diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix
index 03bfa07..d944885 100644
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -14,7 +14,7 @@ let
     "gitea-light"
     "gitea-dark"
   ];
-  is-auth-enabled = config.selfprivacy.modules.auth.enable;
+  is-auth-enabled = config.selfprivacy.modules.auth.enable or false;
   oauth-client-id = "forgejo";
   auth-passthru = config.passthru.selfprivacy.auth;
   oauth2-provider-name = auth-passthru.oauth2-provider-name;
diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix
index 671809d..6cfc4f5 100644
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -11,7 +11,7 @@ let
 
   hostName = "${cfg.subdomain}.${sp.domain}";
   auth-passthru = config.passthru.selfprivacy.auth;
-  is-auth-enabled = config.selfprivacy.modules.auth.enable;
+  is-auth-enabled = config.selfprivacy.modules.auth.enable or false;
   cfg = sp.modules.nextcloud;
   ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}";
 
diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix
index 45b160d..7a389d8 100644
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@@ -2,7 +2,7 @@
 let
   domain = config.selfprivacy.domain;
   cfg = config.selfprivacy.modules.roundcube;
-  is-auth-enabled = config.selfprivacy.modules.auth.enable;
+  is-auth-enabled = config.selfprivacy.modules.auth.enable or false;
   auth-passthru = config.passthru.selfprivacy.auth;
   auth-fqdn = auth-passthru.auth-fqdn;
   oauth-client-id = "roundcube";
diff --git a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
index 0c2677d..4b97545 100644
--- a/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
+++ b/sp-modules/simple-nixos-mailserver/auth-dovecot.nix
@@ -2,9 +2,10 @@
 let
   inherit (import ./common.nix nixos-args)
     appendLdapBindPwd
+    auth-passthru
     cfg
     domain
-    auth-passthru
+    is-auth-enabled
     ;
 
   runtime-directory = "dovecot2";
@@ -61,7 +62,7 @@ let
     '';
   };
 in
-lib.mkIf config.selfprivacy.modules.auth.enable {
+lib.mkIf is-auth-enabled {
   mailserver.ldap = {
     # note: in `ldapsearch` first comes filter, then attributes
     dovecot.userAttrs = "+"; # all operational attributes
diff --git a/sp-modules/simple-nixos-mailserver/auth-postfix.nix b/sp-modules/simple-nixos-mailserver/auth-postfix.nix
index 6404380..ca6ca68 100644
--- a/sp-modules/simple-nixos-mailserver/auth-postfix.nix
+++ b/sp-modules/simple-nixos-mailserver/auth-postfix.nix
@@ -3,6 +3,7 @@ let
   inherit (import ./common.nix nixos-args)
     appendLdapBindPwd
     auth-passthru
+    is-auth-enabled
     ;
 
   cfg = config.mailserver;
@@ -50,7 +51,7 @@ let
     destination = ldapVirtualMailboxMapFile;
   };
 in
-lib.mkIf config.selfprivacy.modules.auth.enable {
+lib.mkIf is-auth-enabled {
   mailserver.ldap = {
     postfix.mailAttribute = "mail";
     postfix.uidAttribute = "uid";
diff --git a/sp-modules/simple-nixos-mailserver/common.nix b/sp-modules/simple-nixos-mailserver/common.nix
index d7544e6..eba175b 100644
--- a/sp-modules/simple-nixos-mailserver/common.nix
+++ b/sp-modules/simple-nixos-mailserver/common.nix
@@ -2,7 +2,7 @@
 rec {
   auth-passthru = config.passthru.selfprivacy.auth;
   domain = config.selfprivacy.domain;
-  is-auth-enabled = config.selfprivacy.modules.auth.enable;
+  is-auth-enabled = config.selfprivacy.modules.auth.enable or false;
 
   appendLdapBindPwd =
     { name, file, prefix, suffix ? "", passwordFile, destination }: