Questions about VLANs, OPNsense, switches and pihole?

Hello r/networking,

I have a little bit of networking experience but I'm quickly learning that networking isn't my strong suit. For a few years I have had a network firewall appliance set up with Sophos XG Firewall running two separated LANs (through different NICs on the appliance): a "wired LAN" and a "wireless LAN". I found out as growing the network that these descriptors weren't very accurate. For example, I ended up putting my PoE security cameras on the wireless LAN because I didn't want them on the same network as my servers.

At first I was using Sophos XG Firewall to handle the DNS, it didn't work very well because the software isn't really designed for that. I set up an orangepi with a docker version of pihole. I found that, through the docker network mapping, I could use both the wired and wireless network interfaces on the orangepi to serve DNS to both LANs. It was working very well.

A few weeks ago the firewall appliance died. I replaced it temporarily with an old spare hardware router I had in storage just to get the network back online. Because of the single simple router, I flattened out my network. I took my pihole instance and converted it to be the DHCP server so it was handling DHCP and DNS. Now, I've got my firewall appliance back online but I've installed OPNsense instead with all ports except the WAN port bridged and now I want to set up VLANs but I have so many questions.

1. If I set up VLANs for Wired Computers, Wireless Computers, Wired IOT, Wireless IOT, etc. will I be able to use a single pihole instance to service all VLANs? If so, how does that work?
2. Should I construct the VLANs on top of the bridge or should I break apart the LAN, OPT1, and OPT2 ports and have OPNsense manage them separately?
3. Is there any way to use the pihole computer as the DHCP server across VLANs? I'm thinking this is a "no" and I should be using OPNsense as the DHCP server for each VLAN that I configure with it.
4. I have a couple of managed switches already so I was starting to play around with creating VLANs in the config pages. I think I understand "Tagged", "Untagged" and "Not Member" but is using a manged switch the only way to group up a VLAN?

I've been googling around for strategy and help on creating a home VLAN network but I haven't been very successful. I think this is because you have to configure the router and the switches to really enable VLAN infrastructure and it becomes complicated quickly with all the variations. Anyway, very interested in thoughts and opinions on this.