I've looked at UniFi (Cloud Key, Security Gateway, PoE Switch, nano AP = ~$700), UniFi Dream Machine [0] ($300), and AmpliFi Alien [1] ($380).
I'm leaning towards the full UniFi setup so I can extend it in the future. The UDM is neat but if you want more coverage you have to buy another $300 node. The Alien is cool as well and the only Ubiquiti product with WiFi 6 however going down to the AmpliFi line loses a number of things I want (vlans, extendable, etc).
All that said I've heard some concerning things about UniFi recently so I'm wondering if someone has a better suggestion. I'm looking for minimal maintenance work but the power to be there if I need it (multiple vlans to hide IoTs from rest of network, block internet access by MAC, some minor QoS, support gigabit WAN all full speeds, etc). I'll also admit that some of this will be for fun and to play with some more powerful networking equipment.
For reference I currently have this [2] router running OpenWRT but I am unable to hit my full gigabit WAN speeds (I can if I'm plugged directly into the modem) which is part of my reason I want to upgrade (along with iffy wifi in places).
[0] https://store.ui.com/products/unifi-dream-machine
[1] https://amplifi.com/alien
[2] https://smile.amazon.com/gp/product/B00UVN21DK
I've been looking into replacing my router with something that can host a VPN that I can connect to on the go. I don't think the ER-X can fully utilize my broadband with L2TP/IPsec or OpenVPN so I'm looking for something that can run Wireguard.
Right now I'm eyeing a PC Engine APU2 [0] running OpenWRT. I think it's powerful enough to meet my needs and would also function as a pi-hole. This setup will require more setup than the ER-X but it also is more customizable.
My UniFi APs are upstairs and downstairs. Since my place isn't wired I am using some MoCA devices [1] over coax to get everything connected.
The hard part is wireless, and the answer will depend on a few factors:
1) Are you able to run Ethernet to each AP?
2) If not, are you able to use powerline adapters to bring network access to the APs (and get decent speeds there, test that with iperf3 - you usually get 1/4 of the advertised speed on powerline adapters)?
3) If not, is there good enough wireless performance between every place you're going to have an AP if you were to go with a mesh-based system? Mesh will only work if you can get wireless to the APs in the first place and a lot of consumer-grade mesh-based system completely overlook that fact in their marketing.
For 1) Unifi is good enough, otherwise check out other enterprise-grade wireless access point systems. Don't bother with consumer-grade stuff, it's all garbage for the most part. It's up to you if you want to use a Unifi Security Gateway as your main router as well, but it's not required if you just want the APs.
For 2), find good powerline adapters, test them with iperf3, and if good enough then connect enterprise-grade APs to them. Alternatively, if you want an all-in-one unit (powerline adapter with AP) I can personally recommend the Devolo DLAN 1200 WiFi AC, with real-world Wi-Fi performance of around 150Mbps in an interference-heavy area. This might not be much but it's absolutely consistent and latency is always low so it's more than enough for mobile devices IMO. Put one of those in every room. One caveat: you WILL need to build & install OpenWrt on them as the default firmware is garbage and doesn't support 802.11k nor Fast Transition, which is the difference between devices roaming seamlessly and not roaming at all. This is also why enterprise-grade Wi-Fi systems are key and consumer-grade is a waste of time.
For 3) I would personally look into solving 1 or 2 first. Mesh systems seem like a huge hack; wireless spectrum is precious and should be used for AP to mobile device communication, using it for backhaul seems extremely wasteful. It might work in a no-interference area but in a crowded apartment block there might not be enough unused spectrum to make it work, and you'll get inconsistent performance with random moments of packet loss, etc which is much more disruptive than slow but otherwise consistent performance (I'll take 10Mbps with zero packet loss over 100Mbps that craps out randomly at unpredictable times).
Finally, one key piece of advice: measure. Wi-Fi and networking is not some magic spirit-based system that acts on its own, it works according to a specification and mostly common sense. If it doesn't work there's a reason. Measure wired connectivity to the APs (a good tool for that is iperf3), then measure the wireless interference around you (put your laptop's Wi-Fi interface in monitor mode, capture some traffic, you can use airodump-ng to hop between channels and create a CSV of all the APs nearby so you can select the best channel for each zone), etc. The reason enterprise Wi-Fi usually works well despite dozens of devices around is because people who install them do what I just said, while consumers just buy a 500$ set of magic boxes at their local store (recommended by the low-wage employee who just needs to sell them) and expect it to work.