For router hardware look at the PC Engines APU2. Sadly they appear to be out of stock until 2022, but they are great low power devices. I ran OpenWrt on mine in the past and currently running Fedora. Can do about 1Gpbs and cost around $200 built.
For managed switches, look at the Aruba Instant-On 1930 series. I've just ordered two of these so I don't have any first hand experience, but the feedback online is generally positive. Do note, these switches can only be managed from HTTPS, but the interface seems clean. From my research the cheaper Tplink and Netgear don't have an isolated management interface, meaning it can be accessed from all vlans. This was a deal breaker for me. I also considered the HP Officeconnect 1820 series switches, but they've been out for a while and I worried their EOL may be coming up shortly.
For Access Points, look at the Aruba Instant-On AP 22. The biggest down fall is the access point uses a cloud controller, requiring an internet connection to manage the device. There is no local management. This is the same exact hardware as the Aruba AP-505 which runs for ~$400. Given Aruba makes solid wireless hardware, the advanced features compared to other units in this price range, and the lower price point, I'm willing to give up local management control. After all, I don't modify my AP that often. My Ubiquity access point has crashed multiple times, the most recent crash appeared to be memory leak. Maybe I'm just unlucky, but this aligns to numerous complaints about firmware quality.
"From my research the cheaper Tplink and Netgear don't have an isolated management interface, meaning it can be accessed from all vlans."
For Netgear you want a T eg GS724T(P) in the model which implies smart switch (web managed). They do have command line managed ones too ie "managed switch".
For home use, decent L1 and 2 is enough - you don't want to do L3 switching in general, unless your house is at the top of the Mall. So, GS724TPv2 and GS110TPv3 get you a 24 or 8 port PoE+ switch with L1 and L2 covered in a web interface with VLANs etc. The newer interface with the PVID section that shows tags and ports n LAGs at a glance is one of the best, regardless of price or status. For the money those switches are quite hard to beat.
It's a smaller footprint, more CPU horsepower, etc., and I like mounting little devices onto DIN rails more than I like trying to rackmount the 7" or 9" APUs ...
I've used one of those in a satellite location and liked it ok, but what I actually ended up getting generally were full 1U replacements for the USG-4/UXG from SuperMicro's 5018D series. I kept an eye on ebay and found a bunch of new 5018D-FN8Ts listed for ~$650 a pop. They've got dedicated IPMI (obviously this needs to be secured), and unlike HP or Dell they include virtual iKVM for free and a full license is only $30. Pricing on the others can easily add +$200 for what should be included functionality even if they've got a spiffier coat of paint, which is significant on a low end server device. The 5018Ds are not fanless, but running they drop down to a load speed that I can't hear over anything else I've got (like a POE switch, all of which except the tiniest models have fans). HP's Proliants in contrast are jet engines all the time even when they're pulling <50W. I'm not running a total silent environment and preferred to make a rack closet instead well away from any living areas, but I don't want loud noise and SMs have been fine. Of course, one can just replace the fans with 40mm Notcuas or the like too if desired. They've got Xeon processors that have a bit more oomph than the Atoms or Celerons and also means ECC memory, since again I really want to be able to rely on gateways to a reasonable degree (this has already identified one bad memory module out of the dozen I had around). I install OPNsense on ZFS on a cheap small decent NVMe drive (PNY CS1030 250GB is around $35) which still means fast boot and no concerns about all the logging or the like I could desire.
I have one single site that is doing much heavier 10G+ routing and usage that I also wanted to mess with more intensive SDN and security with. For that last year I ended up picking the much beefier and much more expensive EPYC Embedded based 5019D-FTN4 and putting a Mellanox card in it. It's also extremely quiet and has been really impressive, but that's stupid overkill right now. Also, EPYC Embedded is currently still based off of Gen1, there was no Zen3 update due to not having low TDP given the way the chiplets were upgraded vs the IO chip. I expect Zen4 next year will see an upgraded Embedded platform that will essentially be a 3 gen leap forward, so at this point not the best time anwyay.
There is no perfect solution IMO. Though probably nothing that'd throw off the typical HNer, OPNsense does have its warts, rough edges and missing bits (no Webauthn so no security keys for login for example). It's based off of a FreeBSD variant (soon to be directly off FreeBSD) with all that comes with that for better or worse. Like, OPNsense does have a user space plugin option for WireGuard (along with ZeroTier and so on), but WG has not yet made it to the FreeBSD kernel which in some situations could be an issue (countered by raw CPU in my case). But it's powerful, well maintained, overall fairly user friendly, has pretty solid documentation and getting started guides, and a nice community with a good mix of developers and some companies behind it. The company Deciso for example does offer a paid business edition and paid support options if it's desired. It does have DNS Blacklist options ala PiHole, stats/telemetry/IDS/IPS via built-in and 3rd party offerings like Sensei, etc. There are plugins for Let's Encrypt, FreeRADIUS and other handy functionality. Someone who is very familiar with Linux might find VyOS more worth looking at but with my background I found OPNsense reasonably pleasant to get into.
The decision tree here does also depend on how much network functionality you want to have into your gateway/routing system vs how much to stick on a separate server elsewhere (maybe virtualized or as a part of a NAS). Gateways can be very minimal or can handle damn near everything on the network. There are straight forward tradeoffs there in terms of failure modes and complexity.
