From 2ed4cc0dee9a931bd10ca547d95c4e52c5c4cd57 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Sat, 25 Jan 2025 23:20:00 +0400
Subject: [PATCH] passthru.selfprivacy.auth.admins-group = "sp.admins"

---
 sp-modules/auth/module.nix      | 3 ++-
 sp-modules/gitea/module.nix     | 2 +-
 sp-modules/nextcloud/module.nix | 2 +-
 sp-modules/roundcube/module.nix | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/sp-modules/auth/module.nix b/sp-modules/auth/module.nix
index 8670e81..c4644ca 100644
--- a/sp-modules/auth/module.nix
+++ b/sp-modules/auth/module.nix
@@ -97,7 +97,7 @@ in
       provision = {
         enable = true;
         autoRemove = true; # if false, obsolete oauth2 scopeMaps remain
-        groups."sp.admins".present = true;
+        groups.${passthru.admins-group}.present = true;
         groups.${passthru.full-users-group}.present = true;
       };
       enableClient = true;
@@ -186,6 +186,7 @@ in
       ldap-host = "127.0.0.1";
       ldap-port = 3636;
 
+      admins-group = "sp.admins";
       full-users-group = "sp.full_users";
     };
   };
diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix
index 390c017..c992599 100644
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -413,7 +413,7 @@ in
 
         services.kanidm.provision = {
           groups = {
-            "${admins-group}".members = [ "sp.admins" ];
+            "${admins-group}".members = [ auth-passthru.admins-group ];
             "${users-group}".members =
               [ admins-group auth-passthru.full-users-group ];
           };
diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix
index 1ad01f5..62104ac 100644
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -382,7 +382,7 @@ in
         };
         services.kanidm.provision = {
           groups = {
-            "${admins-group}".members = [ "sp.admins" ];
+            "${admins-group}".members = [ auth-passthru.admins-group ];
             "${users-group}".members =
               [ admins-group auth-passthru.full-users-group ];
           };
diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix
index 996abc2..3626cad 100644
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@@ -101,7 +101,7 @@ in
         };
         services.kanidm.provision = {
           groups = {
-            "sp.roundcube.admins".members = [ "sp.admins" ];
+            "sp.roundcube.admins".members = [ auth-passthru.admins-group ];
             "sp.roundcube.users".members =
               [ "sp.roundcube.admins" auth-passthru.full-users-group ];
           };