If you have a Managed Switch with VLAN capabilities, then your new proposed idea and layout make sense.
Your current setup kind of looks like it's double NAT. Which is not great. You want the Protectli router to be the first device after the Arris Surfboard modem. Have the modem be in only modem/bridge mode. We do not want to use the Arris as a router.
The most important part of a Frigate NVR is the Coral Edge TPU. As long as you can secure one, you'll be set. The USB version is easiest to use, since it doesn't require installing drivers and most PCs will have a USB 3 port.
All the processors are good enough for a small NAS and NVR.
I wouldn't buy a PC without SATA ports or an expansion slot. If you go the mini-pc route, where would your store your HDDs? An expansion slot would let you one day add an HBA card for more SATA connections. By default, it looks like all those motherboards have limited SATA connections. The 7080 Tower says it has 4 SATA connections, but only 1 of them looks like its the full speed SATA3.
You probably want to run all of that on bare metal in containers with Docker or Kubernetes.
Containers let you easily share resources between them, because they all share the same kernel. VMs are harder to share hardware resources with, as you're finding out.
I was not sure if I should run a LXC container for each docker, or have a single LXC with everything (exception xrdp / XFCE). I don't know what would be good practices..
LXC is a container. I don't think you would want to run Docker inside LXC. That's running a container inside a container. I'm a noob though.
Normally, you run one app per container, or one set of apps per container if they are closely related. You could run all the Plex suite apps inside a single LXC container and Windows alongside it in Proxmox. Or you could run each app inside their own LXC container.
Alternatively, you could run them all in individual Docker containers on bare metal Ubuntu, but not have the ability to install Windows or other OSes.
I use TrueNAS (ZFS) over Unraid because I wanted maximum data reliability. I needed a system with high integrity that I could deploy on multiple computers for backups. Unraid takes less planning and is more forgiving on hardware selection though.
TrueNAS, Unraid, and Synology DSM are all software RAID solutions.
OpnSense is the way to go. It has a good web UI. It's robust, featureful, and has wide and growing deployment.
Pfsense is mired in controversy, they attacked their peers, and the owners are not honest. The open source Opnsense project had to appeal to the WIPO to force Pfsense to give them their named domain after Pfsense squatted on it and posted inflammatory messages. They aren't great stewards.
Windows is okay to start. There's nothing wrong with putting Plex on there, sharing some folders, and having a little server.
You can get more performance and more features for running Linux though. It's more reliable and you can get more help, because that's the tool people use. There is a learning curve though.
For a storage server, Linux works well as a NAS (Network Attached Storage). It supports SMB, which is the protocol Windows uses to share files. A Linux server will be able to share files with a Windows PC.
Also if I switch to an open port through my router and send the containerized plex port through it, would that be any risk for my home network?
Not when done properly. Billions of servers open ports. There are 16 million Plex users.
Think about this, have you ever considered the possibility your router by Linksys, NETGEAR and D-Link is easy to hack and has been hacked?
There is a risk involved with any software and network. Plex is a popular app with lots of resources and development behind it though. A VPN like Tailscale can add another layer of security, but its not a requirement to run a secure server.
If they're Cat5/6 cables, in the U.S., they're low voltage and don't need a licensed electrician.
You're supposed to support the cables by attaching them to the surface. You're not supposed to leave them dangling or lying. They don't require a conduit though. If you get quality outdoor Cat6 cables, they're probably well protected in a dry covered chimney.
Its more than enough computer performance for those tasks. If it comes with a case, memory, storage, etc. It's not a bad price. It has an Intel integrated GPU with QuickSync Video which is good for Jellyfin hardware accelerated transcoding.
Put a smaller box/table/shelf underneath the black table. Now you have three layers (floor, small table, big table) to put stuff. You can even add a tablecloth on top if you want to cover the stuff underneath. That will make it look neat and tidy for $0.
Parsec has the lowest latency of any large free remote view software.
You can get 10 ms round trip on LAN, which is less than 1 frame at 60 FPS. You need Intel CPUs with QuickSync Video or nVidia nVENC GPUs. nVidia has the fastest hardware acceleration of anyone. On both the client and host. A Raspberry Pi isn't supported by Parsec anymore. It's not the best choice for this type of thing. A $150-$200 mini pc would be the best.
No, you want Ethernet not fiber.
Your downstairs router, computers, and your new upstairs switch / Wi-Fi access point are all guaranteed going to be RJ45 Ethernet.
The only part that is fiber is the part running to the outside.
You can put both a fiber and CAT5E/6 Ethernet in, but just a fiber connection will not accomplish what you want. You need the Ethernet connection in order for each floor to have its own wired connection and/or wifi access. That’s what the consumer equipment will use. Otherwise, you will need more enterprise-level equipment and that will add unnecessary complication.