passthru.selfprivacy.auth.admins-group = "sp.admins"

sp-modules/auth/module.nix

@@ -97,7 +97,7 @@ in
       provision = {
         enable = true;
         autoRemove = true; # if false, obsolete oauth2 scopeMaps remain
-        groups."sp.admins".present = true;
+        groups.${passthru.admins-group}.present = true;
         groups.${passthru.full-users-group}.present = true;
       };
       enableClient = true;
@@ -186,6 +186,7 @@ in
       ldap-host = "127.0.0.1";
       ldap-port = 3636;
 
+      admins-group = "sp.admins";
       full-users-group = "sp.full_users";
     };
   };

sp-modules/gitea/module.nix

@@ -413,7 +413,7 @@ in
 
         services.kanidm.provision = {
           groups = {
-            "${admins-group}".members = [ "sp.admins" ];
+            "${admins-group}".members = [ auth-passthru.admins-group ];
             "${users-group}".members =
               [ admins-group auth-passthru.full-users-group ];
           };

sp-modules/nextcloud/module.nix

@@ -382,7 +382,7 @@ in
         };
         services.kanidm.provision = {
           groups = {
-            "${admins-group}".members = [ "sp.admins" ];
+            "${admins-group}".members = [ auth-passthru.admins-group ];
             "${users-group}".members =
               [ admins-group auth-passthru.full-users-group ];
           };

sp-modules/roundcube/module.nix

@@ -101,7 +101,7 @@ in
         };
         services.kanidm.provision = {
           groups = {
-            "sp.roundcube.admins".members = [ "sp.admins" ];
+            "sp.roundcube.admins".members = [ auth-passthru.admins-group ];
             "sp.roundcube.users".members =
               [ "sp.roundcube.admins" auth-passthru.full-users-group ];
           };