For a router and a firewall, mikrotik would be ideal. Set it up and forget about it, if something suddenly happens, it changes to another mikrotik and the configuration is uploaded. Easy to set up and stable.
For a fallopomoyka, absolutely any cheapest motherboard with the cheapest stone with a gigabit network and a pair of sata2\3 ports. As OS freeBSD, as fs use zfs. The problem with the raid was immediately resolved. Even a nettop or mini\micro itx mother is enough for the eyes, even with an atom, but better with a celeron.
About the reservation. As noted above, you should not reserve everything on the same servers. The first reason is fault tolerance, the second is the budget. There is another scheme more elegant to start with:
1) We buy a place in a cloud disk (Yadisk is ideal because it can webdav). For example, 1tb per month costs something around 200 rubles, which is mere pennies.
2) We cling the yadisk to the file cleaner.
3) We write a couple of simple scripts (a very important backup and not very important but necessary).
3.1) The "very important backup" script is run n-times (once a day at night for example) and copies all especially important files to the poison (for example, 1C databases, something accounting)
3.2) The "not very important but necessary" script is run once a week\month and makes a full backup of all documents, etc.
4) After everything is set up, for example, make an image of the server screw and critical machines (buhi \ boss) and burn it to a blank.
1) Ultimately, the network is controlled by mikrotik, which is easy to configure and can be replaced very quickly even without knowledge of the configuration by deploying the configuration.
2) The file dump lives well and in the right raid. Even if it dies, then critical files for work right now and right now will be available on the right machines through the POISON. After fixing problems with the server, everyone will return to normal mode
3) Backups are not with you and you don’t have to worry about their safety.
All hardware takes up very little space, the microt router is small and quiet, the file washer is assembled on a cold stone and can be passively cooled for a penny. Everything is as budget-friendly as possible, and even in the event of a breakdown, a lot of money and a simple one will not result.

Voice the budget :) if you can, of course, at least approximately. Because the backup system alone can pull above the rainbow ...
UPD:
The task of the firewall is definitely on the router. Of course, Mikrotik is better, because Sokhov models are designed for home grids.
For everything else, I'd recommend Synology/QNAP with as many drives as you can afford. This is essentially a linux with a graphic face - if you wish, you can have a normal console in it, in the absence of it, you can manage with a web face. It has both RAID and file storage on samba and backup (both on itself and in the cloud).
An OEM license is not a property of a computer. This is a sticker on the case + an accounting document for the purchase. Of course, you can lose it ... along with the computer case: D
And you can not lose activation by making a full disk image with an offline backup program like Acronis.

Router - something from inexpensive mikrotiks, if cool bells and whistles are not needed, any SOHO router will do.
This is guaranteed to be enough for such an office. Its task is to distribute the Internet, if you need to keep a VPN, distribute addresses, work as a DHCP server, provide network protection, etc. There is no need to hang up any file services on it.
The server - depends on tasks. For file cleaning, any office machine with disks of the required capacity will do.
If you have 1s - you should already look here. What architecture - file or server, how many active users, database size. Depending on this, the requirements may differ by an order of magnitude, i.e. dozens of times.

Stability of work 24/7/365

provided on any hardware.

- Silence of work (no server room)

Spacious desktop with large and quiet fans.

-Strong throughput, enough to work in 1s and not buggy

Not enough information to answer.

- Ability to do RAID

This ability is available for all computers on board which have windows or linux installed.

-What iron to choose?

There is little information, you need to specify the tasks, in particular regarding 1s, it is also not clear whether you will work in the workgroup mode or drive everyone into the domain.

-What software to use for Firewall and backup

Depends on requirements. If the OS is windows, the built-in backup is great. The firewall is the task of the router, not the application server.

-How not to lose OEM windows licenses on machines (Is it possible to make a full backup of a disk image and then deploy it back?)

Make disk images - at any time you will return the state of the disk with activated Windows. This is done either by the built-in windows software, although third-party utilities like Acronis can also be used. It should only be clarified that in this way you save exactly the activation of Windows, but not the license. Licenses have nothing to do with your computer and are not stored on it. Usually they are in a safe in a lawyer's office.

Think about who will manage this happiness. Maybe you don't need this Linux?
There are a lot of solutions - both from MS and ready-made builds based on Linux / BSD.
No, I'm not against this OS, the scale of the problems "call an IT boy from a neighboring office to look" and "we have a server on linux, stopped logging into the provider's personal account, writes squid something-there error XXX" - are completely different.
Think about whether you need such a firewall in principle, or a regular built-in one (well, or on a router) will do. If not, put a box with HDD, and screw whatever you like on it (in principle, FW can also be raised). Graphical user interface and all that.

I agree with my colleagues, the idea looks more like creating a single point of failure for everything and immediately without much need.
Moreover, the backup of the server itself, quite possibly, will be more necessary than the backup of user machines (especially if done correctly - that is, do not store anything on them). Making a backup on the same server is not very smart.
I would advise:
1. A decent router that will close the issue with the Internet and the firewall - and when it fails, it is simply replaced with a freshly bought one. If you want trouble-free operation, you can simply keep a second one at hand.
2. Serious enough machine for a file server. RAID and other goodies to taste. Although, I must admit, I can’t imagine how file 1C is distributed over the network for 15 people - and you can still work in this. Or all the same not file?
3. And a small cheap nettop with a large screw, the only task of which will be to silently and peacefully automatically make backups. With several copies, of course (encryptors are now in vogue, and a backup in which files are automatically overwritten with encrypted ones is useless). With external read-only access.
What does the OEM license have to do with it - I don’t understand at all, to be honest. Are you going to backup deployed images from all machines? Do they have to constantly "repair" in this way?

Two Mikrotiks - that's right, I approve.
Server - yes, you can get by with an ordinary desktop, with a case where you can plug 8 or more disks. Only I would recommend an external disk controller. For example, LSI 9300-i8. Under fryakha works OK, I checked. Disk configuration: RAID10, compile with ZFS. That is, you will need at least 4 disks in the server, and at least one in the ZIP, in total five. The disks are necessarily hot-swap - it will be possible to change on the go, without stopping the server.
Be sure to update the controller firmware - it had a vile bug that when deleting one disk on the go, it shot all the disks at once. The data didn't suffer, but the ZFS pool died, of course. It was treated only with reboot.
There is one subtle point. The Samba port under BSD has jambs. At least I had it in version 3.4, 3.5. When using the 1C file base by more than 2-3 users at the same time, performance dropped sharply. This was due to the peculiarities of the implementation of open file locks, and as far as I remember, it was not treated in any way. Perhaps this was fixed in the 4th version, but at the time of my research (4-5 years ago), the Samba team sent everyone to the forest, citing the fact that "everything works for us on Linux." So first you need to test the performance, before entering into the prod. So that later you do not have to frantically change the OS.
From iron still - look for BU HP Proliant Microserver, 7th or 8th generations. These are excellent machines, reliable and with hotswap baskets. And BU they are inexpensive. Gen8 is more expensive, of course, but you can also fork out, there prices are from 18 to 50 thousand, depending on the configuration. Gen8 is better in that they have a built-in remote management adapter, with IPMI and IP-KVM. The disk basket is there for 4 disks, you can install the system on the 5th one. The 5th is usually placed in a CD-ROM tray, there are special adapters, but you can just put it like that. Only a 2.5" disk will be needed. A disk adapter can also be installed there, but only of the previous generation, i.e. LSI 9200 - there (in the server) the SAS connector is different, the server backplane cannot be connected to the 9300-8i.
A device for storing backups -- necessarily separate, i.e. a separate system unit.
Ready-made boxes like QNAP / Synology are trash and waste, it’s better not to even get involved. OK for home, not for office. The maximum that they can be trusted is the storage of backup files, and that's it. And even then, personally, I would not, it hurts a lot of bells and whistles.

Questions actually in the following: -
What iron to pick up?
-What software to use for Firewall and backup
-How not to lose OEM windows licenses on machines (Is it really possible to make a full backup of a disk image and then deploy it back?)

Without fanaticism for 15 people, take
mikrotik as a head a ready-made solution from the 2011 series
https://routerboard.com/RB2011iL-IN
or not much more expensive than 3011
https://routerboard.com/RB3011UiAS-RM
As a switch, definitely a new crs326. In theory, he will cope with going beyond NAT for 15 people, but it's bad practice to use switch as a router. Although he can, if only for the first time. (but we remember that temporary it seems to be permanent;) )
For NAS, take a ready-made qnap / synology, again, there are good options for BU at flea markets. If the budget is very minimal, I would use the nas4free option.
https://www.nas4free.org/
Yes, on BSD, but the web muzzle does its job and, in general, crawling in the console and editing configs is not particularly necessary. You can use one machine as an FP on the network, the second as a backup.
Master a bunch of zfs + l2arc will work very quickly. For hdd cache, you can use both memory and in combination with ssd memory starting from 64gb.
In general, I would make a RAID on the same ZFS. Good hardware is expensive, and cheap is more trouble than good.
For OEM backups, in general, you don't need them. Now usually all activation goes through SLIC bios.

The network can be organized on a Mikrotik router. It also has an elementary firewall for port forwarding and other things.
-How not to lose OEM windows licenses on typewriters. From W7 onwards, Windows has a very good copy utility.
The server can be organized on almost any PC (you do not need to take a full-fledged server). There is a built-in RAID. You can also pay attention to FreeNAS.