diff --git a/hosts/bind/default.nix b/hosts/bind/default.nix
index 6b733a40..39a8de40 100644
--- a/hosts/bind/default.nix
+++ b/hosts/bind/default.nix
@@ -39,6 +39,15 @@ in
     };
   };
 
+  # Privileged commands triggered by deploy-c3d2-dns
+  security.sudo.extraRules = [ {
+    users = [ "c3d2-dns" ];
+    commands = [ {
+      command = "${reloadCommand}/bin/reload-bind";
+      options = [ "NOPASSWD" ];
+    } ];
+  } ];
+
   # DNS server
   services.bind = {
     enable = true;
@@ -52,10 +61,6 @@ in
       };
     '';
   };
-  systemd.services.bind.serviceConfig = {
-    Restart = "always";
-    RestartSec = "5s";
-  };
 
   # BIND statistics in Grafana
   services.collectd.plugins.bind = ''
@@ -69,6 +74,18 @@ in
     MemoryStats     true
   '';
 
+  system.stateVersion = "22.05";
+
+  systemd.services.bind.serviceConfig = {
+    Restart = "always";
+    RestartSec = "5s";
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${config.users.users.c3d2-dns.home} 0755 c3d2-dns ${config.users.users.c3d2-dns.group} - -"
+    "d /var/lib/bind/slave 0755 named nogroup - -"
+  ];
+
   # Build user
   users.groups.c3d2-dns = {};
   users.users.c3d2-dns = {
@@ -80,20 +97,4 @@ in
     ];
     packages = [ reloadCommand ];
   };
-
-  systemd.tmpfiles.rules = [
-    "d ${config.users.users.c3d2-dns.home} 0755 c3d2-dns ${config.users.users.c3d2-dns.group} - -"
-    "d /var/lib/bind/slave 0755 named nogroup - -"
-  ];
-
-  # Privileged commands triggered by deploy-c3d2-dns
-  security.sudo.extraRules = [ {
-    users = [ "c3d2-dns" ];
-    commands = [ {
-      command = "${reloadCommand}/bin/reload-bind";
-      options = [ "NOPASSWD" ];
-    } ];
-  } ];
-
-  system.stateVersion = "22.05";
 }