2 sfp+ nics, one for the nas and one for your editing PC (they come in a range of prices, ill go with a middle of the road one at 75 usd each) - 150 usd
im a sucker for ubiquiti, they make nice stuff and the management ui is nice for a home power user that doesnt want to learn a new command line syntax… they also have a line of 10gbps products that they should be expanding soon. sadly this is out of your budget, but i want to keep the option open for future expansion.
Get a unifi us-8. it is a managed 8 port switch with poe power + poe pass through. out of all the networking gear i have used this has to be my favorite for versatility. ill explain more later, but for now get that (about 100 usd) as well as a unifi ap ac pro from ebay for 80-100 usd.
That takes care of your layer 1/2 part of your network, but now for your router. we have 250 usd or so to play with… if you go new its gonna cut into the extra territory, but you might make this work used.
chasis: a cheap atx case. if you want to go rack mount get a 1u supermicro superchasis, but know it will be louder than an atx tower. 30 bucks (90 for a 1u chasis- but psu included)
mobo: super micro x11 series ( SUPERMICRO MBD-X11SSL-F-O is 190 on newegg)
cpu: celeron g4900 / 4400 - 50 or so usd
ram: 4gb ECC ddr4. ~50 usd (might be able to find cheaper used, i like crucial - https://www.newegg.com/Product/Product.aspx?Item=9SIA6ZP83V7595)
mobo:
last up, we need a hdd, im a fan of getting 2 patriot flair sata ssd’s and doing raid 1 with zfs in pfsense. 20 usd each… 40 total
that brings the pfsense box up to 360 usd…
oh, one last thing, you need a low profile cooler for the 1u chasis: https://www.newegg.com/Product/Product.aspx?Item=9SIAB944HR3460 so about 400 in total if you went that route 
now, for the versatility part and why i went with the switch 8. For the mean time, you will need to put your streaming devices on wifi, the ap ac pro will handle them all like a champ though, its meant for corperate setups so 20+ clients on it while broadcasting 5 different networks is no problem at all for it.
The AP can be powered with PoE, and can pass that PoE through to 1 port as well. That means in the future when / if you get a larger core switch, you can put the switch 8 in a remote room without having to run a power cable. More so, you can have an AP plugged into it without needing power also. I ran this setup with an AP next to my rack, and another in the front of my house where my desktop was with another ap there. I got amazing coverage and the handoff ubiquiti does is great.
Another reason i mentioned to go with that switch is that it is managed. you can set up vlan’s in pfsense and have 1 wire connecting pfsense to the switch (with all vlans on it). then on the switch you can assign ports to a vlan, and it will put that device it its own network. Doing this you can keep your iot / streaming devices off your lan network.
I hinted at it earlier, but you can also broadcast multiple networks on that AP, so you can have an IoT network, a guest network, a home network, a cameras network, whatever you can think of… all isolated or connected with firewall rules in pfsense.
the pfsense build i put togeather also supports AES-NI so openvpn should be blazing fast, as well as having enough ram to run a quite large snort ids/ips rule set.