Personally, I use (and prefer) a single port router into a dedicated Gigabit Switch. Switches are recognised as being more efficient than multi-port routers.
If you take that choice, you will need to feed your NTL modem into the router. In this case, all outlets will have Internet capability, providing you do not restrict availability.
Almost all routers these days, have a built-in Firewall, often Linux or BSD based, and will offer ample protection; at least as far as anyone can!
I'm unsure as to why you wish to use a patch panel, as all your "tails" could have been directly connected to the switch(s), but that is more a matter of choice than anything else. But to my mind, for a relatively small network, it just adds another potential source of trouble.
You can place a server in your cupboard and connect it to one of the switch ports. It will act just like any other computer on the network, apart from it's dedicated job.
Once the server is set-up, just map your other devices to a network share, which will then provide whatever service you call.
At home, I use Hawking equipment, which is very efficient and reasonably priced, but all of the major providers will offer suitable equipment, and to be honest, there's not a lot to choose between any of it. The only thing I will say, is early on, I had a minor problem with the equipment, and Hawking customer service was absolutely excellent. So for that alone, I would have no hesitation in recommending them. That aside, my Gigabit network has been working for over a year now, absolutely faultlessly.