services: use consistent layout

Use the following order of definitions for all services:
- assertions
- configuration of other services
- environment.systemPackages
- tmpfiles
- own service
- users
- secrets

modules/joinmarket.nix

@@ -141,30 +141,12 @@ in {
   };
 
   config = mkIf cfg.enable (mkMerge [{
-    services.bitcoind.enable = true;
-
-    environment.systemPackages = [
-      (hiPrio cfg.cli)
-    ];
-    users.users.${cfg.user} = {
-        group = cfg.group;
-        home = cfg.dataDir;
-        # Allow access to the tor control socket, needed for payjoin onion service creation
-        extraGroups = [ "tor" ];
-    };
-    users.groups.${cfg.group} = {};
-    nix-bitcoin.operator = {
-      groups = [ cfg.group ];
-      sudoUsers = [ cfg.group ];
+    services.bitcoind = {
+      enable = true;
+      disablewallet = false;
     };
 
-    systemd.tmpfiles.rules = [
-      "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
-    ];
-
-    services.bitcoind.disablewallet = false;
-
-    # Joinmarket is TOR-only
+    # Joinmarket is Tor-only
     services.tor = {
       enable = true;
       client.enable = true;
@@ -172,6 +154,14 @@ in {
       controlSocket.enable = true;
     };
 
+    environment.systemPackages = [
+      (hiPrio cfg.cli)
+    ];
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
+    ];
+
     systemd.services.joinmarket = {
       wantedBy = [ "multi-user.target" ];
       requires = [ "bitcoind.service" ];
@@ -211,6 +201,18 @@ in {
       } // nbLib.allowTor;
     };
 
+    users.users.${cfg.user} = {
+      group = cfg.group;
+      home = cfg.dataDir;
+      # Allow access to the tor control socket, needed for payjoin onion service creation
+      extraGroups = [ "tor" ];
+    };
+    users.groups.${cfg.group} = {};
+    nix-bitcoin.operator = {
+      groups = [ cfg.group ];
+      sudoUsers = [ cfg.group ];
+    };
+
     nix-bitcoin.secrets.jm-wallet-password.user = cfg.user;
   }