As to build vs. buy: I've previously tried using Snort, but the issue is that no matter what preconfigured lists you get for Snort, even months into the installation, you're still trying to dismiss alerts. That's basically where I gave up - the wife basically got annoyed she couldn't access her sites. Snort desperately needs a learning mode to establish a baseline. I'm aware of the relatively modest hardware needs of a DIY router, but unless the scene has changed significantly in the past few years (the last time I ran my own was in 2008/2009), I honestly can't get over my memories of how bad it all was. Hence why I'm leaning towards buy.
Everything has improved since 2008/2009 but I understand your reluctance to jump in again. Everything I described I would not have even considered back then. Tech was too 'primitive'.
Snort is annoying, but the alternative is Suricata. It's open source and said to be competent, but also said to have its own 'learning curve' with respect to false positives. Someday I'll load it up to find out what the stories really mean. Snort has improved, as compared to descriptions of older versions. It has 3 modes, alert only, a medium mode, and a detailed mode (not their terminology). You can suppress offending rules or remove them from the database (true believers say removing rules is best, as opposed to using a suppression list ... To me it's a difference without a distinction since turned off works the same as as removed. Gone is gone.) With pfSense you can also put IPs you never want to accidentally block on a 'passlist' (a named list called an 'alias' in pfSense) and leave the rules alone. I have about 25 IP addresses on a passlist and maybe 15 suppressed rules. I, personally, try the passlist first unless the rule is really annoying.
My home made router uses almost no power and is fanless, meaning absolutely silent like just about every other router made. It uses almost no cpu. I'm thinking of later putting pfSense in a virtual machine and putting something else in another virtual machine to take up the unused capacity. A local community college is teaching a course in VMware and Hyper-V next Spring. I know a bit of Hyper-V but VMware owns the market. I may use my home router as a project. Unfortunately, I have no idea what to do with the other 75%+ of the pc capacity. I already have a dedicated NAS and the box is located in the basement. (The router is over-provisioned - 8GB RAM, 120 GB SSD, M350 case, Supermicro J1900 processor fanless motherboard - about $400 to build - one with lesser capabilities would have cost only a little less to build.)
AV at the outer ring requires a different thought process than on the local machine. As I mentioned, anything encrypted via HTTPS can't be read. You might be able to read the unencrypted parts. If you can read it, so can a man-in-the-middle. You're reading a flow, not a hard drive. You need a fast processor and a lot of RAM since it has to read files at a time, not bits at a time.
I'm still experimenting, and will consider myself as experimenting for a while. To me, you have to think in layers for a network defense at the router level. No one product can do it all and if someone thinks about using a PC level approach on a router, it's apples and oranges in detection needs. I'm trying pfBlockerNG for IP blocking, Snort for blocking the known bad ways to break in, and will play with Clam-AV later.