I do the same. I run bitwarden_rs as a docker container on a raspberry pi on my home network. Then use wireguard so I am always connected to my home network.
This works great for my family. Simple set up, and I've done 0 maintenance on it.
Have you set your family up with Wireguard as well? Did you do the setup manually or do something else clever to get their devices in your network? I've been spending a lot of time thinking about this, and always end back up at MDM, which is not a terribly desirable ending, but can't necessarily put hands on a device readily for some of them.
My biggest issue is that I have wireguard automatically enable itself when not on my home network. But there are some other networks that need to be excluded, like most airline wifis, as they don't have internet access when just trying to watch a movie.
iCloud private relay does a good job of detecting these types of networks and correctly disabling itself. I wish there was something in the wireguard client to do this, rather than just retrying over and over again...
And since wireguard sets the DNS to use the pihole on my home network, this becomes problematic if they connect to a network that has a captive portal, and needs the wifi's DNS to accept the agreement and get access to the internet before switching over to wireguard and my home DNS.
This works great for my family. Simple set up, and I've done 0 maintenance on it.