Infini-DL360/ssh: reorder ssh extra config

hosts/Infini-DL360/default.nix

@@ -30,11 +30,11 @@
     ./postgresql.nix
     ./privoxy.nix
     ./radicale.nix
-    ./research.nix
     ./searx.nix
     ./ssh.nix
     ./thelounge.nix
     ./torrenting.nix
+    ./users.nix
     ./vaultwarden.nix
     ./web.nix
     ./wireguard.nix

hosts/Infini-DL360/research.nix

@@ -1,32 +0,0 @@
-{ pkgs, ... }:
-
-{
-  users.users.cs252 = {
-    description = "Guest account for CS 252 researchers";
-    group = "users";
-    isNormalUser = true;
-    shell = pkgs.bash;
-  };
-
-  services.openssh.extraConfig = ''
-    Match user cs252
-      AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
-      DisableForwarding yes
-      PasswordAuthentication no
-  '';
-
-  security.pam.loginLimits = [
-    {
-      domain = "cs252";
-      item = "memlock";
-      type = "-";
-      value = "256000000";
-    }
-    {
-      domain = "cs252";
-      item = "as";
-      type = "-";
-      value = "256000000";
-    }
-  ];
-}

hosts/Infini-DL360/ssh.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
   cfg = config.services.openssh;
 
@@ -63,7 +68,7 @@ in
 
   # https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/
   # https://github.com/NixOS/nixpkgs/blob/d603719ec6e294f034936c0d0dc06f689d91b6c3/nixos/modules/services/networking/ssh/sshd.nix#L663
-  services.openssh.extraConfig = ''
+  services.openssh.extraConfig = lib.mkBefore ''
     XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
 
     Match user infinidoge

hosts/Infini-DL360/users.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+
+{
+  users.users.mistergij = {
+    description = "Account for hosting DnD World bots";
+    isNormalUser = true;
+    shell = pkgs.bash;
+  };
+
+  services.openssh.extraConfig = ''
+    Match user mistergij
+      DisableForwarding yes
+  '';
+}