I know that there is a WIP for a future article about router platforms, but from the little I've read on the Github issue page and a few videos I've watched I decided to make this plan right here:
Put my ISP router in AP only mode, connect it to a Protectli Vault as my firewall, get a managed switch that supports vland (still haven't found a good one, if anyone can recommend one I'd appreciate it) and have a Turris Omnia as my wireless access point.
Is this a good secure network setup? (also once again, recs for a switch would be appreciated)
if the firewall can be updated regularly then sure.
Mikrotik makes perfectly acceptable switches at a reasonable price with a variety of features, vlan compat is pretty common. A MikroTik CSS610-8P-2S+in will give you 2 10 Gb sfp , 8 x 1Gbe with PoE+ and vlans for under 300 bucks.
I'm not OP but that 'tik is almost perfect for me, going along with the RB5009 I already have. Is there something similar that can run RouterOS I wonder?
There definately is something. They have a ton of products. I'd have to look through my list as well. The CSS runs switchos lite, but honestly its fine. I can do CLI configs (brocade, cisco, cisco smb etc) but its whatever.
At my parents house i have been using a Mikrotik RB260GSP since about 2016 on their net. It also runs swos and im not doing anything crazy on it (in fact i never bothered with VLAN's there though i probably should setup a guest vlan. But its been fine for years now.