Preface
I recently bought three Deco X50 and am trying to get them configured in a way that fits my needs:
1. Get rid of my powerline setup and get proper wifi coverage throughout the house, using one X50 per floor.
2. Proper segregation of my IoT devices, with the ability to configure each device individually (some are cloud based, some are local).

Setup
Existing main router is a FRITZ!Box 7530 being connected to the internet and to a swich / my homelab (unraid, truenas, vms, homeassistant, ...). Up to now, wifi was handled by the main router and some attached powerline adpaters. Plan was to remove this part of the network and replace it by the Deco X50's. The main X50 is directly wired to the main router.

Scenario 1
My main router and the homelab devices are all nicely contained in their own subnet (10.10.10.0).

The X50's are configured in router mode, which created a separate subnet (10.10.20.0).
In this configuration I can access my network-shares etc (i.e. on unraid server 10.10.10.3), which is one part of my requirements.
Also I have configured three different SSIDs (Main, Guest, IoT) and I can configure if devices see others or not.
What does not work is that homeassistant (10.10.10.13) does no longer see my iot-gateway (10.10.20.110). 
This is still kind of expected, since the X50 is not aware that subnet 10.10.10.0 is part of my home network.
What I would have expected is to be able to solve this by setting static routes (i.e. route to network 10.10.20.0, through main deco as gateway 10.10.10.20 on my main router). 
After several days of trial and error, I did not get to a point, where my homelab saw any devices in the X50's subnet.

Scenario 2
After reading through this community a bit and the solution often being to switch to AP-mode, I decided to try this.
With the X50's being in AP-mode, all my devices are now in subnet 10.10.10.0, which is good (i.e. homeassistant sees the iot-gateway again).
But at this point the entire segregation is gone, as my main router does not have any significant capapbilities in this direction (except for a guest subnet, but this is an entirely separated form anything else).
Also I don't see any benefit from having three different SSIDs if they all are routed into the same subnet.

Current status

At this point I'm out of ideas how to get this configured and I'm hoping that somecone can point me to the right direction.

Is there any possibility to get scenario 1 working as intended (via static routes)?

As far as I can tell, to get scenario 2 to cover all requirements, I would need more hardware to set up VLANs and route clients there?

Any other ideas how i can get to a working solution here?