If you're designing it from the ground up I recommend spending time to drop Ethernet on each floor. This way you can centralize your router and switch in a closet or basement area. This also gives you the flexibility of poe to run the access points.
I have used Unifi APs along side OPNsense for the past several years and never had an issue. There are some caveats: you do need Poe, a separate router, and a way to host the Unifi controller (I use docker).
A small 2000sq-ftish house can likely be covered by 2 APs. The last gen Unifi AC Pro can be picked up used for $30-50/unit. Check out hardwareswap on discord. You then need a small POE switch to power them and plug your router into such as a poe-8 (~$60-75 used).