From 403604ca66e87e0886f179cba63699073a10fe3b Mon Sep 17 00:00:00 2001
From: David McFarland <corngood@gmail.com>
Date: Tue, 15 Oct 2024 23:00:40 -0300
Subject: [PATCH] resolvconf: use correct output files when used with dnsmasq

---
 nixos/modules/config/resolvconf.nix           | 16 ++++++++++++++--
 nixos/modules/services/networking/dhcpcd.nix  |  2 +-
 nixos/modules/services/networking/dnsmasq.nix |  5 +++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/config/resolvconf.nix b/nixos/modules/config/resolvconf.nix
index 0d56ccf85d4c..f6241e9bf96b 100644
--- a/nixos/modules/config/resolvconf.nix
+++ b/nixos/modules/config/resolvconf.nix
@@ -114,6 +114,15 @@ in
         '';
       };
 
+      subscriberFiles = lib.mkOption {
+        type = lib.types.listOf lib.types.path;
+        default = [];
+        description = ''
+          Files written by resolvconf updates
+        '';
+        internal = true;
+      };
+
     };
 
   };
@@ -134,6 +143,8 @@ in
     (lib.mkIf cfg.enable {
       users.groups.resolvconf = {};
 
+      networking.resolvconf.subscriberFiles = [ "/etc/resolv.conf" ];
+
       networking.resolvconf.package = pkgs.openresolv;
 
       environment.systemPackages = [ cfg.package ];
@@ -150,8 +161,9 @@ in
 
         script = ''
           ${lib.getExe cfg.package} -u
-          chgrp -R resolvconf /etc/resolv.conf /run/resolvconf
-          chmod -R g=u /etc/resolv.conf /run/resolvconf
+          files=(/run/resolvconf ${lib.escapeShellArgs cfg.subscriberFiles})
+          chgrp -R resolvconf "''${files[@]}"
+          chmod -R g=u "''${files[@]}"
         '';
       };
 
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
index afc977583594..a7c896cb28a2 100644
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@@ -250,7 +250,7 @@ in
             Restart = "always";
             AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" "CAP_NET_BIND_SERVICE" ];
             ReadWritePaths = [ "/proc/sys/net/ipv6" ]
-              ++ lib.optionals useResolvConf [ "/etc/resolv.conf" "/run/resolvconf" ];
+              ++ lib.optionals useResolvConf ([ "/run/resolvconf" ] ++ config.networking.resolvconf.subscriberFiles);
             DeviceAllow = "";
             LockPersonality = true;
             MemoryDenyWriteExecute = true;
diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix
index 633e37ad25e9..dfa6b8035168 100644
--- a/nixos/modules/services/networking/dnsmasq.nix
+++ b/nixos/modules/services/networking/dnsmasq.nix
@@ -133,6 +133,11 @@ in
         dnsmasq_conf=/etc/dnsmasq-conf.conf
         dnsmasq_resolv=/etc/dnsmasq-resolv.conf
       '';
+
+      subscriberFiles = [
+        "/etc/dnsmasq-conf.conf"
+        "/etc/dnsmasq-resolv.conf"
+      ];
     };
 
     systemd.services.dnsmasq = {