services.bind.cacheNetworks should only apply to recursive queryies, as
per the option documentation:
> Note that this is for recursive queries – all networks are allowed to
> query zones configured with the zones option by default [...].
This would correspond to the `allow-query-cache` option in named.conf,
as per the BIND docs[1]:
> Specifies which hosts (an IP address list) can access this server’s
> cache and thus effectively controls recursion.
And not `allow-query`, which restricts all requests (including requests
where the server has authority) [2]:
> Specifies which hosts (an IP address list) are allowed to send queries
> to this resolver.
> [...]
> Note:
> `allow-query-cache` is used to specify access to the cache.
[1]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query-cache
[2]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query
This change is to support LEGO's capability to spawn an external process that
solves the DNS-01 challenge. In particular, this enables a setup where LEGO
runs a shell script that uses nsd-control to add an appropriate zone to a
local NSD instance.
Allows setting `programs.obs-studio.package = null`, which is useful in
case the user wants the appropriate kernel modules from
`programs.obs-studio.enableVirtualCamera`, but does not wish to install
obs system-wide with nixos (e.g., because they want to install it just
for their user with home-manager or maybe via flatpak).
E.g. when overriding `nix` with `pkgs.lix`, `nixos-option` will fail.
Given that I haven't used it in a very long time, I wanted to disable
it, but finding an option to turn off `nixos-option` is kinda hard given
that the options are generated here using `mkToolModule`.
I assumed that this isn't possible until I learned that
`system.tools.X.enable` exists. To me, this is a clear sign that these
shouldn't be internal.
See https://github.com/systemd/systemd/issues/33414.
The way this was phrased sounded like a dumb search/replace operation to
me. This resulted in random parts of my routing being broken (forward
from if X -> Y being fine, but the opposite direction being broken).
This change makes it explicit that it's a little more complicated and
you should really consult the docs before making that change.