I have a $5/mo VPS that my domain points to. It runs caddy reverse proxy to my homelab over wireguard. If my home IP changes, the wireguard ‘server’ has the the IP of the VPS wg ‘client’ configured as the Endpoint, with no endpoint set on the VPS. It will switch over pretty quick.
https://anders94.medium.com/wireguard-config-for-the-initiated-2b1cc5f2b1ee
opnsense is the way. Dedicated mini pc while you figure it all out. Eventually you can virtualize it, but run bare metal to learn.
I’m very happy with my Omada APs and their roaming. I have one in my garden shed in mesh mode, and it gives me a LAN port for a poe switch and cameras.
Any roaming capable AP is going to need a controller, so think about where that VM is going to live.