c2023/dnsmasq
17
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: c2023:borys-2025-05-22
Branches Tags
c2023:fabian-3
c2023:bmiast
c2023:f2
c2023:fab
c2023:dominik
c2023:slomka
c2023:borys-2025-05-22
c2023:f-deb2
c2023:build
c2023:fabian-poprawione2
c2023:fabian-poprawione
c2023:f1
c2023:fabian
...
pull from: c2023:fabian-3
Branches Tags
c2023:bmiast
c2023:fabian-3
c2023:f2
c2023:fab
c2023:dominik
c2023:slomka
c2023:borys-2025-05-22
c2023:f-deb2
c2023:build
c2023:fabian-poprawione2
c2023:fabian-poprawione
c2023:f1
c2023:fabian

No commits in common. "borys-2025-05-22" and "fabian-3" have entirely different histories.
borys-2025 ... fabian-3

32 changed files with 1433 additions and 127 deletions
Show Stats Expand all files Collapse all files

16
conf.json
View File

@ -1,16 +0,0 @@
{
"user": "borys",
"email": "borys@mpabi.pl",
"remotes": [
{
"name": "borys",
"protocol": "http",
"domain": "ckziuslubice.pl",
"port": "3000",
"token_name": "token",
"token": "66499e1679464e4eabea4a7fa0a11710bb26d8ac",
"group": "c2023",
"project": "dnsmasq"
}
]
}

0
doc/.keep Normal file
View File

BIN
doc/.main.tex.swo Normal file
View File

Binary file not shown.

BIN
doc/.main.tex.swp Normal file
View File

Binary file not shown.

273
doc/main.md Normal file
View File

@ -0,0 +1,273 @@
---
title: Basic Configuration of dnsmasq in an Incus Container on Debian
with Netplan
---
# Introduction
This guide provides step-by-step instructions for setting up `dnsmasq`
as a DNS and DHCP server in an Incus container running Debian. The
network configuration is managed using Netplan to ensure proper network
integration.
# Prerequisites
Before proceeding, ensure the following:
\- Incus is installed on the host system (`sudo apt install incus`).
\- A Debian-based container is created in Incus.
\- Basic knowledge of Linux networking and container management.
\- Root or sudo access to the host and container.
# Step-by-Step Configuration
## Creating and Setting Up the Incus Container
Create a Debian container named `deb1` using the following commands on
the host:
``` {.bash language="bash"}
incus create images:debian/12 deb1
incus config set deb1 security.syscalls.intercept.mount true
incus config set deb1 security.nesting true
incus config set deb1 security.privileged true
incus start deb1
```
The `security.syscalls.intercept.mount`, `security.nesting`, and
`security.privileged` settings are required for `dnsmasq` and Docker to
function correctly in the container.
## Firewall Configuration
To allow traffic forwarding between the `incusbr0` bridge and the `wlo1`
wireless interface, the following iptables rules are applied:
sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
## Installing Additional Packages
Install the necessary packages inside the container:
``` {.bash language="bash"}
incus exec deb1 -- apt update
incus exec deb1 -- apt install -y \
netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \
python3 python3-ipython python3-pyroute2 python3-scapy \
docker.io docker-compose
```
## Configuring Users and Permissions
Configure user access and permissions within the container.
### Changing the Root Password
Set the root password to \"passroot\":
``` {.bash language="bash"}
incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
```
### Adding a New User
Add a new user named \"user\" with the password \"pass\" and add them to
the \"sudo\" and \"docker\" groups:
``` {.bash language="bash"}
sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
```
## Accessing the Container
Access the container's shell:
``` {.bash language="bash"}
incus exec deb1 -- su - user
```
# Setting Up a Veth Pair Between Container and Network Namespace
To enable direct communication between a container and a network
namespace, a virtual Ethernet (`veth`) pair is created. The following
Python script (`link.py`) is used to create a `veth` pair between the
`deb1` (an Incus container) and the `ns1` network namespace, with
interfaces named `vA` and `vB`.
sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
This command:
\- Creates a `veth` pair with one end (`vA`) in the default namespace
and the other end (`vB`) in the `deb1`'s network namespace.
\- Ensures the interfaces are set up and operational, allowing network
traffic to flow between the container and the `ns1` namespace (or
default namespace if `ns1` is not explicitly created).
The script uses the `pyroute2` library to manage network interfaces and
namespaces, and supports container types such as Incus, LXC, LXD, and
Docker. Ensure the `deb1` is running in Incus before executing the
command.
## Configuring the Network with Netplan
Configure the container's network using Netplan to assign a static IP
address. Create or edit the Netplan configuration file at
`/etc/netplan/01-netcfg.yaml`:
``` {.bash language="bash"}
incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
```
Add the following configuration:
``` {.yaml language="yaml"}
network:
version: 2
ethernets:
vB:
dhcp4: no
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
```
Apply the configuration:
``` {.bash language="bash"}
incus exec deb1 -- netplan apply
```
## Installing dnsmasq
Update the package list and install `dnsmasq`:
``` {.bash language="bash"}
incus exec deb1 -- apt update
incus exec deb1 -- apt install dnsmasq -y
```
## Configuring dnsmasq
Edit the `dnsmasq` configuration file at `/etc/dnsmasq.conf`:
``` {.bash language="bash"}
incus exec deb1 -- nano /etc/dnsmasq.conf
```
Add or modify the following settings to enable DNS and DHCP:
# DNS settings
domain-needed
bogus-priv
no-resolv
server=8.8.8.8
server=8.8.4.4
local=/example.local/
domain=example.local
# DHCP settings
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=3,192.168.1.1
dhcp-option=6,8.8.8.8,8.8.4.4
**Explanation:**
\- `domain-needed`: Prevents incomplete domain names from being sent to
upstream DNS.
\- `bogus-priv`: Blocks reverse DNS lookups for private IP ranges.
\- `no-resolv`: Disables reading `/etc/resolv.conf`.
\- `server`: Specifies upstream DNS servers (Google DNS in this case).
\- `local` and `domain`: Configures a local domain.
\- `dhcp-range`: Defines the IP range for DHCP clients (from
192.168.1.100 to 192.168.1.200, lease time 12 hours).
\- `dhcp-option`: Sets the default gateway (option 3) and DNS servers
(option 6).
## System-Level Adjustments for Network Stability
In some cases, especially in nested or privileged containers, additional
system-level adjustments are necessary to ensure proper network
functionality and avoid conflicts.
To remount the `/sys` filesystem as read-write (required if certain
networking tools fail due to mount restrictions):
``` {.bash language="bash"}
sudo mount -o remount,rw /sys
sudo systemctl restart systemd-udevd
```
Additionally, to prevent DNS conflicts with `systemd-resolved`, which
may interfere with `dnsmasq`, stop and disable the service:
``` {.bash language="bash"}
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
```
This ensures that `dnsmasq` can bind to port 53 without conflicts. If
you require `systemd-resolved`, consider configuring it to listen on a
different interface or using socket activation.
## Starting and Enabling dnsmasq
Restart and enable the `dnsmasq` service:
``` {.bash language="bash"}
incus exec deb1 -- systemctl restart dnsmasq
incus exec deb1 -- systemctl enable dnsmasq
```
Verify that `dnsmasq` is running:
``` {.bash language="bash"}
incus exec deb1 -- systemctl status dnsmasq
```
## Testing the Configuration
Test DNS resolution from within the container:
``` {.bash language="bash"}
incus exec deb1 -- nslookup example.local 192.168.1.10
```
To test DHCP, connect a client device to the same network and verify
that it receives an IP address in the range
`192.168.1.100192.168.1.200`.
# Troubleshooting
If `dnsmasq` fails to start:
\- Check the logs: `incus exec deb1 journalctl -u dnsmasq`.
\- Ensure no other service is using port 53 (DNS) or 67 (DHCP).
\- Verify the network configuration with `incus exec deb1 ip a` and
`incus exec deb1 ping 8.8.8.8`.
# Conclusion
This guide configures `dnsmasq` as a DNS and DHCP server in an Incus
container on Debian. The Netplan configuration ensures proper network
setup. For advanced configurations, refer to the `dnsmasq` documentation
(`man dnsmasq`).

BIN
doc/main.pdf Normal file
View File

Binary file not shown.

260
doc/main.tex Normal file
View File

@ -0,0 +1,260 @@
\documentclass[a4paper,12pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{lmodern}
\usepackage{geometry}
\geometry{margin=1in}
\usepackage{listings}
\usepackage{xcolor}
\usepackage{parskip}
\lstset{
basicstyle=\ttfamily\small,
breaklines=true,
frame=single,
numbers=left,
numberstyle=\tiny,
keywordstyle=\color{blue},
commentstyle=\color{gray},
stringstyle=\color{red}
}
% Define YAML language for listings
\lstdefinelanguage{yaml}{
keywords={true,false,null,yaml,network,version,ethernets,dhcp4,addresses,routes,to,via,nameservers},
keywordstyle=\color{blue}\bfseries,
basicstyle=\ttfamily\small,
sensitive=false,
comment=[l]{\#},
commentstyle=\color{gray}\itshape,
stringstyle=\color{red},
morestring=[b]{"},
morestring=[b]{'}
}
\begin{document}
\title{Basic Configuration of dnsmasq in an Incus Container on Debian with Netplan}
\author{}
\date{}
\maketitle
\section{Introduction}
This guide provides step-by-step instructions for setting up \texttt{dnsmasq} as a DNS and DHCP server in an Incus container running Debian. The network configuration is managed using Netplan to ensure proper network integration.
\section{Prerequisites}
Before proceeding, ensure the following:
- Incus is installed on the host system (\texttt{sudo apt install incus}).
- A Debian-based container is created in Incus.
- Basic knowledge of Linux networking and container management.
- Root or sudo access to the host and container.
\section{Step-by-Step Configuration}
\subsection{Creating and Setting Up the Incus Container}
Create a Debian container named \texttt{deb1} using the following commands on the host:
\begin{lstlisting}[language=bash]
incus create images:debian/12 deb1
incus config set deb1 security.syscalls.intercept.mount true
incus config set deb1 security.nesting true
incus config set deb1 security.privileged true
incus start deb1
\end{lstlisting}
The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
\subsection{Firewall Configuration}
To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt{wlo1} wireless interface, the following iptables rules are applied:
\begin{lstlisting}
sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -P FORWARD ACCEPT
\end{lstlistingi}
\subsection{Installing Additional Packages}
Install the necessary packages inside the container:
\begin{lstlisting}[language=bash]
incus exec deb1 -- apt update
incus exec deb1 -- apt install -y \
netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \
python3 python3-ipython python3-pyroute2 python3-scapy \
docker.io docker-compose
\end{lstlisting}
\subsection{Configuring Users and Permissions}
Configure user access and permissions within the container.
\subsubsection{Changing the Root Password}
Set the root password to "passroot":
\begin{lstlisting}[language=bash]
incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
\end{lstlisting}
\subsubsection{Adding a New User}
Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups:
\begin{lstlisting}[language=bash]
sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
\end{lstlisting}
\subsection{Accessing the Container}
Access the container's shell:
\begin{lstlisting}[language=bash]
incus exec deb1 -- su - user
\end{lstlisting}
\section{Setting Up a Veth Pair Between Container and Network Namespace}
To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}.
\begin{lstlisting}
sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
\end{lstlisting}
This command:
- Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace.
- Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created).
The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command.
\subsection{Configuring the Network with Netplan}
Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}:
\begin{lstlisting}[language=bash]
incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
\end{lstlisting}
Add the following configuration:
\begin{lstlisting}[language=yaml]
network:
version: 2
ethernets:
vB:
dhcp4: no
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
\end{lstlisting}
Apply the configuration:
\begin{lstlisting}[language=bash]
incus exec deb1 -- netplan apply
\end{lstlisting}
\subsection{Installing dnsmasq}
Update the package list and install \texttt{dnsmasq}:
\begin{lstlisting}[language=bash]
incus exec deb1 -- apt update
incus exec deb1 -- apt install dnsmasq -y
\end{lstlisting}
\subsection{Configuring dnsmasq}
Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
\begin{lstlisting}[language=bash]
incus exec deb1 -- nano /etc/dnsmasq.conf
\end{lstlisting}
Add or modify the following settings to enable DNS and DHCP:
\begin{lstlisting}
# DNS settings
domain-needed
bogus-priv
no-resolv
server=8.8.8.8
server=8.8.4.4
local=/example.local/
domain=example.local
# DHCP settings
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=3,192.168.1.1
# Opcja DHCP numer 6 (dhcp-option=6) służy do ustawiania adresu serwera DNS dla klientów DHCP
dhcp-option=6,192.168.1.10
\end{lstlisting}
\textbf{Explanation:}
- \texttt{domain-needed}: Prevents incomplete domain names from being sent to upstream DNS.
- \texttt{bogus-priv}: Blocks reverse DNS lookups for private IP ranges.
- \texttt{no-resolv}: Disables reading \texttt{/etc/resolv.conf}.
- \texttt{server}: Specifies upstream DNS servers (Google DNS in this case).
- \texttt{local} and \texttt{domain}: Configures a local domain.
- \texttt{dhcp-range}: Defines the IP range for DHCP clients (from 192.168.1.100 to 192.168.1.200, lease time 12 hours).
- \texttt{dhcp-option}: Sets the default gateway (option 3) and DNS servers (option 6).
% ————————————————————————————————
% 🔧 NOWA SEKCJA: System-Level Adjustments
% ————————————————————————————————
\subsection{System-Level Adjustments for Network Stability}
In some cases, especially in nested or privileged containers, additional system-level adjustments are necessary to ensure proper network functionality and avoid conflicts.
To remount the \texttt{/sys} filesystem as read-write (required if certain networking tools fail due to mount restrictions):
\begin{lstlisting}[language=bash]
sudo mount -o remount,rw /sys
sudo systemctl restart systemd-udevd
\end{lstlisting}
Additionally, to prevent DNS conflicts with \texttt{systemd-resolved}, which may interfere with \texttt{dnsmasq}, stop and disable the service:
\begin{lstlisting}[language=bash]
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
\end{lstlisting}
This ensures that \texttt{dnsmasq} can bind to port 53 without conflicts. If you require \texttt{systemd-resolved}, consider configuring it to listen on a different interface or using socket activation.
% ————————————————————————————————
\subsection{Starting and Enabling dnsmasq}
Restart and enable the \texttt{dnsmasq} service:
\begin{lstlisting}[language=bash]
incus exec deb1 -- systemctl restart dnsmasq
incus exec deb1 -- systemctl enable dnsmasq
\end{lstlisting}
Verify that \texttt{dnsmasq} is running:
\begin{lstlisting}[language=bash]
incus exec deb1 -- systemctl status dnsmasq
\end{lstlisting}
\subsection{Testing the Configuration}
Test DNS resolution from within the container:
\begin{lstlisting}[language=bash]
incus exec deb1 -- nslookup example.local 192.168.1.10
\end{lstlisting}
To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}.
\section{Troubleshooting}
If \texttt{dnsmasq} fails to start:
- Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}.
- Ensure no other service is using port 53 (DNS) or 67 (DHCP).
- Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}.
\section{Conclusion}
This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}).
\end{document}

257
doc/~ Normal file
View File

@ -0,0 +1,257 @@
\documentclass[a4paper,12pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{lmodern}
\usepackage{geometry}
\geometry{margin=1in}
\usepackage{listings}
\usepackage{xcolor}
\usepackage{parskip}
\lstset{
basicstyle=\ttfamily\small,
breaklines=true,
frame=single,
numbers=left,
numberstyle=\tiny,
keywordstyle=\color{blue},
commentstyle=\color{gray},
stringstyle=\color{red}
}
% Define YAML language for listings
\lstdefinelanguage{yaml}{
keywords={true,false,null,yaml,network,version,ethernets,dhcp4,addresses,routes,to,via,nameservers},
keywordstyle=\color{blue}\bfseries,
basicstyle=\ttfamily\small,
sensitive=false,
comment=[l]{\#},
commentstyle=\color{gray}\itshape,
stringstyle=\color{red},
morestring=[b]{"},
morestring=[b]{'}
}
\begin{document}
\title{Basic Configuration of dnsmasq in an Incus Container on Debian with Netplan}
\author{}
\date{}
\maketitle
\section{Introduction}
This guide provides step-by-step instructions for setting up \texttt{dnsmasq} as a DNS and DHCP server in an Incus container running Debian. The network configuration is managed using Netplan to ensure proper network integration.
\section{Prerequisites}
Before proceeding, ensure the following:
- Incus is installed on the host system (\texttt{sudo apt install incus}).
- A Debian-based container is created in Incus.
- Basic knowledge of Linux networking and container management.
- Root or sudo access to the host and container.
\section{Step-by-Step Configuration}
\subsection{Creating and Setting Up the Incus Container}
Create a Debian container named \texttt{deb1} using the following commands on the host:
\begin{lstlisting}[language=bash]
incus create images:debian/12 deb1
incus config set deb1 security.syscalls.intercept.mount true
incus config set deb1 security.nesting true
incus config set deb1 security.privileged true
incus start deb1
\end{lstlisting}
The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
\subsection{Firewall Configuration}
To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt{wlo1} wireless interface, the following iptables rules are applied:
\begin{lstlisting}
sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -P FORWARD ACCEPT
\end{lstlistingi}
\subsection{Installing Additional Packages}
Install the necessary packages inside the container:
\begin{lstlisting}[language=bash]
incus exec deb1 -- apt update
incus exec deb1 -- apt install -y \
netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \
python3 python3-ipython python3-pyroute2 python3-scapy \
docker.io docker-compose
\end{lstlisting}
\subsection{Configuring Users and Permissions}
Configure user access and permissions within the container.
\subsubsection{Changing the Root Password}
Set the root password to "passroot":
\begin{lstlisting}[language=bash]
incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
\end{lstlisting}
\subsubsection{Adding a New User}
Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups:
\begin{lstlisting}[language=bash]
sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
\end{lstlisting}
\subsection{Accessing the Container}
Access the container's shell:
\begin{lstlisting}[language=bash]
incus exec deb1 -- su - user
\end{lstlisting}
\section{Setting Up a Veth Pair Between Container and Network Namespace}
To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}.
\begin{lstlisting}
sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
\end{lstlisting}
This command:
- Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace.
- Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created).
The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command.
\subsection{Configuring the Network with Netplan}
Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}:
\begin{lstlisting}[language=bash]
incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
\end{lstlisting}
Add the following configuration:
\begin{lstlisting}[language=yaml]
network:
version: 2
ethernets:
vB:
dhcp4: no
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
\end{lstlisting}
Apply the configuration:
\begin{lstlisting}[language=bash]
incus exec deb1 -- netplan apply
\end{lstlisting}
\subsection{Installing dnsmasq}
Update the package list and install \texttt{dnsmasq}:
\begin{lstlisting}[language=bash]
incus exec deb1 -- apt update
incus exec deb1 -- apt install dnsmasq -y
\end{lstlisting}
\subsection{Configuring dnsmasq}
Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
\begin{lstlisting}[language=bash]
incus exec deb1 -- nano /etc/dnsmasq.conf
\end{lstlisting}
Add or modify the following settings to enable DNS and DHCP:
\begin{lstlisting}
# DNS settings
domain-needed
bogus-priv
no-resolv
server=8.8.8.8
server=8.8.4.4
local=/example.local/
domain=example.local
# DHCP settings
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=3,192.168.1.1
dhcp-option=6,8.8.8.8,8.8.4.4
\end{lstlisting}
\textbf{Explanation:}
- \texttt{domain-needed}: Prevents incomplete domain names from being sent to upstream DNS.
- \texttt{bogus-priv}: Blocks reverse DNS lookups for private IP ranges.
- \texttt{no-resolv}: Disables reading \texttt{/etc/resolv.conf}.
- \texttt{server}: Specifies upstream DNS servers (Google DNS in this case).
- \texttt{local} and \texttt{domain}: Configures a local domain.
- \texttt{dhcp-range}: Defines the IP range for DHCP clients (from 192.168.1.100 to 192.168.1.200, lease time 12 hours).
- \texttt{dhcp-option}: Sets the default gateway (option 3) and DNS servers (option 6).
% ————————————————————————————————
% 🔧 NOWA SEKCJA: System-Level Adjustments
% ————————————————————————————————
\subsection{System-Level Adjustments for Network Stability}
In some cases, especially in nested or privileged containers, additional system-level adjustments are necessary to ensure proper network functionality and avoid conflicts.
To remount the \texttt{/sys} filesystem as read-write (required if certain networking tools fail due to mount restrictions):
\begin{lstlisting}[language=bash]
sudo mount -o remount,rw /sys
sudo systemctl restart systemd-udevd
\end{lstlisting}
Additionally, to prevent DNS conflicts with \texttt{systemd-resolved}, which may interfere with \texttt{dnsmasq}, stop and disable the service:
\begin{lstlisting}[language=bash]
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
\end{lstlisting}
This ensures that \texttt{dnsmasq} can bind to port 53 without conflicts. If you require \texttt{systemd-resolved}, consider configuring it to listen on a different interface or using socket activation.
% ————————————————————————————————
\subsection{Starting and Enabling dnsmasq}
Restart and enable the \texttt{dnsmasq} service:
\begin{lstlisting}[language=bash]
incus exec deb1 -- systemctl restart dnsmasq
incus exec deb1 -- systemctl enable dnsmasq
\end{lstlisting}
Verify that \texttt{dnsmasq} is running:
\begin{lstlisting}[language=bash]
incus exec deb1 -- systemctl status dnsmasq
\end{lstlisting}
\subsection{Testing the Configuration}
Test DNS resolution from within the container:
\begin{lstlisting}[language=bash]
incus exec deb1 -- nslookup example.local 192.168.1.10
\end{lstlisting}
To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}.
\section{Troubleshooting}
If \texttt{dnsmasq} fails to start:
- Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}.
- Ensure no other service is using port 53 (DNS) or 67 (DHCP).
- Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}.
\section{Conclusion}
This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}).
\end{document}

111
igit.py
View File

@ -1,111 +0,0 @@
import argparse
import json
import sys
import subprocess
import os
from datetime import datetime
DEFAULT_CONFIG = {
"user": "borys",
"email": "borys@mpabi.pl",
"remotes": [{
"name": "borys", # Zaktualizowano z "default" na "mpabi"
"protocol": "http",
"domain": "ckziuslubice.pl",
"port": "3000",
"token_name": "token",
"token": "66499e1679464e4eabea4a7fa0a11710bb26d8ac",
"group": "c2023",
"project": "dnsmasq"
}]
}
def load_or_create_config(config_file, args):
config_exists = os.path.exists(config_file) and os.stat(config_file).st_size != 0
if config_exists:
with open(config_file, 'r') as file:
config = json.load(file)
else:
config = DEFAULT_CONFIG.copy()
# Znajdź istniejące zdalne repozytorium o podanej nazwie
remote = next((remote for remote in config['remotes'] if remote['name'] == args.remote), None)
# Jeśli istnieje zdalne repozytorium i podano argumenty związane z konfiguracją zdalnego repozytorium
if remote:
for field in ['protocol', 'domain', 'port', 'token_name', 'token', 'group', 'project']:
# Aktualizuj tylko, jeśli argument został jawnie podany
if getattr(args, field, None) is not None:
remote[field] = getattr(args, field)
# Jeśli zdalne repozytorium nie istnieje, ale podano nazwę, tworzymy nowe zdalne repozytorium
elif args.remote:
new_remote = {'name': args.remote}
for field in ['protocol', 'domain', 'port', 'token_name', 'token', 'group', 'project']:
new_remote[field] = getattr(args, field, DEFAULT_CONFIG['remotes'][0].get(field, ''))
if new_remote[field] == None:
new_remote[field] = DEFAULT_CONFIG['remotes'][0].get(field, '')
config['remotes'].append(new_remote)
# Aktualizuj informacje o użytkowniku i email, tylko jeśli zostały podane
if getattr(args, 'user', None):
config['user'] = args.user
if getattr(args, 'email_domain', None):
config['email'] = f"{args.user}@{args.email_domain}"
# Zapisz zmodyfikowaną konfigurację
with open(config_file, 'w') as file:
json.dump(config, file, indent=4)
return config
def init_git_repo(config):
user_name = config['user']
user_email = config['email']
branch_name = f"{user_name}-{datetime.now().strftime('%Y-%m-%d')}"
if subprocess.run(["git", "rev-parse", "--git-dir"], stderr=subprocess.DEVNULL).returncode != 0:
subprocess.run(["git", "init"])
subprocess.run(["git", "config", "user.name", user_name])
subprocess.run(["git", "config", "user.email", user_email])
subprocess.run(["git", "checkout", "-b", branch_name])
print("Git repository initialized.")
else:
print("Already inside a Git repository. Skipping initialization.")
remotesFromList = str(subprocess.run(["git", "remote", "-v"], capture_output=True).stdout)
remotesFromList = remotesFromList.replace('b\'', "").replace('\'', "").split('\\n')
for rm in remotesFromList:
name = rm.split("\\t")[0]
subprocess.run(["git", "remote", "remove", name], stderr=subprocess.DEVNULL)
for remote in config['remotes']:
remote_url = f"{remote['protocol']}://{remote['token_name']}:{remote['token']}@{remote['domain']}:{remote['port']}/{remote['group']}/{remote['project']}"
# Usunięcie i ponowne dodanie zdalnego repozytorium, jeśli jest zaktualizowane
#subprocess.run(["git", "remote", "remove", remote['name']], stderr=subprocess.DEVNULL)
subprocess.run(["git", "remote", "add", remote['name'], remote_url])
print(f"Remote '{remote['name']}' added or updated.")
def main():
parser = argparse.ArgumentParser(description="Git repository initializer with custom configuration.")
parser.add_argument("--user", help="User name")
parser.add_argument("--email_domain", help="Email domain")
parser.add_argument("--config", help="Path to the JSON config file", default="conf.json")
parser.add_argument("--remote", help="Name of the remote to add or update")
parser.add_argument("--protocol", help="Remote protocol")
parser.add_argument("--domain", help="Remote domain")
parser.add_argument("--port", help="Remote port")
parser.add_argument("--token_name", help="Remote token name")
parser.add_argument("--token", help="Remote token")
parser.add_argument("--group", help="Group name")
parser.add_argument("--project", help="Project name")
args = parser.parse_args()
config = load_or_create_config(args.config, args)
init_git_repo(config)
print("Git repository initialized and configured based on the provided configuration.")
if __name__ == "__main__":
main()

0
py/.keep Normal file
View File

91
py/files.py Normal file
View File

@ -0,0 +1,91 @@
import re
from pathlib import Path
def get_file_extension_and_default_name(attributes: str, code: str) -> tuple[str, str]:
"""Determine file extension and default name based on attributes and content."""
# Extract language from attributes (e.g., language=bash)
language_match = re.search(r'language=(\w+)', attributes)
language = language_match.group(1).lower() if language_match else 'unknown'
if language == 'bash' or 'incus' in code.lower():
return '.sh', 'incus_script'
elif language == 'yaml':
return '.yaml', 'netplan_config'
elif language == 'python':
return '.py', 'python_script'
else:
# Assume .conf for blocks without language or resembling config
return '.conf', 'dnsmasq_config'
def generate_unique_filename(base_dir: Path, base_name: str, extension: str) -> Path:
"""Generate a unique filename by appending a number if the file exists."""
counter = 1
while True:
filename = f"{base_name}_{counter}{extension}"
file_path = base_dir / filename
if not file_path.exists():
return file_path
counter += 1
def extract_listings():
"""Extract lstlisting code blocks from main.tex and save to scripts folder."""
# Define paths
base_dir = Path(__file__).parent.parent # ~/edu/paso/dnsmasq
tex_file = base_dir / 'doc' / 'main.tex'
scripts_dir = base_dir / 'scripts'
# Ensure scripts directory exists
scripts_dir.mkdir(exist_ok=True)
# Read the LaTeX file
try:
with open(tex_file, 'r', encoding='utf-8') as f:
content = f.read()
except FileNotFoundError:
print(f"Error: {tex_file} not found")
return
except Exception as e:
print(f"Error reading {tex_file}: {str(e)}")
return
# Regex to match lstlisting environments
# Captures optional attributes [language=...,label=...] and code block content
pattern = r'\\begin\{lstlisting\}(\[(.*?)\])?(.*?)\\end\{lstlisting\}'
matches = re.finditer(pattern, content, re.DOTALL)
extracted_count = 0
for match in matches:
# Extract attributes (if any) and code
attributes = match.group(2) or '' # Empty string if no attributes
code = match.group(3).strip()
# Extract label from attributes (e.g., label={setup_container})
label_match = re.search(r'label=\{([^}]+)\}', attributes)
label = label_match.group(1) if label_match else None
# Get file extension and default name
extension, default_name = get_file_extension_and_default_name(attributes, code)
# Use label if available, otherwise use default name
base_name = label if label else default_name
# Generate unique filename
file_path = generate_unique_filename(scripts_dir, base_name, extension)
# Save the code block to a file
try:
with open(file_path, 'w', encoding='utf-8') as f:
f.write(code)
print(f"Saved code block to {file_path}")
extracted_count += 1
except Exception as e:
print(f"Error saving {file_path}: {str(e)}")
if extracted_count == 0:
print("No lstlisting code blocks found in main.tex")
else:
print(f"Completed: Extracted {extracted_count} code block(s) to {scripts_dir}")
if __name__ == "__main__":
extract_listings()

430
py/link.py Normal file
View File

@ -0,0 +1,430 @@
import argparse
import os
import subprocess
import sys
from pyroute2 import IPRoute, NetNS
class NetworkNamespaceManager:
"""
Provides functionalities to manage network namespaces.
Network namespaces partition network resources such as network links,
IP addresses, and port numbers into disjoint sets.
"""
@staticmethod
def list_netns():
"""
List all available network namespaces.
Scans the '/var/run/netns' directory and prints out all
the network namespace files present. If no namespaces are found, it
prints a message indicating that.
"""
netns_dir = "/var/run/netns"
try:
netns_files = os.listdir(netns_dir)
if netns_files:
print("List of available network namespaces:")
for netns_file in netns_files:
print(f"- {netns_file}")
else:
print("No network namespaces found.")
except OSError as e:
print(f"Error listing network namespaces: {e}")
class ContainerNetnsExposer:
"""
Responsible for exposing network namespaces of containers.
Supports Docker, LXC, LXD, and Incus containers, allowing the user to interact
with their network namespaces.
"""
def __init__(self):
"""
Initializes the ContainerNetnsExposer instance.
"""
self.netns_pid = None
self.netns_path = None
def expose_container_netns(self, container_id_or_name, container_type='docker'):
"""
Expose the network namespace of a specified container.
Parameters:
container_id_or_name (str): The identifier or name of the container.
container_type (str): The type of the container ('docker', 'lxc', 'lxd', or 'incus').
Returns:
str: The PID of the container as a string.
Raises:
SystemExit: If the container type is unsupported or if there is an error
in retrieving the container's PID.
"""
if container_type == 'docker':
self.get_docker_container_pid(container_id_or_name)
elif container_type in ('lxc', 'lxd', 'incus'):
self.get_lxc_container_pid(container_id_or_name, container_type)
else:
print("Unsupported container type. Only 'docker', 'lxc', 'lxd', and 'incus' are supported.")
sys.exit(1)
self.create_netns_directory()
self.create_or_remove_netns_symlink()
return str(self.netns_pid)
def get_docker_container_pid(self, container_id_or_name):
"""
Retrieve the PID of a Docker container.
Parameters:
container_id_or_name (str): The identifier or name of the Docker container.
Raises:
SystemExit: If there is an error in retrieving the Docker container's PID.
"""
try:
self.netns_pid = subprocess.check_output(
["sudo", "docker", "inspect", "-f", "{{.State.Pid}}", container_id_or_name],
universal_newlines=True
).strip()
except subprocess.CalledProcessError:
print("Error retrieving Docker container PID. Make sure the container exists and is running.")
sys.exit(1)
def get_lxc_container_pid(self, container_name, container_type='lxc'):
"""
Retrieve the PID of an LXC, LXD, or Incus container.
Parameters:
container_name (str): The name of the container.
container_type (str): The type of the container ('lxc', 'lxd', or 'incus').
Raises:
SystemExit: If there is an error in retrieving the container's PID.
"""
try:
if container_type == 'lxc':
output = subprocess.check_output(
["lxc-info", "-n", container_name, "-p"],
universal_newlines=True
)
self.netns_pid = output.strip().split()[-1]
elif container_type == 'lxd':
output = subprocess.check_output(
["sudo", "lxc", "info", container_name],
universal_newlines=True
)
for line in output.splitlines():
if line.strip().startswith("PID:"):
self.netns_pid = line.split(':')[1].strip()
break
else:
print(f"PID not found in 'lxc info' output for container '{container_name}'.")
sys.exit(1)
elif container_type == 'incus':
output = subprocess.check_output(
["sudo", "incus", "info", container_name],
universal_newlines=True
)
for line in output.splitlines():
if line.strip().startswith("PID:"):
self.netns_pid = line.split(':')[1].strip()
break
else:
print(f"PID not found in 'incus info' output for container '{container_name}'.")
sys.exit(1)
except subprocess.CalledProcessError as e:
print(f"Error retrieving {container_type.upper()} container PID for '{container_name}'. Error: {e}")
sys.exit(1)
def create_netns_directory(self):
"""
Create the network namespace directory if it does not exist.
Ensures that the directory '/var/run/netns' exists, which is used
to store network namespace symlinks.
"""
try:
subprocess.run(["sudo", "mkdir", "-p", "/var/run/netns"], check=True)
except subprocess.CalledProcessError as e:
print(f"Error creating network namespace directory: {e.stderr.strip()}")
sys.exit(1)
def create_or_remove_netns_symlink(self):
"""
Create or remove a symlink to the network namespace of a container.
Sets up a symlink in '/var/run/netns', pointing to the network namespace
of the container identified by its PID. If a symlink with the same name
already exists, it is removed before creating a new one.
"""
self.netns_path = f"/var/run/netns/{self.netns_pid}"
try:
if os.path.exists(self.netns_path):
subprocess.run(["sudo", "rm", "-rf", self.netns_path], check=True)
subprocess.run(["sudo", "ln", "-s", f"/proc/{self.netns_pid}/ns/net", self.netns_path], check=True)
except subprocess.CalledProcessError as e:
print(f"Error creating or removing symlink: {e}")
sys.exit(1)
class IfaceManager:
"""
Manages network interfaces, including creation, deletion, and configuration
of veth pairs, VLANs, and bridges.
"""
def delete(self, iface_name, namespace=None):
"""
Delete a network interface.
Parameters:
iface_name (str): The name of the interface to delete.
namespace (str, optional): The network namespace where the interface exists.
Raises:
Exception: If the interface cannot be deleted.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
iface_idx_list = ns.link_lookup(ifname=iface_name)
if not iface_idx_list:
raise ValueError(f"Interface {iface_name} not found.")
iface_idx = iface_idx_list[0]
ns.link('del', index=iface_idx)
except Exception as e:
print(f"Error deleting interface {iface_name} in namespace {namespace}: {e}")
def create_veth(self, iface1, iface2, namespace=None):
"""
Create a veth pair.
Parameters:
iface1 (str): The name of the first interface.
iface2 (str): The name of the second interface.
namespace (str, optional): The network namespace where to create the veth pair.
Raises:
Exception: If the veth pair cannot be created.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
ns.link('add', ifname=iface1, peer={'ifname': iface2}, kind='veth')
except Exception as e:
print(f"Error creating veth pair {iface1} and {iface2}: {e}")
def create_vlan(self, base_iface, vlan_id, namespace=None):
"""
Create a VLAN interface.
Parameters:
base_iface (str): The base interface name.
vlan_id (int): The VLAN ID.
namespace (str, optional): The network namespace where to create the VLAN interface.
Raises:
Exception: If the VLAN interface cannot be created.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
base_iface_idx_list = ns.link_lookup(ifname=base_iface)
if not base_iface_idx_list:
raise ValueError(f"Base interface {base_iface} not found.")
base_iface_idx = base_iface_idx_list[0]
vlan_iface = f"{base_iface}.{vlan_id}"
ns.link('add', ifname=vlan_iface, link=base_iface_idx, kind='vlan', vlan_info={'id': vlan_id})
except Exception as e:
print(f"Error creating VLAN on interface {base_iface}: {e}")
def create_bridge(self, bridge_name, namespace=None):
"""
Create a bridge interface.
Parameters:
bridge_name (str): The name of the bridge.
namespace (str, optional): The network namespace where to create the bridge.
Raises:
Exception: If the bridge cannot be created.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
ns.link('add', ifname=bridge_name, kind='bridge')
except Exception as e:
print(f"Error creating bridge {bridge_name}: {e}")
def move(self, iface, namespace):
"""
Move a network interface to another namespace.
Parameters:
iface (str): The interface name to move.
namespace (str): The target network namespace.
Raises:
Exception: If the interface cannot be moved.
"""
try:
ipr = IPRoute()
idx_list = ipr.link_lookup(ifname=iface)
if not idx_list:
raise ValueError(f"Interface {iface} not found.")
idx = idx_list[0]
ipr.link('set', index=idx, net_ns_fd=namespace)
except Exception as e:
print(f"Error moving interface {iface} to namespace {namespace}: {e}")
def set_interface_up(self, iface_name, namespace=None):
"""
Set a network interface up.
Parameters:
iface_name (str): The name of the interface.
namespace (str, optional): The network namespace where the interface exists.
Raises:
Exception: If the interface cannot be set up.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
iface_idx_list = ns.link_lookup(ifname=iface_name)
if not iface_idx_list:
raise ValueError(f"Interface {iface_name} not found.")
iface_idx = iface_idx_list[0]
ns.link("set", index=iface_idx, state="up")
except Exception as e:
print(f"Error setting up interface {iface_name} in namespace {namespace}: {e}")
def attach_to_bridge(self, iface_name, bridge_name, namespace=None):
"""
Attach an interface to a bridge.
Parameters:
iface_name (str): The name of the interface.
bridge_name (str): The name of the bridge.
namespace (str, optional): The network namespace where the interface and bridge exist.
Raises:
Exception: If the interface cannot be attached to the bridge.
"""
try:
if namespace:
context_manager = NetNS(namespace)
else:
context_manager = IPRoute()
with context_manager as ns:
iface_idx_list = ns.link_lookup(ifname=iface_name)
if not iface_idx_list:
raise ValueError(f"Interface {iface_name} not found.")
iface_idx = iface_idx_list[0]
bridge_idx_list = ns.link_lookup(ifname=bridge_name)
if not bridge_idx_list:
raise ValueError(f"Bridge {bridge_name} not found.")
bridge_idx = bridge_idx_list[0]
ns.link("set", index=iface_idx, master=bridge_idx)
except Exception as e:
print(f"Error attaching interface {iface_name} to bridge {bridge_name} in namespace {namespace}: {e}")
def interpret_namespace(namespace_arg):
"""
Interpret the namespace argument.
If the argument is '1', converts it to None (representing the default namespace),
otherwise returns the argument as is.
Parameters:
namespace_arg (str): The namespace argument.
Returns:
str or None: The interpreted namespace.
"""
return None if namespace_arg == '1' else namespace_arg
def main():
parser = argparse.ArgumentParser(description="Create veth pairs between containers with optional bridge attachment.")
parser.add_argument("-ns1", "--namespace1", default=None, help="Name of the first namespace or container, or '1' for the default namespace.")
parser.add_argument("-ns2", "--namespace2", default=None, help="Name of the second namespace or container, or '1' for the default namespace.")
parser.add_argument("-n1", "--name1", required=True, help="Name of the first veth interface.")
parser.add_argument("-n2", "--name2", required=True, help="Name of the second veth interface.")
parser.add_argument("-b1", "--bridge1", default=None, help="Name of the network bridge for ns1.")
parser.add_argument("-b2", "--bridge2", default=None, help="Name of the network bridge for ns2.")
parser.add_argument("-t1", "--type1", default=None, help="Container type for ns1 ('docker', 'lxc', 'lxd', 'incus', or 'None' for the default namespace).")
parser.add_argument("-t2", "--type2", default=None, help="Container type for ns2 ('docker', 'lxc', 'lxd', 'incus', or 'None' for the default namespace).")
args = parser.parse_args()
# Processing namespace arguments and container types
ns1, type1 = interpret_namespace(args.namespace1), args.type1
ns2, type2 = interpret_namespace(args.namespace2), args.type2
# Instantiate management classes
iface_manager = IfaceManager()
container_exposer = ContainerNetnsExposer()
# Expose container network namespaces if applicable
if type1 and ns1:
ns1_pid = container_exposer.expose_container_netns(ns1, type1)
ns1 = ns1_pid
if type2 and ns2:
ns2_pid = container_exposer.expose_container_netns(ns2, type2)
ns2 = ns2_pid
# Create veth pair
iface_manager.create_veth(args.name1, args.name2)
# Move ends of the veth pair to appropriate namespaces if required
if ns1:
iface_manager.move(args.name1, ns1)
if ns2:
iface_manager.move(args.name2, ns2)
# Optional: Attach to network bridge and bring interfaces up
if args.bridge1 and args.name1:
iface_manager.attach_to_bridge(args.name1, args.bridge1, ns1)
iface_manager.set_interface_up(args.name1, ns1)
if args.bridge2 and args.name2:
iface_manager.attach_to_bridge(args.name2, args.bridge2, ns2)
iface_manager.set_interface_up(args.name2, ns2)
# Bring up interfaces if not already up
if not args.bridge1 and args.name1:
iface_manager.set_interface_up(args.name1, ns1)
if not args.bridge2 and args.name2:
iface_manager.set_interface_up(args.name2, ns2)
if __name__ == "__main__":
main()

0
scripts/.keep Normal file
View File

13
scripts/dnsmasq_config_1.conf Normal file
View File

@ -0,0 +1,13 @@
# DNS settings
domain-needed
bogus-priv
no-resolv
server=8.8.8.8
server=8.8.4.4
local=/example.local/
domain=example.local
# DHCP settings
dhcp-range=192.168.1.100,192.168.1.200,12h
dhcp-option=3,192.168.1.1
dhcp-option=6,8.8.8.8,8.8.4.4

5
scripts/incus_script_1.sh Normal file
View File

@ -0,0 +1,5 @@
incus create images:debian/12 deb1
incus config set deb1 security.syscalls.intercept.mount true
incus config set deb1 security.nesting true
incus config set deb1 security.privileged true
incus start deb1

2
scripts/incus_script_10.sh Normal file
View File

@ -0,0 +1,2 @@
incus exec dnsmasq-container -- systemctl restart dnsmasq
incus exec dnsmasq-container -- systemctl enable dnsmasq

1
scripts/incus_script_11.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- systemctl status dnsmasq

1
scripts/incus_script_12.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- nslookup example.local 192.168.1.10

7
scripts/incus_script_2.sh Normal file
View File

@ -0,0 +1,7 @@
incus exec dnsmasq-container -- apt update
incus exec dnsmasq-container -- apt install -y \
netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \
python3 python3-ipython python3-pyroute2 python3-scapy \
docker.io docker-compose

1
scripts/incus_script_3.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd'

4
scripts/incus_script_4.sh Normal file
View File

@ -0,0 +1,4 @@
incus exec dnsmasq-container -- useradd -m -s /bin/bash user
incus exec dnsmasq-container -- bash -c 'echo "user:pass" | chpasswd'
incus exec dnsmasq-container -- usermod -aG sudo user
incus exec dnsmasq-container -- usermod -aG docker user

1
scripts/incus_script_5.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- bash

2
scripts/incus_script_6.sh Normal file
View File

@ -0,0 +1,2 @@
incus exec dnsmasq-container -- apt update
incus exec dnsmasq-container -- apt install dnsmasq -y

1
scripts/incus_script_7.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml

1
scripts/incus_script_8.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- netplan apply

1
scripts/incus_script_9.sh Normal file
View File

@ -0,0 +1 @@
incus exec dnsmasq-container -- nano /etc/dnsmasq.conf

67
scripts/incus_scripts_ALLinONE.sh Executable file
View File

@ -0,0 +1,67 @@
#!/bin/bash
# Restart usługi dnsmasq w kontenerze
incus exec deb1 -- systemctl restart dnsmasq
# Włącz automatyczne uruchamianie dnsmasq przy starcie
incus exec deb1 -- systemctl enable dnsmasq
# Sprawdź status usługi dnsmasq
incus exec deb1 -- systemctl status dnsmasq
# Test DNS — nslookup
incus exec deb1 -- nslookup example.local 192.168.1.10
# Utwórz nowy kontener deb1 z obrazu Debian 12
incus create images:debian/12 deb1
# Konfiguracja bezpieczeństwa dla kontenera deb1
incus config set deb1 security.syscalls.intercept.mount true
incus config set deb1 security.nesting true
incus config set deb1 security.privileged true
# Uruchom kontener deb1
incus start deb1
# Aktualizacja pakietów w kontenerze deb1
incus exec deb1 -- apt update
# Instalacja potrzebnych pakietów
incus exec deb1 -- apt install -y \
netplan.io \
sudo vim nano git tmux mc zip unzip curl wget htop lynx \
iproute2 termshark bridge-utils \
python3 python3-ipython python3-pyroute2 python3-scapy \
docker.io docker-compose
# Ustaw hasło root
incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
# Dodaj użytkownika "user" z hasłem "pass" i grupą "sudo" i " docker" (opcja dla wewnątrz kontenera i z ns1
# Wariant ns1
sudo incus exec deb1 -- su - sudo useradd -m -s /bin/bash -G sudo,docker user && echo 'user:pass' | sudo chpasswd
# Wariant inside container
sudo useradd -m -s /bin/bash -G sudo,docker user && echo 'user:pass' | sudo chpasswd
# Wejście do powłoki bash w kontenerze (opcjonalne)
incus exec deb1 -- bash -c "echo 'Wchodzimy do bash...'; exec bash"
# Aktualizacja pakietów ponownie
incus exec deb1 -- apt update
# Instalacja dnsmasq
incus exec deb1 -- apt install dnsmasq -y
# Edycja konfiguracji Netplan
incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
# Zastosowanie zmian konfiguracji sieciowej
incus exec deb1 -- netplan apply
# Edycja konfiguracji dnsmasq.conf
incus exec deb1 -- nano /etc/dnsmasq.conf
echo "Skrypt zakończony."
#made by mbiast and babcia (siah)

12
scripts/netplan_config_1.yaml Normal file
View File

@ -0,0 +1,12 @@
network:
version: 2
ethernets:
eth0:
dhcp4: no
addresses:
- 192.168.1.10/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]

BIN
todo/.better_aproach.txt.swp Normal file
View File

Binary file not shown.

1
todo/better_aproach.txt Normal file
View File

@ -0,0 +1 @@
allign czy konf container from inside /outside side`

1
todo/firewall.txt Normal file
View File

@ -0,0 +1 @@
sudo iptables -P FORWARD ACCEPT

1
token.txt Normal file
View File

@ -0,0 +1 @@
da086cb72f6790bee9fc30d03577587f44afbb7f