exposing the internal network should not be any more concerning than IP4. You are going to have the DrayTek NATing and internal ip4/6 network inside and if Zen provide an IP6 public range then you will multinat that inside. Presenting a couple of IP6 addresses to inside devices would be done with the same care as a DMZ host. You would not be assigning n IP6 address to internal devices by default and allowing their firewall to deal. Perimeter network security is the same whether it is on IP4 or 6.

Routing IP6 may be problematic but if on same ISP or IP6 enabled (and offering) ISPs then you would be able to route IP6 traffic and failing that then there are public IP6 tunnel providers. These can be free but again resilience, reliability and capacity will come into it and then cost follows thereafter