diff --git a/flake.nix b/flake.nix
index bb0b6bf..c03bb25 100644
--- a/flake.nix
+++ b/flake.nix
@@ -128,15 +128,7 @@
           default = self'.packages.autofirma;
         };
         checks = {
-          # autofirma-sign = pkgs.runCommand "autofirma-sign" {} ''
-          #   mkdir -p $out
-          #   echo "NixOS AutoFirma Sign Test" > document.txt
-          #
-          #   ${inputs.nixpkgs.lib.getExe pkgs.openssl} req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -days 365 -nodes -subj "/C=ES/O=TEST AUTOFIRMA NIX/OU=DNIE/CN=AC DNIE 004" -passout pass:1234
-          #   ${inputs.nixpkgs.lib.getExe pkgs.openssl} pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt -name "testcert" -password pass:1234
-          #
-          #   ${inputs.nixpkgs.lib.getExe self'.packages.autofirma} sign -store pkcs12:certificate.p12 -i document.txt -o document.txt.sign -filter alias.contains=testcert -password 1234 -xml
-          # '';
+          nixos-module-sign = pkgs.callPackage ./nix/tests/test-sign.nix { inherit self; };
         };
       };
     };
diff --git a/nix/tests/test-sign.nix b/nix/tests/test-sign.nix
new file mode 100644
index 0000000..3a6e44e
--- /dev/null
+++ b/nix/tests/test-sign.nix
@@ -0,0 +1,28 @@
+{ self, pkgs, lib }:
+let
+  openssl = lib.getExe pkgs.openssl;
+in
+
+pkgs.nixosTest {
+  name = "test-nixos-module-sign";
+  nodes.machine = { config, pkgs, modulesPath, ... }: {
+    imports = [
+      self.nixosModules.autofirma
+      (modulesPath + "./../tests/common/x11.nix")
+    ];
+
+    programs.autofirma.enable = true;
+
+    system.stateVersion = "${lib.versions.major lib.version}.${lib.versions.minor lib.version}";
+  };
+
+  testScript = ''
+    machine.succeed('echo "NixOS AutoFirma Sign Test" > document.txt')
+    machine.succeed('${openssl} req -x509 -newkey rsa:2048 -keyout private.key -out certificate.crt -days 365 -nodes -subj "/C=ES/O=TEST AUTOFIRMA NIX/OU=DNIE/CN=AC DNIE 004" -passout pass:1234')
+    machine.succeed('${openssl} pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt -name "testcert" -password pass:1234')
+
+    machine.wait_for_x()
+
+    machine.succeed('autofirma sign -store pkcs12:certificate.p12 -i document.txt -o document.txt.sign -filter alias.contains=testcert -password 1234 -xml')
+  '';
+}