Those defaults sound like a good base to me. Think if you make the 2 changes on the hAP you'd be set to use ether5 for PoE.
As you note, Mikrotik give you a lot of options. But the UIs all offer roughly the same options, so use what make sense. The mobile app work, and also does offer all the settings...but their "setup wizards" and summary work fine but kinda limited compared with the web configuration. For a Mac, there is a pre-package of winbox.exe with all the wine stuff built into Mac applications:
– while you hopefully don't need it, but only way you can use MAC addresses (instead of an IP) to connect to the Mikrotik, which is pretty handy if the config gets FOBAR and you don't want to reset it to defaults.
I helped a friend of my setup something similar for his RV - he's less technical so winbox was out of the question... since his only on-going configuration need was to switch the Wi-Fi used by the Groove that pulls in whatever Wi-Fi is available. Found the "Quick Set" screen of the web interface on the Groove was pretty handy for him since he just had to pick a Wi-Fi network and put in a password.
If you want more help, you'll get more valuable advice if you post the configurations in the forum. In any of the UIs, you can get to the "Terminal" feature of any of those UIs, then type:
export hide-sensitive file=pick-a-filename.txt
then go to "Files" in any of the Mikrotik UI's and download the file created then cut-and-paste into a forum posting.