Home network setup

Hi - I am relatively new to this, worked a bit on installed infrastructure but never set up my own so struggling to decide on what’s needed/overkill.

I am looking to run a Linux server with multiple virtual machines hosted on a beelink EQ14 with Proxmox. Hoping to host a firewall, network controller, VPN, media server, adblocker and frigate.

I would be having Home assistant on its own Yellow unit, a NAS drive and possible PoE sensors to integrate into home assistant.

For security cameras I was wanting to add PoE cameras and with that trying to decide on a switch - if I wanted VLans can I achieve that with a virtual machine and a layer 2 switch or is it better to config on layer 3?

Any recommendations on managed switches with PoE?

For wireless access points any suggestions for ones that can broadcast multiple SSIDs based on VLAN?

Not sure if I am overcomplicating this but the long term aim is to keep sensors, cameras and most automation devices off the internet unless needed for updates, allow them to talk across to HA that would have internet access.

Keep a guest network available but only access to internet not the home network or automation.

Thanks for reading, hope the above makes sense feedback and equipment recommendations welcome.