With my Raspberry Pi basically being software/service complete, I'm starting to think more about my router and I need to make sure I'm thinking about this right.
As I envision it, my router would run OpenWRT, Pi-Hole and a VPN. Is that correct or have I got this wrong?
You cannot put pihole on a router but yes, those are good ideas. A router with openwrt will have VPN settings, as do many proprietary ones. Alternatively, you could look into opnsense, which is router software on computer hardware (not a router), which you could also put pihole on. I'd say it's way more tricky though.
Given how important a router is and how easy it is for something to wrong with this, even with just a random update, I'd personally not even try this. I actually just use a tp link omada business router as my family wouldn't be too happy if the internet is broken. It has VPN and I just bought a couple access points so I can improve the WiFi whilst setting up vlans to compartmentalise smart home devices. Everything else is nice to have but if something goes wrong with the services below overnight and I need to work from home, at least I can just switch them off until I got time to fix them.
I got a cheap second hand thin client off eBay for pihole and home assistant (using proxmox), and another custom desktop acting as a headless server with the rest of my services running in docker (plex and arr stack, vaultwarden, nextcloud, imich, loads others etc. It allows flexibility so if the server goes down, or runs out of memory, or I'm messing around and broke it, my family's streaming isn't impacted.