I would document everything I could if I started from scratch. I really regret not documenting from the beginning. Ex post documenting is just not as reliable.

I actually switched from pfsense to opnsense last week. The licensing debacle and the stand Netgate took against the community was enough for me to switch. It took a bit of time getting used to the UI, but I'm starting to enjoy using opnsense more than pfsense. First thing that made me happy was the automatic backups to nextcloud haha

It's exactly what I do and works great

It's actually quite easy to automatically let vpn turn on or off depending on whether you're home or not.

I personally use wireguard for this. On my wife's iPhone there's a setting in the wireguard app that automatically disconnects vpn when connected to specified ssid and reconnects vpn when disconnected from specified ssid. On my android I use the tasker app to get the same functionality. I used this guide to set it up: https://hndrk.blog/tutorial-wireguard-and-tasker/

I haven't set up dns ad blocking yet, but this is exactly the usecase I've come up with for this setup, that and always having our phones on home network for selfhosted services is great.

Hope this is the solution that you're looking for :)