paigeadelethompson · April 19, 2025 19:09 · Apr 19, 2025
diff --git a/rc.conf b/rc.conf
@@ -0,0 +1,121 @@
+chronyd_enable=YES
+dnsmasq_enable=YES 
+sshd_enable=YES
+hostname=stelleri.netcrave.network 
+powerd_enable=YES
+moused_nondefault_enable=NO
+dumpdev=NO
+zfs_enable=YES
+gateway_enable=YES
+ipv6_gateway_enable=YES
+lldpd_enable=YES 
+linux_enable=YES
+pf_enable=YES
+nfs_server_enable=YES
+nfsv4_server_enable=YES
+nfsuserd_enable=YES
+rpcbind_enable=YES
+mountd_enable=YES
+mountd_flags=-r
+vm_enable=YES
+vm_dir=zfs:storage/vm
+
+# LAN
+ifconfig_ix1="inet 192.168.1.128/24 fib 0"
+ifconfig_ix1_ipv6="inet6 fcff::192:168:1:128/64 fib 0"
+
+# Docker swarm 
+ifconfig_igb0="inet 198.18.2.1/23 fib 8"
+ifconfig_igb0_ipv6="inet6 fcff:8::198:18:2:1/64 fib 8"
+
+# Home servers 
+ifconfig_igb1="inet 192.168.65.128/25 fib 10"
+ifconfig_igb1_ipv6="inet6 fcff:10::192:168:65:128/64 fib 10"
+
+# Docker swarm servers VGW                                        
+ifconfig_epair0a="192.0.0.0/31 fib 0 up"
+ifconfig_epair0a_ipv6="inet6 fcff:ffff:8::a/64 fib 0 up"
+ifconfig_epair0b="192.0.0.1/31 fib 8 up"
+ifconfig_epair0b_ipv6="inet6 fcff:ffff:8::b/64 fib 8 up"
+
+# Home servers VGW
+ifconfig_epair1a="192.0.0.2/31 fib 0 up" 
+ifconfig_epair1a_ipv6="inet6 fcff:ffff:10::a/64 fib 0 up"
+ifconfig_epair1b="192.0.0.3/31 fib 10 up"
+ifconfig_epair1b_ipv6="inet6 fcff:ffff:10::b/64 fib 10 up"
+
+# Tailscale VGW
+ifconfig_epair2a="192.0.0.4/31 fib 0 up" 
+ifconfig_epair2a_ipv6="inet6 fcff:ffff:12::a/64 fib 0 up"
+ifconfig_epair2b="192.0.0.5/31 fib 12 up"
+ifconfig_epair2b_ipv6="inet6 fcff:ffff:12::b/64 fib 12 up"
+
+# VM interfaces (FIB assignment)
+ifconfig_tap0="fib 8 up"  # SWARM1
+ifconfig_tap1="fib 8 up"  # SWARM2
+ifconfig_tap2="fib 8 up"  # SWARM3
+ifconfig_tap3="fib 10 up" # HOME1
+ifconfig_tap4="fib 12 up" # TAILSCALE1
+
+# Docker swarm virtual switch 
+ifconfig_bridge0="198.18.0.1/23 fib 8 up"
+ifconfig_bridge0_ipv6="inet6 fcff:8::198:18:0:1/64 fib 8 up"
+ifconfig_bridge0_aliases="inet 169.254.169.254/16 alias addm igb0 addm tap0 addm tap1 addm tap2"
+
+# Home servers virtual switch
+ifconfig_bridge1="192.168.64.129/25 fib 10 up"
+ifconfig_bridge1_ipv6="inet6 fcff:10::192:168:64:129/64 fib 10 up"
+ifconfig_bridge1_aliases="inet 169.254.169.254/16 alias addm igb1 addm tap3"
+
+# Tailscale virtual switch
+ifconfig_bridge2="192.0.2.1/30 fib 12 up"
+ifconfig_bridge2_ipv6="inet6 fcff:12::192:0:2:1/64 fib 12 up"
+ifconfig_bridge2_aliases="inet 169.254.169.254/16 alias addm tap4"
+
+# This must list all interface variables for interfaces that don't exist yet
+cloned_interfaces="bridge0 bridge1 bridge2 epair0 epair1 epair2 \
+                   tap0 tap1 tap2 tap3 tap4"
+
+# Core routes (FIB 0)
+route_fib0_swarm="-fib 0 -net 198.18.0.0/23 192.0.0.1"            # 198.18.0.0 - 198.18.1.255
+ipv6_route_fib0_swarm="-fib 0 -6 fcff:8::/48 fcff:ffff:8::b"
+route_fib0_home="-fib 0 -net 192.168.64.128/24 192.0.0.3"         # My 192.168.64.0/20 (2nd /25 of 1st /24 of /20)
+ipv6_route_fib0_home="-fib 0 -6 fcff:10::/48 fcff:ffff:10::b"
+route_fib0_ts="-fib 0 -net 192.0.2.0/30 192.0.0.5"                # Tailcale VRF
+ipv6_route_fib0_ts="-fib 0 -6 fcff:12::/48 fcff:ffff:12::b"
+route_fib0_egr_ts="-fib 0 -net 100.64.0.0/10 192.0.0.5"           # Tailscale uses 100.64.0.0/10
+ipv6_route_fib0_egr_ts="-fib 0 -6 fd7a:115c::/32 fcff:ffff:12::b"
+
+# Default egress (For all FIBs)
+route_fib0_default="-fib 0 default 192.168.1.1"
+route_fib8_default="-fib 8 default 192.0.0.0"
+ipv6_route_fib8_default="-fib 8 -6 fcff::/7 fcff:ffff:8::a"
+route_fib10_default="-fib 10 default 192.0.0.2"
+ipv6_route_fib10_default="-fib 10 -6 fcff::/7 fcff:ffff:10::a"
+route_fib12_default="-fib 12 default 192.0.0.4"
+ipv6_route_fib12_default="-fib 12 -6 fcff::/7 fcff:ffff:12::a"
+
+
+# Egress to Tailscale (FIB 12)
+route_fib12_egr_ts="-fib 12 -net 100.64.0.0/10 192.0.2.2"
+ipv6_fib12_egr_ts="-fib 12 -6 fd7a:115c::/32 fcff:12::192:0:2:2"
+
+# Null routes (All FIBs)
+route_fib8_null_fib0="-fib 8 -net 192.168.0.0/16 -reject"   # Swarm to UDM & Home (and anything else)
+ipv6_route_fib8_null_fib0="-fib 8 -6 fcff::/48 -reject"
+route_fib10_null_fib8="-fib 10 -net 198.18.0.0/15 -reject"  # Home servers to Swarm
+ipv6_route_fib10_null_fib8="-fib 10 -6 fcff:8::/48 -reject"
+route_fib12_null_fib0="-fib 12 -net 192.168.0.0/20 -reject" # 192.168.0.0/20 UDM Networks(LAN/WiFi/etc)
+ipv6_route_fib12_null_fib0="-fib 12 -6 fcff::/48 -reject"
+route_fib0_null_vgw="-fib 0 -net 192.0.0.0/24 -reject"      # Prevent forwarding for VGW addresses
+ipv6_route_fib0_null_vgw="-fib 0 -6 fcff:ffff::/32 -reject"
+route_fib0_null_ll="-fib 0 -net 169.254.0.0/16 -reject"     # Prevent forwarding for link-local
+
+# This must list all route variables        
+static_routes="fib0_swarm fib0_home fib0_ts fib0_egr_ts fib0_default fib8_default \
+               fib10_default fib12_default fib12_egr_ts fib8_null_fib0            \
+               fib10_null_fib8 fib12_null_fib0"
+
+ipv6_static_routes="fib0_swarm fib0_home fib0_ts fib0_egr_ts fib8_default   \
+                    fib10_default fib12_default fib12_egr_ts fib8_null_fib0 \
+                    fib10_null_fib8 fib12_null_fib0"