Would my idea work the way i plan on implementing it

Hello all. I am moving soon and will likely bite the bullet at bulding a network for 2 or 3 security cameras. I plan to use hikvision cameras with Ispy software to monitor everything. The reason ive held off so long is that i have some concerns and want to implement everything correctly. I know there are many vulnerabilities that come with hikvision cameras(and ip cameras in general). I am an extremely private person and if i feel like somone could access my cameras i will leave them unplugged. My plan to address this issue is to run them on a localized network that does not have access to the internet. Then Use a single computer to manage and access all of the cameras. That computer would have access to the outside internet and i would use tailscale to access that computer and access my cameras safely.
My questions:
Does what i described actually work as a setup for what i want?

Do i need to build a opnsense router/use a router to actually manage the network for the cameras? Or would i be able to simply just have the cameras all connected to a PoE switch that is then connected to the computer talked about above that manages and gives access to everything through tailscale?

If my setup does sound like it would work. Do you think it addresses my concerns for security/privacy?

Do you have any suggestions for how to build out what im planning?

I am also building an opnsense router for my regular home network. Is there a simpler way to acheive what i want through just the opnsense operating system?

I am pretty new to the networking side of computing. I know a decent amount in theory but lack any experience doing the real nitty gritty stuff. Any knolwedge all of you fine and smart people contribute will be greatly appreciated. Cheers.

there are dozens and dozens of ways to go about this. and while you do have a broad scope idea of where to start, you are barely working out the tip of the iceberg.

lets see if i can offer some pointers, but this will not be a ‘how to’ or an exhaustive list by any stretch.

you will need a router. but you should only need one router, though one router with multiple LAN pots would probably be the easiest to manage for what you describe.

what you are describing is essentially a separate virtual network for IOT devices and is a pretty common home set up. a VLAN is a possibility, but you can also just use separate IP space and use the router to keep the devices from communicating.

OPNsense would be fine, (as would basically any router/firewall distro) but it is one of the distros that i have near zero experience with so all i can say is watch a configuration youtube video for it specifically.

depending on what design you choose, you may want to look at the differences between a layer 2, and a layer 3 switch.

hopefully that gives you some ideas to start with.