Recommendations for pfSense firewall/router, managed switch, and WAPs

[Ha-Satan]

So right now I am (still) currently running my network off of a Netgear AC1750 combo router, which is also the only wireless access point I have in my house. I would like to replace it with a setup involving a pfsense firewall/router, at least one managed switch, and several dedicated WAPs.

 

The reasons I want to switch include:

 

-The AC1750 is no longer supported by Netgear

-I would like to use multiple VLANs and other higher-end network management features that are not typically available in consumer combo routers

-The AC1750 does not really have enough range to cover my whole house.

 

Here's a diagram of how my network stands currently:

 

 

And here is the way I am imagining the network will be set up in the future:

 

 

 

So, I want to be able to set up 2 VLANs (at first). All wired hosts and some wireless hosts will be in VLAN 1, and wireless IoT devices as well as some other wireless devices will be in VLAN 2. So I need to be able to pass through the VLANs to both of the WAPs, hence the need to have a managed switch in the entertainment room as I am presuming that an unmanaged switch will not be able to do this.

 

I am presuming that if I set the ports on the router that are connected to an unmanaged switch to be in VLAN 1, then all wired devices plugged into that unmanaged switch will also be in VLAN 1, right?

 

Here are a few final things I'm looking for:

 

-I had originally considered using a desktop PC as a DIY router, but I ultimately decided against it because of space issues, so instead I am looking for a small router appliance (i.e. from Netgate) or mini-PC that can run pfSense. I would need it to have at least 4 ethernet ports, or if necessary get a router with only 2 ports + another managed switch (if that will be cheaper).

 

-I want it to have Intel NIC(s)

 

-I'd love to have everything support at least 2.5G ethernet but 1 gig is fine if it will be much cheaper.

 

-for the WAPs, Wifi 6 is good enough

 

-I don't need PoE for the WAPs

 

-I would really like everything to be able to be set up locally without relying on an app or a third-party service, though I understand that this might be a tall order when it comes to the access points. I know that Ubiquiti allows you to use their configuration app to set up devices and then delete it, but I'm concerned about what might happen if I need to re-configure things in the future and Ubiquiti (or whoever) has dropped support for that device in the app. So I'd really love it if everything could be FOSS and local only, though I understand if this isn't possible.

 

-Budget is...well it would be awesome if I could do this for $500 (USD) but I'm willing to spend a few hundred more than that if it will be a big improvement. That budget includes the firewall appliance, the managed switch(es), and the two WAPs.

 

Any suggestions? Let me know if I'm being a dumbdumb here.