add basic darwin test

checks/darwin.nix

@@ -0,0 +1,10 @@
+{
+  imports = [
+    ../modules/nix-darwin/default.nix
+  ];
+  nixpkgs.hostPlatform = "aarch64-darwin";
+  sops.secrets.test_key = { };
+  sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml;
+  sops.age.generateKey = true;
+  system.stateVersion = 5;
+}

flake.lock

@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "nix-darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1731809072,
+        "narHash": "sha256-pOsDJQR0imnFLfpvTmRpHcP0tflyxtP/QIzokrKSP8U=",
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "rev": "34588d57cfc41c6953c54c93b6b685cab3b548ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1731763621,
@@ -34,6 +54,7 @@
     },
     "root": {
       "inputs": {
+        "nix-darwin": "nix-darwin",
         "nixpkgs": "nixpkgs",
         "nixpkgs-stable": "nixpkgs-stable"
       }

flake.nix

@@ -2,13 +2,18 @@
   description = "Integrates sops into nixos";
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
   inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
+
+  inputs.nix-darwin.url = "github:LnL7/nix-darwin";
+  inputs.nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
+
   nixConfig.extra-substituters = ["https://cache.thalheim.io"];
   nixConfig.extra-trusted-public-keys = ["cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="];
   outputs = {
     self,
     nixpkgs,
-    nixpkgs-stable
-  }: let
+    nixpkgs-stable,
+    nix-darwin,
+  } @ inputs: let
     systems = [
       "x86_64-linux"
       "x86_64-darwin"
@@ -36,6 +41,15 @@
       sops = ./modules/nix-darwin;
       default = self.darwinModules.sops;
     };
+
+    darwinConfigurations.sops = nix-darwin.lib.darwinSystem {
+      modules = [ ./checks/darwin.nix ];
+      specialArgs = {
+        inherit self;
+        inherit inputs;
+      };
+    };
+
     packages = forAllSystems (system:
       import ./default.nix {
         pkgs = import nixpkgs {inherit system;};

modules/nix-darwin/manifest-for.nix

@@ -1,11 +1,12 @@
 { writeTextFile, cfg }:
 
-suffix: secrets: extraJson:
+suffix: secrets: templates: extraJson:
 
 writeTextFile {
   name = "manifest${suffix}.json";
   text = builtins.toJSON ({
     secrets = builtins.attrValues secrets;
+    templates = builtins.attrValues templates;
     # Does this need to be configurable?
     secretsMountPoint = "/run/secrets.d";
     symlinkPath = "/run/secrets";
@@ -15,7 +16,6 @@ writeTextFile {
     ageKeyFile = cfg.age.keyFile;
     ageSshKeyPaths = cfg.age.sshKeyPaths;
     useTmpfs = false;
-    templates = cfg.templates;
     placeholderBySecretName = cfg.placeholder;
     userMode = false;
     logging = {