Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
Isp for firewalls might not be better than you. Get something dedicated.
Ubiquiti or pfsense is a good start.
You over estimate my competence. I do intend to leave my ISP firewall up and intact, but I could build layers behind it.
I run everything on a minipc (beelink eq12), which I intend to age into a network box (router, dns, firewall) when I outgrow it as a server. It’ll be a couple years and few more users yet though.