Hi Brian. Welcome. You're definitely thinking in the right direction. Let me give you a bit more of a integrator's perspective here.
Cabling - First off, it never hurts to centrally home-run as much of the house with wired ethernet as possible. The more of that you can do, the more reliable your connectivity for stationary endpoints and more optimal your placement of wifi. I would do at least one, if not two, wall drops to any room hosting one or more stationary endpoints or access swiches, plus a ceiling drop in any location that a wifi access point or smart fixture might go. If you're thinking of further home automation with physical controls (beyond phone apps), then add to that an ethernet run for those items -- door bell, thermostat, light control, etc. Also, consider a run to any inside or outside corner eve and/or spot that could play host to a security camera, motion sensor and/or outdoor wifi access point. Some of that may seem like overkill, but having a few more runs than are needed beats having to knock out holes, fish wires and patch drywall and trim later on.
Cable Category - At 2,500 square feet, I'd presume no run would push much beyond 100-150 feet, which means quality Cat6 is all you need (commercial-grade, 23AWG solid-core, from the likes of FalconTech.com or a local electrical supplier). Cat6 will do 10Gb up to 180 feet and 100W of PoE to max length, equal to Cat6a in both regards, while being more economical and usually lighter and easier to work with. An additional point on shielded vs unshielded cabling: especially since this is a new build, where you can control the cable routing, it's likely
not worth monkeying with shielded cable (STP or FTP), and instead going with unshielded (UTP). Unless the situation really demands it (almost never), a fully-shielded install tends to be more trouble than it's worth, as it requires
every single physical item in the cable path, plus all connected gear, be properly grounded, no exceptions; in that vein, I've seen the attempt to use shielded cabling just for the sake it often cause more trouble than it prevents. So stick with Cat6 UTP, avoid Chinese whitelabel brands off Amazon and get a quality commercial brand (Berk-Tek, CommScope, General, Vertical, etc.) -- you'll be fine.
Terminations - I would also
heavily recommend investing in quality keystone jacks and an accompanying rapid-connect tool, ideally one that guides all pairs into a color-coded insert, then punches down and cleaves the conductors all in one motion, to ensure proper terminations every time. I personally prefer
Belden REVConnect, but there are several equivalents out there from the likes of Leviton, Ortronics, ICC, etc. Just get one of them and stick with it. Bad terminations are the single most common failure point during installs, especially at Cat6 and higher spec. Pay the extra money for the good keystones, and for a system like REVConnect (FalconTech has great pricing). TRUST ME, you'll thank me later.
Gear Strategy - With all that understood, now to get on to hooking up and picking gear. With Cat6 cabling routed, you'd home-run them all back to a rack location (as you were thinking), where you'd terminate them into a keystone patch panel (or two), then patch those ports into a PoE switch (managed, if doing VLAN-capable wifi), then finally shelve and patch in the ISP gateway and any central LAN items (NAS, etc). From there, you'd essentially have two options for routing and wifi: 1) a consumer all-in-one router or mesh product (wired into a dedicated port(s) upstairs, locally plug-powered), or 2) an SMB-grade wired router (in the rack) and one or more controller-based, PoE-powered wifi APs upstairs. The consumer gear may work well enough as an "easy button" solution, especially if you don't need fancy network segmentation or any gateway services to run at line-rate (VPN, etc.). On the other hand, the SMB-grade stack will usually be more robust/reliable, more easily upgradeable, have a higher performance ceiling, give you PoE-powered wifi and offer big-boy network control such as VLANs (for proper segmentation, ie. Private, Guest, IoT, etc) and more granular firewall control.
Summing up, I'm usually apt to recommend the discrete components route, as I do a lot of setups where the stuff just needs to be set-and-forget, and I personally don't like dealing with flaky gear (the bulk of which is consumer stuff), but I do understand the want to K.I.S.S., and in that vein, some consumer gear here or there is not the worst thing in the world, especially if it's vetted well enough (example: most Asus models running
Merlin for stability, or Eero/Eero Pro). Whatever route you choose, I would at least heed my suggestions on cabling and terminations, and get a good quality PoE switch (Cisco CBS, HPE, etc.). Beyond that, I can get into more suggestions on SMB-grade components (routers, switches, wifi APs, etc.) if you think you want to go that direction.
I hope that helps paint the picture for you. Any questions, feel free.