paigeadelethompson · April 19, 2025 19:09
diff --git a/rc.conf b/rc.conf
 chronyd_enable=YES
 dnsmasq_enable=YES 
 sshd_enable=YES
 hostname=stelleri.netcrave.network 
 powerd_enable=YES
 moused_nondefault_enable=NO
 dumpdev=NO
 zfs_enable=YES
 gateway_enable=YES
 ipv6_gateway_enable=YES
 lldpd_enable=YES 
 linux_enable=YES
 pf_enable=YES
 nfs_server_enable=YES
 nfsv4_server_enable=YES
 nfsuserd_enable=YES
 rpcbind_enable=YES
 mountd_enable=YES
 mountd_flags=-r
 vm_enable=YES
 vm_dir=zfs:storage/vm

 # LAN
 ifconfig_ix1="inet 192.168.1.128/24 fib 0"
 ifconfig_ix1_ipv6="inet6 fcff::192:168:1:128/64 fib 0"

 # Docker swarm 
 ifconfig_igb0="inet 198.18.2.1/23 fib 8"
 ifconfig_igb0_ipv6="inet6 fcff:8::198:18:2:1/64 fib 8"

 # Home servers 
 ifconfig_igb1="inet 192.168.65.128/25 fib 10"
 ifconfig_igb1_ipv6="inet6 fcff:10::192:168:65:128/64 fib 10"

 # Docker swarm servers VGW                                        
 ifconfig_epair0a="192.0.0.0/31 fib 0 up"
 ifconfig_epair0a_ipv6="inet6 fcff:ffff:8::a/64 fib 0 up"
 ifconfig_epair0b="192.0.0.1/31 fib 8 up"
 ifconfig_epair0b_ipv6="inet6 fcff:ffff:8::b/64 fib 8 up"

 # Home servers VGW
 ifconfig_epair1a="192.0.0.2/31 fib 0 up" 
 ifconfig_epair1a_ipv6="inet6 fcff:ffff:10::a/64 fib 0 up"
 ifconfig_epair1b="192.0.0.3/31 fib 10 up"
 ifconfig_epair1b_ipv6="inet6 fcff:ffff:10::b/64 fib 10 up"

 # Tailscale VGW
 ifconfig_epair2a="192.0.0.4/31 fib 0 up" 
 ifconfig_epair2a_ipv6="inet6 fcff:ffff:12::a/64 fib 0 up"
 ifconfig_epair2b="192.0.0.5/31 fib 12 up"
 ifconfig_epair2b_ipv6="inet6 fcff:ffff:12::b/64 fib 12 up"

 # VM interfaces (FIB assignment)
 ifconfig_tap0="fib 8 up"  # SWARM1
 ifconfig_tap1="fib 8 up"  # SWARM2
 ifconfig_tap2="fib 8 up"  # SWARM3
 ifconfig_tap3="fib 10 up" # HOME1
 ifconfig_tap4="fib 12 up" # TAILSCALE1

 # Docker swarm virtual switch 
 ifconfig_bridge0="198.18.0.1/23 fib 8 up"
 ifconfig_bridge0_ipv6="inet6 fcff:8::198:18:0:1/64 fib 8 up"
 ifconfig_bridge0_aliases="inet 169.254.169.254/16 alias addm igb0 addm tap0 addm tap1 addm tap2"

 # Home servers virtual switch
 ifconfig_bridge1="192.168.64.129/25 fib 10 up"
 ifconfig_bridge1_ipv6="inet6 fcff:10::192:168:64:129/64 fib 10 up"
 ifconfig_bridge1_aliases="inet 169.254.169.254/16 alias addm igb1 addm tap3"

 # Tailscale virtual switch
 ifconfig_bridge2="192.0.2.1/30 fib 12 up"
 ifconfig_bridge2_ipv6="inet6 fcff:12::192:0:2:1/64 fib 12 up"
 ifconfig_bridge2_aliases="inet 169.254.169.254/16 alias addm tap4"

 # This must list all interface variables for interfaces that don't exist yet
 cloned_interfaces="bridge0 bridge1 bridge2 epair0 epair1 epair2 \
                   tap0 tap1 tap2 tap3 tap4"

 # Core routes (FIB 0)
 route_fib0_swarm="-fib 0 -net 198.18.0.0/23 192.0.0.1"            # 198.18.0.0 - 198.18.1.255
 ipv6_route_fib0_swarm="-fib 0 -6 fcff:8::/48 fcff:ffff:8::b"
 route_fib0_home="-fib 0 -net 192.168.64.128/24 192.0.0.3"         # My 192.168.64.0/20 (2nd /25 of 1st /24 of /20)
 ipv6_route_fib0_home="-fib 0 -6 fcff:10::/48 fcff:ffff:10::b"
 route_fib0_ts="-fib 0 -net 192.0.2.0/30 192.0.0.5"                # Tailcale VRF
 ipv6_route_fib0_ts="-fib 0 -6 fcff:12::/48 fcff:ffff:12::b"
 route_fib0_egr_ts="-fib 0 -net 100.64.0.0/10 192.0.0.5"           # Tailscale uses 100.64.0.0/10
 ipv6_route_fib0_egr_ts="-fib 0 -6 fd7a:115c::/32 fcff:ffff:12::b"

 # Default egress (For all FIBs)
 route_fib0_default="-fib 0 default 192.168.1.1"
 route_fib8_default="-fib 8 default 192.0.0.0"
 ipv6_route_fib8_default="-fib 8 -6 fcff::/7 fcff:ffff:8::a"
 route_fib10_default="-fib 10 default 192.0.0.2"
 ipv6_route_fib10_default="-fib 10 -6 fcff::/7 fcff:ffff:10::a"
 route_fib12_default="-fib 12 default 192.0.0.4"
 ipv6_route_fib12_default="-fib 12 -6 fcff::/7 fcff:ffff:12::a"


 # Egress to Tailscale (FIB 12)
 route_fib12_egr_ts="-fib 12 -net 100.64.0.0/10 192.0.2.2"
 ipv6_fib12_egr_ts="-fib 12 -6 fd7a:115c::/32 fcff:12::192:0:2:2"

 # Null routes (All FIBs)
 route_fib8_null_fib0="-fib 8 -net 192.168.0.0/16 -reject"   # Swarm to UDM & Home (and anything else)
 ipv6_route_fib8_null_fib0="-fib 8 -6 fcff::/48 -reject"
 route_fib10_null_fib8="-fib 10 -net 198.18.0.0/15 -reject"  # Home servers to Swarm
 ipv6_route_fib10_null_fib8="-fib 10 -6 fcff:8::/48 -reject"
 route_fib12_null_fib0="-fib 12 -net 192.168.0.0/20 -reject" # 192.168.0.0/20 UDM Networks(LAN/WiFi/etc)
 ipv6_route_fib12_null_fib0="-fib 12 -6 fcff::/48 -reject"
 route_fib0_null_vgw="-fib 0 -net 192.0.0.0/24 -reject"      # Prevent forwarding for VGW addresses
 ipv6_route_fib0_null_vgw="-fib 0 -6 fcff:ffff::/32 -reject"
 route_fib0_null_ll="-fib 0 -net 169.254.0.0/16 -reject"     # Prevent forwarding for link-local

 # This must list all route variables        
 static_routes="fib0_swarm fib0_home fib0_ts fib0_egr_ts fib0_default fib8_default \
               fib10_default fib12_default fib12_egr_ts fib8_null_fib0            \
               fib10_null_fib8 fib12_null_fib0"

 ipv6_static_routes="fib0_swarm fib0_home fib0_ts fib0_egr_ts fib8_default   \
                    fib10_default fib12_default fib12_egr_ts fib8_null_fib0 \
                    fib10_null_fib8 fib12_null_fib0"
	chronyd_enable=YES
	dnsmasq_enable=YES
	sshd_enable=YES
	hostname=stelleri.netcrave.network
	powerd_enable=YES
	moused_nondefault_enable=NO
	dumpdev=NO
	zfs_enable=YES
	gateway_enable=YES
	ipv6_gateway_enable=YES
	lldpd_enable=YES
	linux_enable=YES
	pf_enable=YES
	nfs_server_enable=YES
	nfsv4_server_enable=YES
	nfsuserd_enable=YES
	rpcbind_enable=YES
	mountd_enable=YES
	mountd_flags=-r
	vm_enable=YES
	vm_dir=zfs:storage/vm

	# LAN
	ifconfig_ix1="inet 192.168.1.128/24 fib 0"
	ifconfig_ix1_ipv6="inet6 fcff::192:168:1:128/64 fib 0"

	# Docker swarm
	ifconfig_igb0="inet 198.18.2.1/23 fib 8"
	ifconfig_igb0_ipv6="inet6 fcff:8::198:18:2:1/64 fib 8"

	# Home servers
	ifconfig_igb1="inet 192.168.65.128/25 fib 10"
	ifconfig_igb1_ipv6="inet6 fcff:10::192:168:65:128/64 fib 10"

	# Docker swarm servers VGW
	ifconfig_epair0a="192.0.0.0/31 fib 0 up"
	ifconfig_epair0a_ipv6="inet6 fcff:ffff:8::a/64 fib 0 up"
	ifconfig_epair0b="192.0.0.1/31 fib 8 up"
	ifconfig_epair0b_ipv6="inet6 fcff:ffff:8::b/64 fib 8 up"

	# Home servers VGW
	ifconfig_epair1a="192.0.0.2/31 fib 0 up"
	ifconfig_epair1a_ipv6="inet6 fcff:ffff:10::a/64 fib 0 up"
	ifconfig_epair1b="192.0.0.3/31 fib 10 up"
	ifconfig_epair1b_ipv6="inet6 fcff:ffff:10::b/64 fib 10 up"

	# Tailscale VGW
	ifconfig_epair2a="192.0.0.4/31 fib 0 up"
	ifconfig_epair2a_ipv6="inet6 fcff:ffff:12::a/64 fib 0 up"
	ifconfig_epair2b="192.0.0.5/31 fib 12 up"
	ifconfig_epair2b_ipv6="inet6 fcff:ffff:12::b/64 fib 12 up"

	# VM interfaces (FIB assignment)
	ifconfig_tap0="fib 8 up" # SWARM1
	ifconfig_tap1="fib 8 up" # SWARM2
	ifconfig_tap2="fib 8 up" # SWARM3
	ifconfig_tap3="fib 10 up" # HOME1
	ifconfig_tap4="fib 12 up" # TAILSCALE1

	# Docker swarm virtual switch
	ifconfig_bridge0="198.18.0.1/23 fib 8 up"
	ifconfig_bridge0_ipv6="inet6 fcff:8::198:18:0:1/64 fib 8 up"
	ifconfig_bridge0_aliases="inet 169.254.169.254/16 alias addm igb0 addm tap0 addm tap1 addm tap2"

	# Home servers virtual switch
	ifconfig_bridge1="192.168.64.129/25 fib 10 up"
	ifconfig_bridge1_ipv6="inet6 fcff:10::192:168:64:129/64 fib 10 up"
	ifconfig_bridge1_aliases="inet 169.254.169.254/16 alias addm igb1 addm tap3"

	# Tailscale virtual switch
	ifconfig_bridge2="192.0.2.1/30 fib 12 up"
	ifconfig_bridge2_ipv6="inet6 fcff:12::192:0:2:1/64 fib 12 up"
	ifconfig_bridge2_aliases="inet 169.254.169.254/16 alias addm tap4"

	# This must list all interface variables for interfaces that don't exist yet
	cloned_interfaces="bridge0 bridge1 bridge2 epair0 epair1 epair2 \
	tap0 tap1 tap2 tap3 tap4"

	# Core routes (FIB 0)
	route_fib0_swarm="-fib 0 -net 198.18.0.0/23 192.0.0.1" # 198.18.0.0 - 198.18.1.255
	ipv6_route_fib0_swarm="-fib 0 -6 fcff:8::/48 fcff:ffff:8::b"
	route_fib0_home="-fib 0 -net 192.168.64.128/24 192.0.0.3" # My 192.168.64.0/20 (2nd /25 of 1st /24 of /20)
	ipv6_route_fib0_home="-fib 0 -6 fcff:10::/48 fcff:ffff:10::b"
	route_fib0_ts="-fib 0 -net 192.0.2.0/30 192.0.0.5" # Tailcale VRF
	ipv6_route_fib0_ts="-fib 0 -6 fcff:12::/48 fcff:ffff:12::b"
	route_fib0_egr_ts="-fib 0 -net 100.64.0.0/10 192.0.0.5" # Tailscale uses 100.64.0.0/10
	ipv6_route_fib0_egr_ts="-fib 0 -6 fd7a:115c::/32 fcff:ffff:12::b"

	# Default egress (For all FIBs)
	route_fib0_default="-fib 0 default 192.168.1.1"
	route_fib8_default="-fib 8 default 192.0.0.0"
	ipv6_route_fib8_default="-fib 8 -6 fcff::/7 fcff:ffff:8::a"
	route_fib10_default="-fib 10 default 192.0.0.2"
	ipv6_route_fib10_default="-fib 10 -6 fcff::/7 fcff:ffff:10::a"
	route_fib12_default="-fib 12 default 192.0.0.4"
	ipv6_route_fib12_default="-fib 12 -6 fcff::/7 fcff:ffff:12::a"


	# Egress to Tailscale (FIB 12)
	route_fib12_egr_ts="-fib 12 -net 100.64.0.0/10 192.0.2.2"
	ipv6_fib12_egr_ts="-fib 12 -6 fd7a:115c::/32 fcff:12::192:0:2:2"

	# Null routes (All FIBs)
	route_fib8_null_fib0="-fib 8 -net 192.168.0.0/16 -reject" # Swarm to UDM & Home (and anything else)
	ipv6_route_fib8_null_fib0="-fib 8 -6 fcff::/48 -reject"
	route_fib10_null_fib8="-fib 10 -net 198.18.0.0/15 -reject" # Home servers to Swarm
	ipv6_route_fib10_null_fib8="-fib 10 -6 fcff:8::/48 -reject"
	route_fib12_null_fib0="-fib 12 -net 192.168.0.0/20 -reject" # 192.168.0.0/20 UDM Networks(LAN/WiFi/etc)
	ipv6_route_fib12_null_fib0="-fib 12 -6 fcff::/48 -reject"
	route_fib0_null_vgw="-fib 0 -net 192.0.0.0/24 -reject" # Prevent forwarding for VGW addresses
	ipv6_route_fib0_null_vgw="-fib 0 -6 fcff:ffff::/32 -reject"
	route_fib0_null_ll="-fib 0 -net 169.254.0.0/16 -reject" # Prevent forwarding for link-local

	# This must list all route variables
	static_routes="fib0_swarm fib0_home fib0_ts fib0_egr_ts fib0_default fib8_default \
	fib10_default fib12_default fib12_egr_ts fib8_null_fib0 \
	fib10_null_fib8 fib12_null_fib0"

	ipv6_static_routes="fib0_swarm fib0_home fib0_ts fib0_egr_ts fib8_default \
	fib10_default fib12_default fib12_egr_ts fib8_null_fib0 \
	fib10_null_fib8 fib12_null_fib0"