modules: move user/group options to bottom

These are insignificant, generic options; place them above readonly options.
We already do this in other services.

Also move user/group config to bottom in spark-wallet.

modules/bitcoind.nix

@@ -43,16 +43,6 @@ let
         default = "/var/lib/bitcoind";
         description = "The data directory for bitcoind.";
       };
-      user = mkOption {
-        type = types.str;
-        default = "bitcoin";
-        description = "The user as which to run bitcoind.";
-      };
-      group = mkOption {
-        type = types.str;
-        default = cfg.user;
-        description = "The group as which to run bitcoind.";
-      };
       rpc = {
         address = mkOption {
           type = types.str;
@@ -221,6 +211,16 @@ let
         example = "bech32";
         description = "The type of addresses to use";
       };
+      user = mkOption {
+        type = types.str;
+        default = "bitcoin";
+        description = "The user as which to run bitcoind.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = cfg.user;
+        description = "The group as which to run bitcoind.";
+      };
       cli = mkOption {
         readOnly = true;
         type = types.package;

modules/btcpayserver.nix

@@ -67,16 +67,6 @@ let
         default = "/var/lib/btcpayserver";
         description = "The data directory for btcpayserver.";
       };
-      user = mkOption {
-        type = types.str;
-        default = "btcpayserver";
-        description = "The user as which to run btcpayserver.";
-      };
-      group = mkOption {
-        type = types.str;
-        default = cfg.btcpayserver.user;
-        description = "The group as which to run btcpayserver.";
-      };
       lightningBackend = mkOption {
         type = types.nullOr (types.enum [ "clightning" "lnd" ]);
         default = null;
@@ -93,6 +83,16 @@ let
         example = "btcpayserver";
         description = "The prefix for root-relative btcpayserver URLs.";
       };
+      user = mkOption {
+        type = types.str;
+        default = "btcpayserver";
+        description = "The user as which to run btcpayserver.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = cfg.btcpayserver.user;
+        description = "The group as which to run btcpayserver.";
+      };
       enforceTor = nbLib.enforceTor;
     };
   };

modules/electrs.nix

@@ -19,16 +19,6 @@ let
       default = "/var/lib/electrs";
       description = "The data directory for electrs.";
     };
-    user = mkOption {
-      type = types.str;
-      default = "electrs";
-      description = "The user as which to run electrs.";
-    };
-    group = mkOption {
-      type = types.str;
-      default = cfg.user;
-      description = "The group as which to run electrs.";
-    };
     high-memory = mkOption {
       type = types.bool;
       default = false;
@@ -46,6 +36,16 @@ let
       default = "";
       description = "Extra command line arguments passed to electrs.";
     };
+    user = mkOption {
+      type = types.str;
+      default = "electrs";
+      description = "The user as which to run electrs.";
+    };
+    group = mkOption {
+      type = types.str;
+      default = cfg.user;
+      description = "The group as which to run electrs.";
+    };
     enforceTor = nbLib.enforceTor;
   };
 

modules/joinmarket.nix

@@ -9,6 +9,13 @@ let
       default = "/var/lib/joinmarket";
       description = "The data directory for JoinMarket.";
     };
+    rpcWalletFile = mkOption {
+      type = types.nullOr types.str;
+      default = "jm_wallet";
+      description = ''
+        Name of the watch-only bitcoind wallet the JoinMarket addresses are imported to.
+      '';
+    };
     user = mkOption {
       type = types.str;
       default = "joinmarket";
@@ -19,13 +26,6 @@ let
       default = cfg.user;
       description = "The group as which to run JoinMarket.";
     };
-    rpcWalletFile = mkOption {
-      type = types.nullOr types.str;
-      default = "jm_wallet";
-      description = ''
-        Name of the watch-only bitcoind wallet the JoinMarket addresses are imported to.
-      '';
-    };
     cli = mkOption {
       default = cli;
     };

modules/liquid.nix

@@ -3,7 +3,6 @@
 with lib;
 let
   options = {
-
     services.liquidd = {
       enable = mkEnableOption "Liquid sidechain";
       address = mkOption {
@@ -31,16 +30,6 @@ let
         default = "/var/lib/liquidd";
         description = "The data directory for liquidd.";
       };
-      user = mkOption {
-        type = types.str;
-        default = "liquid";
-        description = "The user as which to run liquidd.";
-      };
-      group = mkOption {
-        type = types.str;
-        default = cfg.user;
-        description = "The group as which to run liquidd.";
-      };
       rpc = {
         address = mkOption {
           type = types.str;
@@ -120,6 +109,16 @@ let
           Validate pegin claims. All functionaries must run this.
         '';
       };
+      user = mkOption {
+        type = types.str;
+        default = "liquid";
+        description = "The user as which to run liquidd.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = cfg.user;
+        description = "The group as which to run liquidd.";
+      };
       cli = mkOption {
         readOnly = true;
         default = pkgs.writeScriptBin "elements-cli" ''

modules/spark-wallet.nix

@@ -65,13 +65,6 @@ in {
   config = mkIf cfg.enable {
     services.clightning.enable = true;
 
-    users.users.${cfg.user} = {
-      isSystemUser = true;
-      group = cfg.group;
-      extraGroups = [ config.services.clightning.group ];
-    };
-    users.groups.${cfg.group} = {};
-
     systemd.services.spark-wallet = {
       wantedBy = [ "multi-user.target" ];
       requires = [ "clightning.service" ];
@@ -85,6 +78,13 @@ in {
         // nbLib.nodejs;
     };
 
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.group;
+      extraGroups = [ config.services.clightning.group ];
+    };
+    users.groups.${cfg.group} = {};
+
     nix-bitcoin.secrets.spark-wallet-login.user = cfg.user;
     nix-bitcoin.generateSecretsCmds.spark-wallet = ''
       makePasswordSecret spark-wallet-password