37 changed files with 765 additions and 865 deletions
--- a/dnsmasq/doc/main.aux
+++ b/dnsmasq/doc/main.aux
@ -0,0 +1,25 @@
 \relax 
 \@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{1}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {2}Prerequisites}{1}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {3}Step-by-Step Configuration}{1}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Creating and Setting Up the Incus Container}{1}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Installing Additional Packages}{2}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Configuring Users and Permissions}{2}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsubsection}{\numberline {3.3.1}Changing the Root Password}{2}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsubsection}{\numberline {3.3.2}Adding a New User}{2}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Accessing the Container}{2}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Installing dnsmasq}{2}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Configuring Network with Veth Pairs and Netplan}{3}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Configuring the Network with Netplan}{3}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Configuring dnsmasq}{4}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Starting and Enabling dnsmasq}{5}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.10}Testing the Configuration}{5}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {4}Troubleshooting}{5}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{6}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {section}{\numberline {A}Test Topology – Dynamic\ IP Variant}{6}{}\protected@file@percent }
 \newlabel{sec:topo-dhcp}{{A}{6}{}{section.1}{}}
 \@writefile{toc}{\contentsline {subsection}{\numberline {A.1}Logical view}{6}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {A.2}Key differences from the static-IP variant}{6}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {A.3}Quick test matrix}{7}{}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {A.4}Uwagi}{7}{}\protected@file@percent }
 \gdef \@abspage@last{7}
--- a/dnsmasq/doc/main.log
+++ b/dnsmasq/doc/main.log
@ -0,0 +1,373 @@
 This is pdfTeX, Version 3.141592653-2.6-1.40.26 (TeX Live 2025/dev/Debian) (preloaded format=pdflatex 2025.5.15)  27 MAY 2025 08:38
 entering extended mode
 restricted \write18 enabled.
 %&-line parsing enabled.
 **main
 (./main.tex
 LaTeX2e <2024-11-01> patch level 2
 L3 programming layer <2025-01-18>
 (/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
 Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
 (/usr/share/texlive/texmf-dist/tex/latex/base/size12.clo
 File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
 )
 \c@part=\count196
 \c@section=\count197
 \c@subsection=\count198
 \c@subsubsection=\count199
 \c@paragraph=\count266
 \c@subparagraph=\count267
 \c@figure=\count268
 \c@table=\count269
 \abovecaptionskip=\skip49
 \belowcaptionskip=\skip50
 \bibindent=\dimen141
 )
 (/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty
 Package: inputenc 2024/02/08 v1.3d Input encoding file
 \inpenc@prehook=\toks17
 \inpenc@posthook=\toks18
 )
 (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
 Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
 )
 (/usr/share/texmf/tex/latex/lm/lmodern.sty
 Package: lmodern 2015/05/01 v1.6.1 Latin Modern Fonts
 LaTeX Font Info:    Overwriting symbol font `operators' in version `normal'
 (Font)                  OT1/cmr/m/n --> OT1/lmr/m/n on input line 22.
 LaTeX Font Info:    Overwriting symbol font `letters' in version `normal'
 (Font)                  OML/cmm/m/it --> OML/lmm/m/it on input line 23.
 LaTeX Font Info:    Overwriting symbol font `symbols' in version `normal'
 (Font)                  OMS/cmsy/m/n --> OMS/lmsy/m/n on input line 24.
 LaTeX Font Info:    Overwriting symbol font `largesymbols' in version `normal'
 (Font)                  OMX/cmex/m/n --> OMX/lmex/m/n on input line 25.
 LaTeX Font Info:    Overwriting symbol font `operators' in version `bold'
 (Font)                  OT1/cmr/bx/n --> OT1/lmr/bx/n on input line 26.
 LaTeX Font Info:    Overwriting symbol font `letters' in version `bold'
 (Font)                  OML/cmm/b/it --> OML/lmm/b/it on input line 27.
 LaTeX Font Info:    Overwriting symbol font `symbols' in version `bold'
 (Font)                  OMS/cmsy/b/n --> OMS/lmsy/b/n on input line 28.
 LaTeX Font Info:    Overwriting symbol font `largesymbols' in version `bold'
 (Font)                  OMX/cmex/m/n --> OMX/lmex/m/n on input line 29.
 LaTeX Font Info:    Overwriting math alphabet `\mathbf' in version `normal'
 (Font)                  OT1/cmr/bx/n --> OT1/lmr/bx/n on input line 31.
 LaTeX Font Info:    Overwriting math alphabet `\mathsf' in version `normal'
 (Font)                  OT1/cmss/m/n --> OT1/lmss/m/n on input line 32.
 LaTeX Font Info:    Overwriting math alphabet `\mathit' in version `normal'
 (Font)                  OT1/cmr/m/it --> OT1/lmr/m/it on input line 33.
 LaTeX Font Info:    Overwriting math alphabet `\mathtt' in version `normal'
 (Font)                  OT1/cmtt/m/n --> OT1/lmtt/m/n on input line 34.
 LaTeX Font Info:    Overwriting math alphabet `\mathbf' in version `bold'
 (Font)                  OT1/cmr/bx/n --> OT1/lmr/bx/n on input line 35.
 LaTeX Font Info:    Overwriting math alphabet `\mathsf' in version `bold'
 (Font)                  OT1/cmss/bx/n --> OT1/lmss/bx/n on input line 36.
 LaTeX Font Info:    Overwriting math alphabet `\mathit' in version `bold'
 (Font)                  OT1/cmr/bx/it --> OT1/lmr/bx/it on input line 37.
 LaTeX Font Info:    Overwriting math alphabet `\mathtt' in version `bold'
 (Font)                  OT1/cmtt/m/n --> OT1/lmtt/m/n on input line 38.
 )
 (/usr/share/texlive/texmf-dist/tex/latex/geometry/geometry.sty
 Package: geometry 2020/01/02 v5.9 Page Geometry
 (/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
 Package: keyval 2022/05/29 v1.15 key=value parser (DPC)
 \KV@toks@=\toks19
 )
 (/usr/share/texlive/texmf-dist/tex/generic/iftex/ifvtex.sty
 Package: ifvtex 2019/10/25 v1.7 ifvtex legacy package. Use iftex instead.
 (/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty
 Package: iftex 2024/12/12 v1.0g TeX engine tests
 ))
 \Gm@cnth=\count270
 \Gm@cntv=\count271
 \c@Gm@tempcnt=\count272
 \Gm@bindingoffset=\dimen142
 \Gm@wd@mp=\dimen143
 \Gm@odd@mp=\dimen144
 \Gm@even@mp=\dimen145
 \Gm@layoutwidth=\dimen146
 \Gm@layoutheight=\dimen147
 \Gm@layouthoffset=\dimen148
 \Gm@layoutvoffset=\dimen149
 \Gm@dimlist=\toks20
 )
 (/usr/share/texlive/texmf-dist/tex/latex/listings/listings.sty
 \lst@mode=\count273
 \lst@gtempboxa=\box52
 \lst@token=\toks21
 \lst@length=\count274
 \lst@currlwidth=\dimen150
 \lst@column=\count275
 \lst@pos=\count276
 \lst@lostspace=\dimen151
 \lst@width=\dimen152
 \lst@newlines=\count277
 \lst@lineno=\count278
 \lst@maxwidth=\dimen153
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstpatch.sty
 File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
 )
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstmisc.sty
 File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
 \c@lstnumber=\count279
 \lst@skipnumbers=\count280
 \lst@framebox=\box53
 )
 (/usr/share/texlive/texmf-dist/tex/latex/listings/listings.cfg
 File: listings.cfg 2024/09/23 1.10c listings configuration
 ))
 Package: listings 2024/09/23 1.10c (Carsten Heinz)
 (/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty
 Package: xcolor 2024/09/29 v3.02 LaTeX color extensions (UK)
 (/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg
 File: color.cfg 2016/01/02 v1.6 sample color configuration
 )
 Package xcolor Info: Driver file: pdftex.def on input line 274.
 (/usr/share/texlive/texmf-dist/tex/latex/graphics-def/pdftex.def
 File: pdftex.def 2024/04/13 v1.2c Graphics/color driver for pdftex
 )
 (/usr/share/texlive/texmf-dist/tex/latex/graphics/mathcolor.ltx)
 Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1349.
 Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1353.
 Package xcolor Info: Model `RGB' extended on input line 1365.
 Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1367.
 Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1368.
 Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1369.
 Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1370.
 Package xcolor Info: Model `Gray' substituted by `gray' on input line 1371.
 Package xcolor Info: Model `wave' substituted by `hsb' on input line 1372.
 )
 (/usr/share/texlive/texmf-dist/tex/latex/parskip/parskip.sty
 Package: parskip 2021-03-14 v2.0h non-zero parskip adjustments
 (/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty
 Package: kvoptions 2022-06-15 v3.15 Key value format for package options (HO)
 (/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
 Package: ltxcmds 2023-12-04 v1.26 LaTeX kernel commands for general use (HO)
 )
 (/usr/share/texlive/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
 Package: kvsetkeys 2022-10-05 v1.19 Key value parser (HO)
 ))
 (/usr/share/texlive/texmf-dist/tex/latex/etoolbox/etoolbox.sty
 Package: etoolbox 2025/02/11 v2.5l e-TeX tools for LaTeX (JAW)
 \etb@tempcnta=\count281
 ))
 LaTeX Font Info:    Trying to load font information for T1+lmr on input line 49
 .
 (/usr/share/texmf/tex/latex/lm/t1lmr.fd
 File: t1lmr.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 (/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
 File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
 \l__color_backend_stack_int=\count282
 \l__pdf_internal_box=\box54
 )
 (./main.aux)
 \openout1 = `main.aux'.
 LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 49.
 LaTeX Font Info:    ... okay on input line 49.
 *geometry* driver: auto-detecting
 *geometry* detected driver: pdftex
 *geometry* verbose mode - [ preamble ] result:
 * driver: pdftex
 * paper: a4paper
 * layout: <same size as paper>
 * layoutoffset:(h,v)=(0.0pt,0.0pt)
 * modes: 
 * h-part:(L,W,R)=(72.26999pt, 452.9679pt, 72.26999pt)
 * v-part:(T,H,B)=(72.26999pt, 700.50687pt, 72.26999pt)
 * \paperwidth=597.50787pt
 * \paperheight=845.04684pt
 * \textwidth=452.9679pt
 * \textheight=700.50687pt
 * \oddsidemargin=0.0pt
 * \evensidemargin=0.0pt
 * \topmargin=-37.0pt
 * \headheight=12.0pt
 * \headsep=25.0pt
 * \topskip=12.0pt
 * \footskip=30.0pt
 * \marginparwidth=35.0pt
 * \marginparsep=10.0pt
 * \columnsep=10.0pt
 * \skip\footins=10.8pt plus 4.0pt minus 2.0pt
 * \hoffset=0.0pt
 * \voffset=0.0pt
 * \mag=1000
 * \@twocolumnfalse
 * \@twosidefalse
 * \@mparswitchfalse
 * \@reversemarginfalse
 * (1in=72.27pt=25.4mm, 1cm=28.453pt)
 \c@lstlisting=\count283
 (/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
 [Loading MPS to PDF converter (version 2006.09.02).]
 \scratchcounter=\count284
 \scratchdimen=\dimen154
 \scratchbox=\box55
 \nofMPsegments=\count285
 \nofMParguments=\count286
 \everyMPshowfont=\toks22
 \MPscratchCnt=\count287
 \MPscratchDim=\dimen155
 \MPnumerator=\count288
 \makeMPintoPDFobject=\count289
 \everyMPtoPDFconversion=\toks23
 )
 LaTeX Font Info:    Trying to load font information for OT1+lmr on input line 5
 4.
 (/usr/share/texmf/tex/latex/lm/ot1lmr.fd
 File: ot1lmr.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 LaTeX Font Info:    Trying to load font information for OML+lmm on input line 5
 4.
 (/usr/share/texmf/tex/latex/lm/omllmm.fd
 File: omllmm.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 LaTeX Font Info:    Trying to load font information for OMS+lmsy on input line 
 54.
 (/usr/share/texmf/tex/latex/lm/omslmsy.fd
 File: omslmsy.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 LaTeX Font Info:    Trying to load font information for OMX+lmex on input line 
 54.
 (/usr/share/texmf/tex/latex/lm/omxlmex.fd
 File: omxlmex.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 LaTeX Font Info:    External font `lmex10' loaded for size
 (Font)              <14.4> on input line 54.
 LaTeX Font Info:    External font `lmex10' loaded for size
 (Font)              <10> on input line 54.
 LaTeX Font Info:    External font `lmex10' loaded for size
 (Font)              <7> on input line 54.
 LaTeX Font Info:    Trying to load font information for T1+lmtt on input line 5
 7.
 (/usr/share/texmf/tex/latex/lm/t1lmtt.fd
 File: t1lmtt.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 LaTeX Font Info:    Trying to load font information for TS1+lmr on input line 6
 2.
 (/usr/share/texmf/tex/latex/lm/ts1lmr.fd
 File: ts1lmr.fd 2015/05/01 v1.6.1 Font defs for Latin Modern
 )
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
 File: lstlang1.sty 2024/09/23 1.10c listings language file
 )
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
 File: lstlang1.sty 2024/09/23 1.10c listings language file
 )
 Overfull \hbox (23.59369pt too wide) in paragraph at lines 80--81
 \T1/lmr/m/n/12 The \T1/lmtt/m/n/12 security.syscalls.intercept.mount\T1/lmr/m/n
 /12 , \T1/lmtt/m/n/12 security.nesting\T1/lmr/m/n/12 , and \T1/lmtt/m/n/12 secu
 rity.privileged
 []
 [1
 {/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf/fonts/enc/
 dvips/lm/lm-ec.enc}{/usr/share/texmf/fonts/enc/dvips/lm/lm-ts1.enc}]
 (/usr/share/texlive/texmf-dist/tex/latex/listings/lstlang1.sty
 File: lstlang1.sty 2024/09/23 1.10c listings language file
 )
 [2]
 [3]
 LaTeX Font Info:    Font shape `T1/lmtt/bx/n' in size <10.95> not available
 (Font)              Font shape `T1/lmtt/b/n' tried instead on input line 172.
 [4]
 Overfull \hbox (25.69144pt too wide) in paragraph at lines 237--238
 []\T1/lmtt/m/n/12 dhcp-range\T1/lmr/m/n/12 : De-fines the IP range for DHCP cli
 ents (from 192.168.1.100 to 192.168.1.200,
 []
 [5]
 ! LaTeX Error: \begin{document} ended by \end{verbatim}.
 See the LaTeX manual or LaTeX Companion for explanation.
 Type  H <return>  for immediate help.
 ...                                              
 l.296 \end{verbatim}
 ? 
 ! Extra \endgroup.
 \end  ...end#1\endcsname \@checkend {#1}\endgroup 
                                                  \UseHook {env/#1/after}\if...
 l.296 \end{verbatim}
 ? 
 LaTeX Font Info:    Font shape `T1/lmtt/bx/n' in size <12> not available
 (Font)              Font shape `T1/lmtt/b/n' tried instead on input line 300.
 [6]
 LaTeX Font Info:    External font `lmex10' loaded for size
 (Font)              <12> on input line 335.
 LaTeX Font Info:    External font `lmex10' loaded for size
 (Font)              <8> on input line 335.
 LaTeX Font Info:    External font `lmex10' loaded for size
 (Font)              <6> on input line 335.
 [7] (./main.aux)
 ***********
 LaTeX2e <2024-11-01> patch level 2
 L3 programming layer <2025-01-18>
 ***********
 ) 
 Here is how much of TeX's memory you used:
 5182 strings out of 475178
 74732 string characters out of 5766539
 825834 words of memory out of 5000000
 28127 multiletter control sequences out of 15000+600000
 614648 words of font info for 72 fonts, out of 8000000 for 9000
 14 hyphenation exceptions out of 8191
 57i,7n,65p,493b,1620s stack positions out of 10000i,1000n,20000p,200000b,200000s
 </usr/share/texmf/fonts/type1/public/lm/lmbx12.pfb></usr/share/texmf/fonts/ty
 pe1/public/lm/lmr12.pfb></usr/share/texmf/fonts/type1/public/lm/lmr17.pfb></usr
 /share/texmf/fonts/type1/public/lm/lmr6.pfb></usr/share/texmf/fonts/type1/publi
 c/lm/lmri12.pfb></usr/share/texmf/fonts/type1/public/lm/lmtk10.pfb></usr/share/
 texmf/fonts/type1/public/lm/lmtt10.pfb></usr/share/texmf/fonts/type1/public/lm/
 lmtt12.pfb>
 Output written on main.pdf (7 pages, 232455 bytes).
 PDF statistics:
 73 PDF objects out of 1000 (max. 8388607)
 46 compressed objects within 1 object stream
 0 named destinations out of 1000 (max. 500000)
 1 words of extra memory for PDF output out of 10000 (max. 10000000)
--- a/dnsmasq/doc/main.pdf
+++ b/dnsmasq/doc/main.pdf
--- a/dnsmasq/doc/main.tex
+++ b/dnsmasq/doc/main.tex
@ -0,0 +1,356 @@
 \documentclass[a4paper,12pt]{article}
 \usepackage[utf8]{inputenc}
 \usepackage[T1]{fontenc}
 \usepackage{lmodern}
 \usepackage{geometry}
 \geometry{margin=1in}
 \usepackage{listings}
 \usepackage{xcolor}
 \usepackage{parskip}
 \lstset{
  basicstyle=\ttfamily\small,
  breaklines=true,
  frame=single,
  numbers=left,
  numberstyle=\tiny,
  keywordstyle=\color{blue},
  commentstyle=\color{gray},
  stringstyle=\color{red}
 }
 % Define YAML language for listings
 \lstdefinelanguage{yaml}{
  keywords={true,false,null,yaml,network,version,ethernets,dhcp4,addresses,routes,to,via,nameservers},
  keywordstyle=\color{blue}\bfseries,
  basicstyle=\ttfamily\small,
  sensitive=false,
  comment=[l]{\#},
  commentstyle=\color{gray}\itshape,
  stringstyle=\color{red},
  morestring=[b]{"},
  morestring=[b]{'}
 }
 % Define Python language for listings
 \lstdefinelanguage{python}{
  keywords={def,class,import,from,as,try,except,with,return,raise,if,elif,else,for,in,while,break,continue},
  keywordstyle=\color{blue}\bfseries,
  basicstyle=\ttfamily\small,
  sensitive=true,
  comment=[l]{\#},
  commentstyle=\color{gray}\itshape,
  stringstyle=\color{red},
  morestring=[b]{"},
  morestring=[b]{'},
  identifierstyle=\color{black}
 }
 \begin{document}
 \title{Basic Configuration of dnsmasq in an Incus Container on Debian with Netplan}
 \author{}
 \date{}
 \maketitle
 \section{Introduction}
 This guide provides step-by-step instructions for setting up \texttt{dnsmasq} as a DNS and DHCP server in an Incus container running Debian. The network configuration is managed using Netplan and a custom Python script to create virtual Ethernet (veth) pairs and bridges, ensuring proper network integration.
 \section{Prerequisites}
 Before proceeding, ensure the following:
 \begin{itemize}
  \item Incus is installed on the host system (\texttt{sudo apt install incus}).
  \item A Debian-based container is created in Incus.
  \item Python 3 and the \texttt{pyroute2} package are installed on the host (\texttt{sudo apt install python3 python3-pyroute2}).
  \item Basic knowledge of Linux networking and container management.
  \item Root or sudo access to the host and container.
 \end{itemize}
 \section{Step-by-Step Configuration}
 \subsection{Creating and Setting Up the Incus Container}
 Create a Debian container named \texttt{dnsmasq-container} using the following commands on the host:
 \begin{lstlisting}[language=bash]
 incus create images:debian/12 dnsmasq-container
 incus config set dnsmasq-container security.syscalls.intercept.mount true
 incus config set dnsmasq-container security.nesting true
 incus config set dnsmasq-container security.privileged true
 incus start dnsmasq-container
 \end{lstlisting}
 The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
 \subsection{Installing Additional Packages}
 Install the necessary packages inside the container:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- apt update
 incus exec dnsmasq-container -- apt install -y \
    netplan.io \
    sudo vim nano git tmux mc zip unzip curl wget htop lynx \
    iproute2 termshark bridge-utils \
    python3 python3-ipython python3-pyroute2 python3-scapy \
    docker.io docker-compose
 \end{lstlisting}
 \subsection{Configuring Users and Permissions}
 Configure user access and permissions within the container.
 \subsubsection{Changing the Root Password}
 Set the root password to "passroot":
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- bash -c 'echo "root:passroot" | chpasswd'
 \end{lstlisting}
 \subsubsection{Adding a New User}
 Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- useradd -m -s /bin/bash user
 incus exec dnsmasq-container -- bash -c 'echo "user:pass" | chpasswd'
 incus exec dnsmasq-container -- usermod -aG sudo user
 incus exec dnsmasq-container -- usermod -aG docker user
 \end{lstlisting}
 \subsection{Accessing the Container}
 Access the container's shell:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- bash
 \end{lstlisting}
 \subsection{Installing dnsmasq}
 Update the package list and install \texttt{dnsmasq}:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- apt update
 incus exec dnsmasq-container -- apt install dnsmasq -y
 \end{lstlisting}
 \subsection{Configuring Network with Veth Pairs and Netplan}
 To enable advanced networking, use the provided Python script (\texttt{link.py}) to create a virtual Ethernet (veth) pair connecting the container to the host's network namespace, with an optional bridge for network integration. Save the following script as \texttt{link.py} on the host:
 \begin{lstlisting}[language=python]
 import argparse
 import os
 import subprocess
 import sys
 from pyroute2 import IPRoute, NetNS
 # ... (rest of the link.py script as provided) ...
 \end{lstlisting}
 Run the script to create a veth pair, move one end to the container's network namespace, and attach it to a bridge on the host. First, identify the container's name or ID:
 \begin{lstlisting}[language=bash]
 incus list
 \end{lstlisting}
 Assuming the container name is \texttt{dnsmasq-container}, execute the script with sudo privileges:
 \begin{lstlisting}[language=bash]
 sudo python3 link.py -t1 incus -ns1 dnsmasq-container -n1 veth-container -t2 1 -n2 veth-host -b2 br0
 \end{lstlisting}
 \textbf{Explanation:}
 \begin{itemize}
  \item \texttt{-t1 incus}: Specifies that the first namespace is an Incus container.
  \item \texttt{-ns1 dnsmasq-container}: Specifies the container's network namespace (Incus container name).
  \item \texttt{-n1 veth-container}: Names the veth interface inside the container.
  \item \texttt{-t2 1}: Specifies the default (host) namespace.
  \item \texttt{-n2 veth-host}: Names the veth interface on the host.
  \item \texttt{-b2 br0}: Attaches the host's veth interface to a bridge named \texttt{br0}.
 \end{itemize}
 Before running the script, ensure the bridge \texttt{br0} exists on the host. Create it if necessary:
 \begin{lstlisting}[language=bash]
 sudo ip link add name br0 type bridge
 sudo ip link set br0 up
 \end{lstlisting}
 The script exposes the container's network namespace, creates the veth pair, moves \texttt{veth-container} to the container's namespace, attaches \texttt{veth-host} to \texttt{br0}, and brings both interfaces up.
 \subsection{Configuring the Network with Netplan}
 Configure the container's network using Netplan to assign a static IP address to the \texttt{veth-container} interface (aliased as \texttt{eth0} for simplicity). Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml} inside the container:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- nano /etc/netplan/01-netcfg.yaml
 \end{lstlisting}
 Add the following configuration:
 \begin{lstlisting}[language=yaml]
 network:
  version: 2
  ethernets:
    eth0:
      match:
        name: veth-container
      dhcp4: no
      addresses:
        - 192.168.1.10/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
 \end{lstlisting}
 \textbf{Explanation:}
 \begin{itemize}
  \item \texttt{match: name: veth-container}: Matches the \texttt{veth-container} interface created by the script, aliased as \texttt{eth0}.
  \item \texttt{dhcp4: no}: Disables DHCP to use a static IP.
  \item \texttt{addresses}: Assigns the static IP \texttt{192.168.1.10/24}.
  \item \texttt{routes}: Sets the default gateway to \texttt{192.168.1.1}.
  \item \texttt{nameservers}: Specifies Google's DNS servers.
 \end{itemize}
 Apply the configuration:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- netplan apply
 \end{lstlisting}
 Verify the network configuration:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- ip a show eth0
 incus exec dnsmasq-container -- ping 8.8.8.8
 \end{lstlisting}
 \subsection{Configuring dnsmasq}
 Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- nano /etc/dnsmasq.conf
 \end{lstlisting}
 Add or modify the following settings to enable DNS and DHCP:
 \begin{lstlisting}
 # DNS settings
 domain-needed
 bogus-priv
 no-resolv
 server=8.8.8.8
 server=8.8.4.4
 local=/example.local/
 domain=example.local
 # DHCP settings
 dhcp-range=192.168.1.100,192.168.1.200,12h
 dhcp-option=3,192.168.1.1
 dhcp-option=6,8.8.8.8,8.8.4.4
 \end{lstlisting}
 \textbf{Explanation:}
 \begin{itemize}
  \item \texttt{domain-needed}: Prevents incomplete domain names from being sent to upstream DNS.
  \item \texttt{bogus-priv}: Blocks reverse DNS lookups for private IP ranges.
  \item \texttt{no-resolv}: Disables reading \texttt{/etc/resolv.conf}.
  \item \texttt{server}: Specifies upstream DNS servers (Google DNS in this case).
  \item \texttt{local} and \texttt{domain}: Configures a local domain.
  \item \texttt{dhcp-range}: Defines the IP range for DHCP clients (from 192.168.1.100 to 192.168.1.200, lease time 12 hours).
  \item \texttt{dhcp-option}: Sets the default gateway (option 3) and DNS servers (option 6).
 \end{itemize}
 \subsection{Starting and Enabling dnsmasq}
 Restart and enable the \texttt{dnsmasq} service:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- systemctl restart dnsmasq
 incus exec dnsmasq-container -- systemctl enable dnsmasq
 \end{lstlisting}
 Verify that \texttt{dnsmasq} is running:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- systemctl status dnsmasq
 \end{lstlisting}
 \subsection{Testing the Configuration}
 Test DNS resolution from within the container:
 \begin{lstlisting}[language=bash]
 incus exec dnsmasq-container -- nslookup example.local 192.168.1.10
 \end{lstlisting}
 To test DHCP, connect a client device to the same network (via the \texttt{br0} bridge) and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}.
 \section{Troubleshooting}
 If \texttt{dnsmasq} fails to start:
 \begin{itemize}
  \item Check the logs: \texttt{incus exec dnsmasq-container -- journalctl -u dnsmasq}.
  \item Ensure no other service is using port 53 (DNS) or 67 (DHCP).
  \item Verify the network configuration with \texttt{incus exec dnsmasq-container -- ip a} and \texttt{incus exec dnsmasq-container -- ping 8.8.8.8}.
  \item Confirm the veth pair and bridge setup: \texttt{ip link show} on the host and \texttt{incus exec dnsmasq-container -- ip link show}.
 \end{itemize}
 \section{Conclusion}
 This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The \texttt{link.py} script and Netplan configuration ensure a robust network setup with veth pairs and static IP addressing. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}) and \texttt{pyroute2} documentation.
 \appendix
 \section{Test Topology – Dynamic\ IP Variant}
 \label{sec:topo-dhcp}
 \subsection{Logical view}
 \begin{verbatim}
                 +------------------+
                 |  Laptop / PC     |
                 |  (browser)       |
                 |  DHCP client     |
                 +--------+---------+
                          |  (br0 – 10.10.10.0/24)
 ---------- ns1  (host) ---+-------------------------------
               br0 (DHCP) |
                          |
        +-----------------+-------------------+
        |                                     |
 +-------+--------+                     +------+-------+
 | dnsmasq-ct     |                     |  web-ct      |
 | 10.10.10.2/24  |                     | DHCP client  |
 | DHCP + DNS     |                     | :1111/tcp    |
 +----------------+                     +--------------+
 \end{verbatim}
 \end{verbatim}
 \subsection{Key differences from the static-IP variant}
 \begin{itemize}
  \item \textbf{Host bridge \texttt{br0}}  
    \begin{itemize}
      \item Utwórz most, ale \emph{nie} przypisuj mu ręcznie adresu:  
        \begin{lstlisting}[language=bash]
 sudo ip link add name br0 type bridge
 sudo ip link set br0 up
 sudo dhclient -v br0          # pobiera lease od dnsmasq-ct
        \end{lstlisting}
  \end{itemize}
  \item \textbf{\texttt{dnsmasq.conf}} (w dnsmasq-ct)  
    Bez zmian poza tym, że opcja \texttt{dhcp-option 3} (gateway) wskazuje teraz
    na \textit{aktualny} adres hosta br0, nadany dynamicznie. Najprostsze
    rozwiązanie w labie: pozostaw ten wiersz pominięty — wszystkie testowe
    maszyny działają wewnątrz jednej podsieci i nie muszą wychodzić na świat.
  \item \textbf{web-ct – Netplan}  
    Usuń plik \texttt{/etc/netplan/00-static.yaml} i zostaw domyślną konfigurację
    \texttt{dhcp4: yes}:
 \begin{lstlisting}[language=bash]
 incus exec web-ct -- rm /etc/netplan/00-static.yaml
 incus exec web-ct -- bash -c 'printf "%s\n" \
 "network:" "  version: 2" "  ethernets:" \
 "    eth0:" "      dhcp4: yes" > /etc/netplan/01-dhcp.yaml'
 incus exec web-ct -- netplan apply
 \end{lstlisting}
  \item \textbf{Host ns1 jako klient DNS}  
    \begin{lstlisting}[language=bash]
 sudo bash -c 'echo "nameserver 10.10.10.2" > /etc/resolv.conf'
    \end{lstlisting}
 \end{itemize}
 \subsection{Quick test matrix}
 \begin{tabular}{l l l}
 \textbf{Sprawdzenie} & \textbf{Polecenie} & \textbf{Oczekiwany wynik} \\
 \hline
 Lease br0            & \verb|ip -4 a show br0|        & adres 10.10.10.\emph{N} \\
 DNS – strona.pl      & \verb|dig +short strona.pl|    & 10.10.10.\emph{X} (web-ct) \\
 HTTP                 & przeglądarka → \verb|http://strona.pl:1111| & treść web-ct \\
 \end{tabular}
 \subsection{Uwagi}
 \begin{itemize}
  \item W środowisku produkcyjnym upewnij się, że dnsmasq ma wpis \verb|dhcp-option=3| z
        poprawnym adresem bramy lub skonfiguruj statyczną trasę domyślną.
  \item Jeśli potrzebujesz stałego adresu dla web-ct, użyj
        \verb|dhcp-host=| w \texttt{dnsmasq.conf}, np.:  
        \verb|dhcp-host=mac:AA:BB:CC:DD:EE:FF,10.10.10.3|
 \end{itemize}
 \clearpage
 \end{document}
--- a/dnsmasq/py/files.py
+++ b/dnsmasq/py/files.py
--- a/dnsmasq/py/link.py
+++ b/dnsmasq/py/link.py
--- a/dnsmasq/scripts/dnsmasq_config_1.conf
+++ b/dnsmasq/scripts/dnsmasq_config_1.conf
--- a/dnsmasq/scripts/incus_script_1.sh
+++ b/dnsmasq/scripts/incus_script_1.sh
@ -0,0 +1,5 @@
 incus create images:debian/12 dnsmasq-container
 incus config set dnsmasq-container security.syscalls.intercept.mount true
 incus config set dnsmasq-container security.nesting true
 incus config set dnsmasq-container security.privileged true
 incus start dnsmasq-container
--- a/dnsmasq/scripts/incus_script_10.sh
+++ b/dnsmasq/scripts/incus_script_10.sh
--- a/dnsmasq/scripts/incus_script_11.sh
+++ b/dnsmasq/scripts/incus_script_11.sh
--- a/dnsmasq/scripts/incus_script_12.sh
+++ b/dnsmasq/scripts/incus_script_12.sh
--- a/dnsmasq/scripts/incus_script_2.sh
+++ b/dnsmasq/scripts/incus_script_2.sh
--- a/dnsmasq/scripts/incus_script_3.sh
+++ b/dnsmasq/scripts/incus_script_3.sh
--- a/dnsmasq/scripts/incus_script_4.sh
+++ b/dnsmasq/scripts/incus_script_4.sh
--- a/dnsmasq/scripts/incus_script_5.sh
+++ b/dnsmasq/scripts/incus_script_5.sh
--- a/dnsmasq/scripts/incus_script_6.sh
+++ b/dnsmasq/scripts/incus_script_6.sh
--- a/dnsmasq/scripts/incus_script_7.sh
+++ b/dnsmasq/scripts/incus_script_7.sh
--- a/dnsmasq/scripts/incus_script_8.sh
+++ b/dnsmasq/scripts/incus_script_8.sh
--- a/dnsmasq/scripts/incus_script_9.sh
+++ b/dnsmasq/scripts/incus_script_9.sh
--- a/dnsmasq/scripts/netplan_config_1.yaml
+++ b/dnsmasq/scripts/netplan_config_1.yaml
--- a/dnsmasq/todo/1.txt
+++ b/dnsmasq/todo/1.txt
@ -0,0 +1,5 @@
 sudo mount -o remount,rw /sys
 sudo systemctl restart systemd-udevd
 sudo systemctl stop systemd-resolved
 sudo systemctl disable systemd-resolved
--- a/dnsmasq/token.txt
+++ b/dnsmasq/token.txt
@ -0,0 +1 @@
 t8:37b0111174ee4067a3c1c27dace2f4874d3f0860
--- a/doc/.keep
+++ b/doc/.keep
--- a/doc/.main.tex.swo
+++ b/doc/.main.tex.swo
--- a/doc/.main.tex.swp
+++ b/doc/.main.tex.swp
--- a/doc/main.md
+++ b/doc/main.md
@ -1,273 +0,0 @@
 ---
 title: Basic Configuration of dnsmasq in an Incus Container on Debian
  with Netplan
 ---
 # Introduction
 This guide provides step-by-step instructions for setting up `dnsmasq`
 as a DNS and DHCP server in an Incus container running Debian. The
 network configuration is managed using Netplan to ensure proper network
 integration.
 # Prerequisites
 Before proceeding, ensure the following:
 \- Incus is installed on the host system (`sudo apt install incus`).
 \- A Debian-based container is created in Incus.
 \- Basic knowledge of Linux networking and container management.
 \- Root or sudo access to the host and container.
 # Step-by-Step Configuration
 ## Creating and Setting Up the Incus Container
 Create a Debian container named `deb1` using the following commands on
 the host:
 ``` {.bash language="bash"}
 incus create images:debian/12 deb1
 incus config set deb1 security.syscalls.intercept.mount true
 incus config set deb1 security.nesting true
 incus config set deb1 security.privileged true
 incus start deb1
 ```
 The `security.syscalls.intercept.mount`, `security.nesting`, and
 `security.privileged` settings are required for `dnsmasq` and Docker to
 function correctly in the container.
 ## Firewall Configuration
 To allow traffic forwarding between the `incusbr0` bridge and the `wlo1`
 wireless interface, the following iptables rules are applied:
    sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
    sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 ## Installing Additional Packages
 Install the necessary packages inside the container:
 ``` {.bash language="bash"}
 incus exec deb1 -- apt update
 incus exec deb1 -- apt install -y \
    netplan.io \
    sudo vim nano git tmux mc zip unzip curl wget htop lynx \
    iproute2 termshark bridge-utils \
    python3 python3-ipython python3-pyroute2 python3-scapy \
    docker.io docker-compose
 ```
 ## Configuring Users and Permissions
 Configure user access and permissions within the container.
 ### Changing the Root Password
 Set the root password to \"passroot\":
 ``` {.bash language="bash"}
 incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
 ```
 ### Adding a New User
 Add a new user named \"user\" with the password \"pass\" and add them to
 the \"sudo\" and \"docker\" groups:
 ``` {.bash language="bash"}
 sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
 ```
 ## Accessing the Container
 Access the container's shell:
 ``` {.bash language="bash"}
 incus exec deb1 -- su - user 
 ```
 # Setting Up a Veth Pair Between Container and Network Namespace
 To enable direct communication between a container and a network
 namespace, a virtual Ethernet (`veth`) pair is created. The following
 Python script (`link.py`) is used to create a `veth` pair between the
 `deb1` (an Incus container) and the `ns1` network namespace, with
 interfaces named `vA` and `vB`.
    sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
 This command:
 \- Creates a `veth` pair with one end (`vA`) in the default namespace
 and the other end (`vB`) in the `deb1`'s network namespace.
 \- Ensures the interfaces are set up and operational, allowing network
 traffic to flow between the container and the `ns1` namespace (or
 default namespace if `ns1` is not explicitly created).
 The script uses the `pyroute2` library to manage network interfaces and
 namespaces, and supports container types such as Incus, LXC, LXD, and
 Docker. Ensure the `deb1` is running in Incus before executing the
 command.
 ## Configuring the Network with Netplan
 Configure the container's network using Netplan to assign a static IP
 address. Create or edit the Netplan configuration file at
 `/etc/netplan/01-netcfg.yaml`:
 ``` {.bash language="bash"}
 incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
 ```
 Add the following configuration:
 ``` {.yaml language="yaml"}
 network:
  version: 2
  ethernets:
    vB:
      dhcp4: no
      addresses:
        - 192.168.1.10/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
 ```
 Apply the configuration:
 ``` {.bash language="bash"}
 incus exec deb1 -- netplan apply
 ```
 ## Installing dnsmasq
 Update the package list and install `dnsmasq`:
 ``` {.bash language="bash"}
 incus exec deb1 -- apt update
 incus exec deb1 -- apt install dnsmasq -y
 ```
 ## Configuring dnsmasq
 Edit the `dnsmasq` configuration file at `/etc/dnsmasq.conf`:
 ``` {.bash language="bash"}
 incus exec deb1 -- nano /etc/dnsmasq.conf
 ```
 Add or modify the following settings to enable DNS and DHCP:
    # DNS settings
    domain-needed
    bogus-priv
    no-resolv
    server=8.8.8.8
    server=8.8.4.4
    local=/example.local/
    domain=example.local
    # DHCP settings
    dhcp-range=192.168.1.100,192.168.1.200,12h
    dhcp-option=3,192.168.1.1
    dhcp-option=6,8.8.8.8,8.8.4.4
 **Explanation:**
 \- `domain-needed`: Prevents incomplete domain names from being sent to
 upstream DNS.
 \- `bogus-priv`: Blocks reverse DNS lookups for private IP ranges.
 \- `no-resolv`: Disables reading `/etc/resolv.conf`.
 \- `server`: Specifies upstream DNS servers (Google DNS in this case).
 \- `local` and `domain`: Configures a local domain.
 \- `dhcp-range`: Defines the IP range for DHCP clients (from
 192.168.1.100 to 192.168.1.200, lease time 12 hours).
 \- `dhcp-option`: Sets the default gateway (option 3) and DNS servers
 (option 6).
 ## System-Level Adjustments for Network Stability
 In some cases, especially in nested or privileged containers, additional
 system-level adjustments are necessary to ensure proper network
 functionality and avoid conflicts.
 To remount the `/sys` filesystem as read-write (required if certain
 networking tools fail due to mount restrictions):
 ``` {.bash language="bash"}
 sudo mount -o remount,rw /sys
 sudo systemctl restart systemd-udevd
 ```
 Additionally, to prevent DNS conflicts with `systemd-resolved`, which
 may interfere with `dnsmasq`, stop and disable the service:
 ``` {.bash language="bash"}
 sudo systemctl stop systemd-resolved
 sudo systemctl disable systemd-resolved
 ```
 This ensures that `dnsmasq` can bind to port 53 without conflicts. If
 you require `systemd-resolved`, consider configuring it to listen on a
 different interface or using socket activation.
 ## Starting and Enabling dnsmasq
 Restart and enable the `dnsmasq` service:
 ``` {.bash language="bash"}
 incus exec deb1 -- systemctl restart dnsmasq
 incus exec deb1 -- systemctl enable dnsmasq
 ```
 Verify that `dnsmasq` is running:
 ``` {.bash language="bash"}
 incus exec deb1 -- systemctl status dnsmasq
 ```
 ## Testing the Configuration
 Test DNS resolution from within the container:
 ``` {.bash language="bash"}
 incus exec deb1 -- nslookup example.local 192.168.1.10
 ```
 To test DHCP, connect a client device to the same network and verify
 that it receives an IP address in the range
 `192.168.1.100–192.168.1.200`.
 # Troubleshooting
 If `dnsmasq` fails to start:
 \- Check the logs: `incus exec deb1 – journalctl -u dnsmasq`.
 \- Ensure no other service is using port 53 (DNS) or 67 (DHCP).
 \- Verify the network configuration with `incus exec deb1 – ip a` and
 `incus exec deb1 – ping 8.8.8.8`.
 # Conclusion
 This guide configures `dnsmasq` as a DNS and DHCP server in an Incus
 container on Debian. The Netplan configuration ensures proper network
 setup. For advanced configurations, refer to the `dnsmasq` documentation
 (`man dnsmasq`).
--- a/doc/main.pdf
+++ b/doc/main.pdf
--- a/doc/main.tex
+++ b/doc/main.tex
@ -1,260 +0,0 @@
 \documentclass[a4paper,12pt]{article}
 \usepackage[utf8]{inputenc}
 \usepackage[T1]{fontenc}
 \usepackage{lmodern}
 \usepackage{geometry}
 \geometry{margin=1in}
 \usepackage{listings}
 \usepackage{xcolor}
 \usepackage{parskip}
 \lstset{
  basicstyle=\ttfamily\small,
  breaklines=true,
  frame=single,
  numbers=left,
  numberstyle=\tiny,
  keywordstyle=\color{blue},
  commentstyle=\color{gray},
  stringstyle=\color{red}
 }
 % Define YAML language for listings
 \lstdefinelanguage{yaml}{
  keywords={true,false,null,yaml,network,version,ethernets,dhcp4,addresses,routes,to,via,nameservers},
  keywordstyle=\color{blue}\bfseries,
  basicstyle=\ttfamily\small,
  sensitive=false,
  comment=[l]{\#},
  commentstyle=\color{gray}\itshape,
  stringstyle=\color{red},
  morestring=[b]{"},
  morestring=[b]{'}
 }
 \begin{document}
 \title{Basic Configuration of dnsmasq in an Incus Container on Debian with Netplan}
 \author{}
 \date{}
 \maketitle
 \section{Introduction}
 This guide provides step-by-step instructions for setting up \texttt{dnsmasq} as a DNS and DHCP server in an Incus container running Debian. The network configuration is managed using Netplan to ensure proper network integration.
 \section{Prerequisites}
 Before proceeding, ensure the following:
 - Incus is installed on the host system (\texttt{sudo apt install incus}).
 - A Debian-based container is created in Incus.
 - Basic knowledge of Linux networking and container management.
 - Root or sudo access to the host and container.
 \section{Step-by-Step Configuration}
 \subsection{Creating and Setting Up the Incus Container}
 Create a Debian container named \texttt{deb1} using the following commands on the host:
 \begin{lstlisting}[language=bash]
 incus create images:debian/12 deb1
 incus config set deb1 security.syscalls.intercept.mount true
 incus config set deb1 security.nesting true
 incus config set deb1 security.privileged true
 incus start deb1
 \end{lstlisting}
 The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
 \subsection{Firewall Configuration}
 To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt{wlo1} wireless interface, the following iptables rules are applied:
 \begin{lstlisting}
 sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
 sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 sudo iptables -P FORWARD ACCEPT
 \end{lstlistingi}
 \subsection{Installing Additional Packages}
 Install the necessary packages inside the container:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- apt update
 incus exec deb1 -- apt install -y \
    netplan.io \
    sudo vim nano git tmux mc zip unzip curl wget htop lynx \
    iproute2 termshark bridge-utils \
    python3 python3-ipython python3-pyroute2 python3-scapy \
    docker.io docker-compose
 \end{lstlisting}
 \subsection{Configuring Users and Permissions}
 Configure user access and permissions within the container.
 \subsubsection{Changing the Root Password}
 Set the root password to "passroot":
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
 \end{lstlisting}
 \subsubsection{Adding a New User}
 Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups:
 \begin{lstlisting}[language=bash]
 sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
 \end{lstlisting}
 \subsection{Accessing the Container}
 Access the container's shell:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- su - user 
 \end{lstlisting}
 \section{Setting Up a Veth Pair Between Container and Network Namespace}
 To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}.
 \begin{lstlisting}
 sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
 \end{lstlisting}
 This command:
 - Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace.
 - Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created).
 The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command.
 \subsection{Configuring the Network with Netplan}
 Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
 \end{lstlisting}
 Add the following configuration:
 \begin{lstlisting}[language=yaml]
 network:
  version: 2
  ethernets:
    vB:
      dhcp4: no
      addresses:
        - 192.168.1.10/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
 \end{lstlisting}
 Apply the configuration:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- netplan apply
 \end{lstlisting}
 \subsection{Installing dnsmasq}
 Update the package list and install \texttt{dnsmasq}:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- apt update
 incus exec deb1 -- apt install dnsmasq -y
 \end{lstlisting}
 \subsection{Configuring dnsmasq}
 Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- nano /etc/dnsmasq.conf
 \end{lstlisting}
 Add or modify the following settings to enable DNS and DHCP:
 \begin{lstlisting}
 # DNS settings
 domain-needed
 bogus-priv
 no-resolv
 server=8.8.8.8
 server=8.8.4.4
 local=/example.local/
 domain=example.local
 # DHCP settings
 dhcp-range=192.168.1.100,192.168.1.200,12h
 dhcp-option=3,192.168.1.1
 # Opcja DHCP numer 6 (dhcp-option=6) służy do ustawiania adresu serwera DNS dla klientów DHCP
 dhcp-option=6,192.168.1.10
 \end{lstlisting}
 \textbf{Explanation:}
 - \texttt{domain-needed}: Prevents incomplete domain names from being sent to upstream DNS.
 - \texttt{bogus-priv}: Blocks reverse DNS lookups for private IP ranges.
 - \texttt{no-resolv}: Disables reading \texttt{/etc/resolv.conf}.
 - \texttt{server}: Specifies upstream DNS servers (Google DNS in this case).
 - \texttt{local} and \texttt{domain}: Configures a local domain.
 - \texttt{dhcp-range}: Defines the IP range for DHCP clients (from 192.168.1.100 to 192.168.1.200, lease time 12 hours).
 - \texttt{dhcp-option}: Sets the default gateway (option 3) and DNS servers (option 6).
 % ————————————————————————————————
 % 🔧 NOWA SEKCJA: System-Level Adjustments
 % ————————————————————————————————
 \subsection{System-Level Adjustments for Network Stability}
 In some cases, especially in nested or privileged containers, additional system-level adjustments are necessary to ensure proper network functionality and avoid conflicts.
 To remount the \texttt{/sys} filesystem as read-write (required if certain networking tools fail due to mount restrictions):
 \begin{lstlisting}[language=bash]
 sudo mount -o remount,rw /sys
 sudo systemctl restart systemd-udevd
 \end{lstlisting}
 Additionally, to prevent DNS conflicts with \texttt{systemd-resolved}, which may interfere with \texttt{dnsmasq}, stop and disable the service:
 \begin{lstlisting}[language=bash]
 sudo systemctl stop systemd-resolved
 sudo systemctl disable systemd-resolved
 \end{lstlisting}
 This ensures that \texttt{dnsmasq} can bind to port 53 without conflicts. If you require \texttt{systemd-resolved}, consider configuring it to listen on a different interface or using socket activation.
 % ————————————————————————————————
 \subsection{Starting and Enabling dnsmasq}
 Restart and enable the \texttt{dnsmasq} service:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- systemctl restart dnsmasq
 incus exec deb1 -- systemctl enable dnsmasq
 \end{lstlisting}
 Verify that \texttt{dnsmasq} is running:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- systemctl status dnsmasq
 \end{lstlisting}
 \subsection{Testing the Configuration}
 Test DNS resolution from within the container:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- nslookup example.local 192.168.1.10
 \end{lstlisting}
 To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}.
 \section{Troubleshooting}
 If \texttt{dnsmasq} fails to start:
 - Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}.
 - Ensure no other service is using port 53 (DNS) or 67 (DHCP).
 - Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}.
 \section{Conclusion}
 This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}).
 \end{document}
--- a/doc/~
+++ b/doc/~
@ -1,257 +0,0 @@
 \documentclass[a4paper,12pt]{article}
 \usepackage[utf8]{inputenc}
 \usepackage[T1]{fontenc}
 \usepackage{lmodern}
 \usepackage{geometry}
 \geometry{margin=1in}
 \usepackage{listings}
 \usepackage{xcolor}
 \usepackage{parskip}
 \lstset{
  basicstyle=\ttfamily\small,
  breaklines=true,
  frame=single,
  numbers=left,
  numberstyle=\tiny,
  keywordstyle=\color{blue},
  commentstyle=\color{gray},
  stringstyle=\color{red}
 }
 % Define YAML language for listings
 \lstdefinelanguage{yaml}{
  keywords={true,false,null,yaml,network,version,ethernets,dhcp4,addresses,routes,to,via,nameservers},
  keywordstyle=\color{blue}\bfseries,
  basicstyle=\ttfamily\small,
  sensitive=false,
  comment=[l]{\#},
  commentstyle=\color{gray}\itshape,
  stringstyle=\color{red},
  morestring=[b]{"},
  morestring=[b]{'}
 }
 \begin{document}
 \title{Basic Configuration of dnsmasq in an Incus Container on Debian with Netplan}
 \author{}
 \date{}
 \maketitle
 \section{Introduction}
 This guide provides step-by-step instructions for setting up \texttt{dnsmasq} as a DNS and DHCP server in an Incus container running Debian. The network configuration is managed using Netplan to ensure proper network integration.
 \section{Prerequisites}
 Before proceeding, ensure the following:
 - Incus is installed on the host system (\texttt{sudo apt install incus}).
 - A Debian-based container is created in Incus.
 - Basic knowledge of Linux networking and container management.
 - Root or sudo access to the host and container.
 \section{Step-by-Step Configuration}
 \subsection{Creating and Setting Up the Incus Container}
 Create a Debian container named \texttt{deb1} using the following commands on the host:
 \begin{lstlisting}[language=bash]
 incus create images:debian/12 deb1
 incus config set deb1 security.syscalls.intercept.mount true
 incus config set deb1 security.nesting true
 incus config set deb1 security.privileged true
 incus start deb1
 \end{lstlisting}
 The \texttt{security.syscalls.intercept.mount}, \texttt{security.nesting}, and \texttt{security.privileged} settings are required for \texttt{dnsmasq} and Docker to function correctly in the container.
 \subsection{Firewall Configuration}
 To allow traffic forwarding between the \texttt{incusbr0} bridge and the \texttt{wlo1} wireless interface, the following iptables rules are applied:
 \begin{lstlisting}
 sudo iptables -A FORWARD -i incusbr0 -o wlo1 -j ACCEPT
 sudo iptables -A FORWARD -i wlo1 -o incusbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 sudo iptables -P FORWARD ACCEPT
 \end{lstlistingi}
 \subsection{Installing Additional Packages}
 Install the necessary packages inside the container:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- apt update
 incus exec deb1 -- apt install -y \
    netplan.io \
    sudo vim nano git tmux mc zip unzip curl wget htop lynx \
    iproute2 termshark bridge-utils \
    python3 python3-ipython python3-pyroute2 python3-scapy \
    docker.io docker-compose
 \end{lstlisting}
 \subsection{Configuring Users and Permissions}
 Configure user access and permissions within the container.
 \subsubsection{Changing the Root Password}
 Set the root password to "passroot":
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
 \end{lstlisting}
 \subsubsection{Adding a New User}
 Add a new user named "user" with the password "pass" and add them to the "sudo" and "docker" groups:
 \begin{lstlisting}[language=bash]
 sudo useradd -m -s /bin/bash -G sudo user && echo 'user:pass' | sudo chpasswd
 \end{lstlisting}
 \subsection{Accessing the Container}
 Access the container's shell:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- su - user 
 \end{lstlisting}
 \section{Setting Up a Veth Pair Between Container and Network Namespace}
 To enable direct communication between a container and a network namespace, a virtual Ethernet (\texttt{veth}) pair is created. The following Python script (\texttt{link.py}) is used to create a \texttt{veth} pair between the \texttt{deb1} (an Incus container) and the \texttt{ns1} network namespace, with interfaces named \texttt{vA} and \texttt{vB}.
 \begin{lstlisting}
 sudo python3 link.py -n1 vA -t2 incus -ns2 deb1 -n2 vB
 \end{lstlisting}
 This command:
 - Creates a \texttt{veth} pair with one end (\texttt{vA}) in the default namespace and the other end (\texttt{vB}) in the \texttt{deb1}'s network namespace.
 - Ensures the interfaces are set up and operational, allowing network traffic to flow between the container and the \texttt{ns1} namespace (or default namespace if \texttt{ns1} is not explicitly created).
 The script uses the \texttt{pyroute2} library to manage network interfaces and namespaces, and supports container types such as Incus, LXC, LXD, and Docker. Ensure the \texttt{deb1} is running in Incus before executing the command.
 \subsection{Configuring the Network with Netplan}
 Configure the container's network using Netplan to assign a static IP address. Create or edit the Netplan configuration file at \texttt{/etc/netplan/01-netcfg.yaml}:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
 \end{lstlisting}
 Add the following configuration:
 \begin{lstlisting}[language=yaml]
 network:
  version: 2
  ethernets:
    vB:
      dhcp4: no
      addresses:
        - 192.168.1.10/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
 \end{lstlisting}
 Apply the configuration:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- netplan apply
 \end{lstlisting}
 \subsection{Installing dnsmasq}
 Update the package list and install \texttt{dnsmasq}:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- apt update
 incus exec deb1 -- apt install dnsmasq -y
 \end{lstlisting}
 \subsection{Configuring dnsmasq}
 Edit the \texttt{dnsmasq} configuration file at \texttt{/etc/dnsmasq.conf}:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- nano /etc/dnsmasq.conf
 \end{lstlisting}
 Add or modify the following settings to enable DNS and DHCP:
 \begin{lstlisting}
 # DNS settings
 domain-needed
 bogus-priv
 no-resolv
 server=8.8.8.8
 server=8.8.4.4
 local=/example.local/
 domain=example.local
 # DHCP settings
 dhcp-range=192.168.1.100,192.168.1.200,12h
 dhcp-option=3,192.168.1.1
 dhcp-option=6,8.8.8.8,8.8.4.4
 \end{lstlisting}
 \textbf{Explanation:}
 - \texttt{domain-needed}: Prevents incomplete domain names from being sent to upstream DNS.
 - \texttt{bogus-priv}: Blocks reverse DNS lookups for private IP ranges.
 - \texttt{no-resolv}: Disables reading \texttt{/etc/resolv.conf}.
 - \texttt{server}: Specifies upstream DNS servers (Google DNS in this case).
 - \texttt{local} and \texttt{domain}: Configures a local domain.
 - \texttt{dhcp-range}: Defines the IP range for DHCP clients (from 192.168.1.100 to 192.168.1.200, lease time 12 hours).
 - \texttt{dhcp-option}: Sets the default gateway (option 3) and DNS servers (option 6).
 % ————————————————————————————————
 % 🔧 NOWA SEKCJA: System-Level Adjustments
 % ————————————————————————————————
 \subsection{System-Level Adjustments for Network Stability}
 In some cases, especially in nested or privileged containers, additional system-level adjustments are necessary to ensure proper network functionality and avoid conflicts.
 To remount the \texttt{/sys} filesystem as read-write (required if certain networking tools fail due to mount restrictions):
 \begin{lstlisting}[language=bash]
 sudo mount -o remount,rw /sys
 sudo systemctl restart systemd-udevd
 \end{lstlisting}
 Additionally, to prevent DNS conflicts with \texttt{systemd-resolved}, which may interfere with \texttt{dnsmasq}, stop and disable the service:
 \begin{lstlisting}[language=bash]
 sudo systemctl stop systemd-resolved
 sudo systemctl disable systemd-resolved
 \end{lstlisting}
 This ensures that \texttt{dnsmasq} can bind to port 53 without conflicts. If you require \texttt{systemd-resolved}, consider configuring it to listen on a different interface or using socket activation.
 % ————————————————————————————————
 \subsection{Starting and Enabling dnsmasq}
 Restart and enable the \texttt{dnsmasq} service:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- systemctl restart dnsmasq
 incus exec deb1 -- systemctl enable dnsmasq
 \end{lstlisting}
 Verify that \texttt{dnsmasq} is running:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- systemctl status dnsmasq
 \end{lstlisting}
 \subsection{Testing the Configuration}
 Test DNS resolution from within the container:
 \begin{lstlisting}[language=bash]
 incus exec deb1 -- nslookup example.local 192.168.1.10
 \end{lstlisting}
 To test DHCP, connect a client device to the same network and verify that it receives an IP address in the range \texttt{192.168.1.100--192.168.1.200}.
 \section{Troubleshooting}
 If \texttt{dnsmasq} fails to start:
 - Check the logs: \texttt{incus exec deb1 -- journalctl -u dnsmasq}.
 - Ensure no other service is using port 53 (DNS) or 67 (DHCP).
 - Verify the network configuration with \texttt{incus exec deb1 -- ip a} and \texttt{incus exec deb1 -- ping 8.8.8.8}.
 \section{Conclusion}
 This guide configures \texttt{dnsmasq} as a DNS and DHCP server in an Incus container on Debian. The Netplan configuration ensures proper network setup. For advanced configurations, refer to the \texttt{dnsmasq} documentation (\texttt{man dnsmasq}).
 \end{document}
--- a/py/.keep
+++ b/py/.keep
--- a/scripts/.keep
+++ b/scripts/.keep
--- a/scripts/incus_script_1.sh
+++ b/scripts/incus_script_1.sh
@ -1,5 +0,0 @@
 incus create images:debian/12 deb1
 incus config set deb1 security.syscalls.intercept.mount true
 incus config set deb1 security.nesting true
 incus config set deb1 security.privileged true
 incus start deb1
--- a/scripts/incus_scripts_ALLinONE.sh
+++ b/scripts/incus_scripts_ALLinONE.sh
@ -1,67 +0,0 @@
 #!/bin/bash
 # Restart usługi dnsmasq w kontenerze
 incus exec deb1 -- systemctl restart dnsmasq
 # Włącz automatyczne uruchamianie dnsmasq przy starcie
 incus exec deb1 -- systemctl enable dnsmasq
 # Sprawdź status usługi dnsmasq
 incus exec deb1 -- systemctl status dnsmasq
 # Test DNS — nslookup
 incus exec deb1 -- nslookup example.local 192.168.1.10
 # Utwórz nowy kontener deb1 z obrazu Debian 12
 incus create images:debian/12 deb1
 # Konfiguracja bezpieczeństwa dla kontenera deb1
 incus config set deb1 security.syscalls.intercept.mount true
 incus config set deb1 security.nesting true
 incus config set deb1 security.privileged true
 # Uruchom kontener deb1
 incus start deb1
 # Aktualizacja pakietów w kontenerze deb1
 incus exec deb1 -- apt update
 # Instalacja potrzebnych pakietów
 incus exec deb1 -- apt install -y \
    netplan.io \
    sudo vim nano git tmux mc zip unzip curl wget htop lynx \
    iproute2 termshark bridge-utils \
    python3 python3-ipython python3-pyroute2 python3-scapy \
    docker.io docker-compose
 # Ustaw hasło root
 incus exec deb1 -- bash -c 'echo "root:passroot" | chpasswd'
 # Dodaj użytkownika "user" z hasłem "pass" i  grupą "sudo" i " docker"   (opcja dla wewnątrz kontenera i z ns1
 # Wariant ns1
 sudo incus exec deb1 -- su - sudo useradd -m -s /bin/bash -G sudo,docker user && echo 'user:pass' | sudo chpasswd
 # Wariant inside container
 sudo useradd -m -s /bin/bash -G sudo,docker user && echo 'user:pass' | sudo chpasswd
 # Wejście do powłoki bash w kontenerze (opcjonalne)
 incus exec deb1 -- bash -c "echo 'Wchodzimy do bash...'; exec bash"
 # Aktualizacja pakietów ponownie
 incus exec deb1 -- apt update
 # Instalacja dnsmasq
 incus exec deb1 -- apt install dnsmasq -y
 # Edycja konfiguracji Netplan
 incus exec deb1 -- nano /etc/netplan/01-netcfg.yaml
 # Zastosowanie zmian konfiguracji sieciowej
 incus exec deb1 -- netplan apply
 # Edycja konfiguracji dnsmasq.conf
 incus exec deb1 -- nano /etc/dnsmasq.conf
 echo "Skrypt zakończony."
 #made by mbiast and babcia (siah)
--- a/todo/.better_aproach.txt.swp
+++ b/todo/.better_aproach.txt.swp
--- a/todo/better_aproach.txt
+++ b/todo/better_aproach.txt
@ -1 +0,0 @@
 allign czy konf container from inside /outside side`
--- a/todo/firewall.txt
+++ b/todo/firewall.txt
@ -1 +0,0 @@
 sudo iptables -P FORWARD ACCEPT
--- a/token.txt
+++ b/token.txt
@ -1 +0,0 @@
 da086cb72f6790bee9fc30d03577587f44afbb7f
		`@ -1 +0,0 @@`
			allign czy konf container from inside /outside side`