "users", "add", "user2", age_keys[2].pubkey])
-    cli.run(["secrets", "groups", "add-user", "admin-group", "user2"])
+    cli.run(["secrets", "users", "add", "user2", age_keys[2].pubkey, test_flake.name])
+    cli.run(["secrets", "groups", "add-user", "admin-group", "user2", test_flake.name])

    with use_key(age_keys[2].privkey, monkeypatch):  # user2
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
        assert capsys.readouterr().out == "foo"

-    cli.run(["secrets", "groups", "remove-user", "admin-group", "user2"])
+    cli.run(
+        ["secrets", "groups", "remove-user", "admin-group", "user2", test_flake.name]
+    )
    with pytest.raises(ClanError), use_key(age_keys[2].privkey, monkeypatch):
        # user2 is not in the group anymore
        capsys.readouterr()
-        cli.run(["secrets", "get", "key"])
+        cli.run(["secrets", "get", "key", test_flake.name])
        print(capsys.readouterr().out)

-    cli.run(["secrets", "groups", "remove-secret", "admin-group", "key"])
+    cli.run(
+        ["secrets", "groups", "remove-secret", "admin-group", "key", test_flake.name]
+    )

-    cli.run(["secrets", "remove", "key"])
-    cli.run(["secrets", "remove", "key2"])
+    cli.run(["secrets", "remove", "key", test_flake.name])
+    cli.run(["secrets", "remove", "key2", test_flake.name])

    capsys.readouterr()  # empty the buffer
-    cli.run(["secrets", "list"])
+    cli.run(["secrets", "list", test_flake.name])
    assert capsys.readouterr().out == ""
--- a/pkgs/clan-cli/tests/test_secrets_generate.py
+++ b/pkgs/clan-cli/tests/test_secrets_generate.py
@@ -2,7 +2,7 @@ from typing import TYPE_CHECKING

 import pytest
 from cli import Cli
-from fixtures_flakes import TestFlake
+from fixtures_flakes import FlakeForTest

 from clan_cli.machines.facts import machine_get_fact
 from clan_cli.secrets.folders import sops_secrets_folder
@@ -15,7 +15,7 @@ if TYPE_CHECKING:
@pytest.mark.impure
 def test_generate_secret(
    monkeypatch: pytest.MonkeyPatch,
-    test_flake_with_core: TestFlake,
+    test_flake_with_core: FlakeForTest,
    age_keys: list["KeyPair"],
 ) -> None:
    monkeypatch.chdir(test_flake_with_core.path)
--- a/pkgs/clan-cli/tests/test_secrets_password_store.py
+++ b/pkgs/clan-cli/tests/test_secrets_password_store.py
@@ -3,7 +3,7 @@ from pathlib import Path

 import pytest
 from cli import Cli
-from fixtures_flakes import TestFlake
+from fixtures_flakes import FlakeForTest

 from clan_cli.machines.facts import machine_get_fact
 from clan_cli.nix import nix_shell
@@ -13,7 +13,7 @@ from clan_cli.ssh import HostGroup
@pytest.mark.impure
 def test_upload_secret(
    monkeypatch: pytest.MonkeyPatch,
-    test_flake_with_core_and_pass: TestFlake,
+    test_flake_with_core_and_pass: FlakeForTest,
    temporary_dir: Path,
    host_group: HostGroup,
 ) -> None:
--- a/pkgs/clan-cli/tests/test_vms_api_create.py
+++ b/pkgs/clan-cli/tests/test_vms_api_create.py
@@ -5,20 +5,23 @@ from typing import TYPE_CHECKING, Iterator
 import pytest
 from api import TestClient
 from cli import Cli
-from fixtures_flakes import TestFlake, create_flake
+from fixtures_flakes import FlakeForTest, create_flake
 from httpx import SyncByteStream
 from root import CLAN_CORE

-from clan_cli.flakes.types import FlakeName
+from clan_cli.types import FlakeName

 if TYPE_CHECKING:
    from age_keys import KeyPair


@pytest.fixture
-def flake_with_vm_with_secrets(monkeypatch: pytest.MonkeyPatch) -> Iterator[TestFlake]:
+def flake_with_vm_with_secrets(
+    monkeypatch: pytest.MonkeyPatch, temporary_home: Path
+) -> Iterator[FlakeForTest]:
    yield from create_flake(
        monkeypatch,
+        temporary_home,
        FlakeName("test_flake_with_core_dynamic_machines"),
        CLAN_CORE,
        machines=["vm_with_secrets"],
@@ -27,10 +30,11 @@ def flake_with_vm_with_secrets(monkeypatch: pytest.MonkeyPatch) -> Iterator[Test

@pytest.fixture
 def remote_flake_with_vm_without_secrets(
-    monkeypatch: pytest.MonkeyPatch,
-) -> Iterator[TestFlake]:
+    monkeypatch: pytest.MonkeyPatch, temporary_home: Path
+) -> Iterator[FlakeForTest]:
    yield from create_flake(
        monkeypatch,
+        temporary_home,
        FlakeName("test_flake_with_core_dynamic_machines"),
        CLAN_CORE,
        machines=["vm_without_secrets"],
@@ -41,11 +45,12 @@ def remote_flake_with_vm_without_secrets(
@pytest.fixture
 def create_user_with_age_key(
    monkeypatch: pytest.MonkeyPatch,
+    test_flake: FlakeForTest,
    age_keys: list["KeyPair"],
 ) -> None:
    monkeypatch.setenv("SOPS_AGE_KEY", age_keys[0].privkey)
    cli = Cli()
-    cli.run(["secrets", "users", "add", "user1", age_keys[0].pubkey])
+    cli.run(["secrets", "users", "add", "user1", age_keys[0].pubkey, test_flake.name])


 def generic_create_vm_test(api: TestClient, flake: Path, vm: str) -> None:
@@ -91,10 +96,10 @@ def generic_create_vm_test(api: TestClient, flake: Path, vm: str) -> None:
 def test_create_local(
    api: TestClient,
    monkeypatch: pytest.MonkeyPatch,
-    flake_with_vm_with_secrets: Path,
+    flake_with_vm_with_secrets: FlakeForTest,
    create_user_with_age_key: None,
 ) -> None:
-    generic_create_vm_test(api, flake_with_vm_with_secrets, "vm_with_secrets")
+    generic_create_vm_test(api, flake_with_vm_with_secrets.path, "vm_with_secrets")


@pytest.mark.skipif(not os.path.exists("/dev/kvm"), reason="Requires KVM")
@@ -102,8 +107,8 @@ def test_create_local(
 def test_create_remote(
    api: TestClient,
    monkeypatch: pytest.MonkeyPatch,
-    remote_flake_with_vm_without_secrets: Path,
+    remote_flake_with_vm_without_secrets: FlakeForTest,
 ) -> None:
    generic_create_vm_test(
-        api, remote_flake_with_vm_without_secrets, "vm_without_secrets"
+        api, remote_flake_with_vm_without_secrets.path, "vm_without_secrets"
    )