coredns: allow adding external plugins

Solves https://github.com/NixOS/nixpkgs/issues/146603

CoreDNS has support for plugins that are added at compile time. This
exposes an argument `externalPlugins` that will build coredns with
the specified plugins.

Example:
```
coredns-fanout = pkgs.coredns.override {
  externalPlugins = [
    {name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";}
  ];
  vendorHash = "<SRI hash>";
};
```

1 files changed, 18 insertions, 0 deletions

diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
index 123242926e2a..3363f8faee2a 100644
--- a/nixos/doc/manual/release-notes/rl-2311.section.md
+++ b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -344,6 +344,24 @@ The module update takes care of the new config syntax and the data itself (user
   - `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved
     for `root` and the `wheel` group.
 
+- CoreDNS can now be built with external plugins by overriding `externalPlugins` and `vendorHash` arguments like this:
+
+  ```
+  services.coredns = {
+    enable = true;
+    package = pkgs.coredns.override {
+      externalPlugins = [
+        {name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";}
+      ];
+      vendorHash = "<SRI hash>";
+    };
+  };
+  ```
+
+  To get the necessary SRI hash, set `vendorHash = "";`. The build will fail and produce the correct `vendorHash` in the error message.
+
+  If you use this feature, updates to CoreDNS may require updating `vendorHash` by following these steps again.
+
 
 ## Nixpkgs internals {#sec-release-23.11-nixpkgs-internals}