resolvconf: use correct output files when used with dnsmasq (#349320)

        '';

      };

      subscriberFiles = lib.mkOption {

        type = lib.types.listOf lib.types.path;

        default = [];

        description = ''

          Files written by resolvconf updates

        '';

        internal = true;

      };

    };

  };

    (lib.mkIf cfg.enable {

      users.groups.resolvconf = {};

      networking.resolvconf.subscriberFiles = [ "/etc/resolv.conf" ];

      networking.resolvconf.package = pkgs.openresolv;

      environment.systemPackages = [ cfg.package ];

        script = ''

          ${lib.getExe cfg.package} -u

          chgrp -R resolvconf /etc/resolv.conf /run/resolvconf

          chmod -R g=u /etc/resolv.conf /run/resolvconf

          files=(/run/resolvconf ${lib.escapeShellArgs cfg.subscriberFiles})

          chgrp -R resolvconf "''${files[@]}"

          chmod -R g=u "''${files[@]}"

        '';

      };

            Restart = "always";

            AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" "CAP_NET_BIND_SERVICE" ];

            ReadWritePaths = [ "/proc/sys/net/ipv6" ]

              ++ lib.optionals useResolvConf [ "/etc/resolv.conf" "/run/resolvconf" ];

              ++ lib.optionals useResolvConf ([ "/run/resolvconf" ] ++ config.networking.resolvconf.subscriberFiles);

            DeviceAllow = "";

            LockPersonality = true;

            MemoryDenyWriteExecute = true;

        dnsmasq_conf=/etc/dnsmasq-conf.conf

        dnsmasq_resolv=/etc/dnsmasq-resolv.conf

      '';

      subscriberFiles = [

        "/etc/dnsmasq-conf.conf"

        "/etc/dnsmasq-resolv.conf"

      ];

    };

    systemd.services.dnsmasq = {