So I'm trying to build a router. Just need something to handle the networking in my house and the plan is to separate things out via virtual local area networks. Anyway, reading a bunch of threads and comments, I think my design will be something akin to this. Is this good or bad? Ultimately I wanna run OPNSense since that's what most people recommend, but wanna about x86.
Your router and wireless access point seem OK. The switch looks suspicious, there is conflicting information in the description, some parts indicate Managed and some indicate Unmanaged. I caution against that switch specifically.
Do you really want to have a router and an AP? Why not go all-in-one?
Your NanoPi board is great, I used a couple of those and I've nothing against them. About OPNSense why?? Can't you just run OpenWRT, what feature does it miss? People throw OPNSense like a good solution for everyone while in fact they don't even use 1/100 of its features. You're not running a large scale 100+ clients with dozens of APs then OpenWRT is more than enough. To be fair even at that scale OpenWRT would work just fine as well.
For a full open-source hardware and software experience you need a more exotic brand like those. The BananaPi BPi R3 and here is a very good option with a 4 core CPU, 2GB of RAM Wifi6 and two 2.5G SFP ports besides the 4 ethernet ports. There’s also an upcoming board the BPI-R4 with optional Wifi 7 and 10G SPF.
While there are things like OPNsense and pfSense that may make sense in some cases you most likely don't require that. You've a small network and OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT you've the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.
Even of you don't want something Wifi + Router all-in-one, the information above still holds. For instance the Banana Pi BPI-R4 is available on AliExpress for around 130€ and has a LOT more I/O than the NanoPi R6S.
About the switch, forget that crap, for the price of that link you may be able to get a decent TP-Link switch from a local store with that many ports. Like this one with some managed features or this dumb one. At the end of the day I would pick the first one cause it will provide you with good VLAN support.
I originally planned to go for an all in one, but then started finding cool stuff and it made sense to make it so I could swap out bits of the set-up without having to replace the whole thing.
OPNSense versus OpenWRT. I got lead astray! 😂 but seriously, everyone says that eventually everyone ends up running OPNSense anyway.
Regarding the Banana Pi, I was looking at them for ages and someone said to go for the NanoPi over it as the support on the software NanoPi is better.
Regarding the rest of you post, I'm still trying to digest it. Clicking links and reading stuff, but I wanted to thank you. Truly!
Regarding the Banana Pi, I was looking at them for ages and someone said to go for the NanoPi over it as the support on the software NanoPi is better.
I guess it depends. The BananaPi guys work very closely with the OpenWRT people, if you notice they usually provide testing / dev boards to members of the community before releasing things, they commit code to the project and their routers are usually OpenWRT first. There's also an upcoming OpenWRT router from them that has been designed in collaboration with OpenWRT developers.
NanoPi has Armbian which is fine and nice however if you want a router, great OpenWRT compatibility is certainly more important.
everyone says that eventually everyone ends up running OPNSense anyway
I have to disagree with this. That's mostly hype and people who don't know what they're doing, there are good reasons do pick OPNsense at a medium size company with a large and complex deployment but certainly not at a smaller scale. Either way OpenWRT is highly modular and very well documented you can just install whatever you require.
If you have a hypervisor in a home lab, which it turns out OP does not, odds are good your already running a DNS filter/ server, DHCP server, AD domain, etc so the whole network is down anyway during hypervisor restarts if you don’t have HA setup.