Upgrade GL-MT6000 to openwrt keep mullvad credentialed WG client, only-vpn traffic, force DoH

I plan to abandon GL-inet firmware for openwrt purity. There are only three features I "need". Will they be there for me? if not how do I get them?

1. WG client wizard accepting my mullvad credentials for auto setup
2. WG dashboard switch to only allow internet through vpn, deny others
3. LAN DNS force DoH or DoT an my NextDNS configuration ID

1. there's no such wizard AFAIK
2. there's a kill switch, yes, not sure if there's UI for it
3. DoH is supported, dont know what the NextDNS ID means

You can import your Mullvad WG credentials with its .conf.

You can use a killswitch preventing traffic going out of the WAN although it is not really needed with WireGuard as the interface and routing stays up even if the route is not working.
There is no button labelled killswitch but you can use the GUI to disable/enable traffic via the WAN

I use HTTPS-DNS-proxy for DoH DNS resolution:
https://openwrt.org/docs/guide-user/services/dns/doh_dnsmasq_https-dns-proxy

My notes about how to setup a WireGuard client (with importing your config file and killswitch) see:

You need the Client setup guide, make sure to download it (pdf) as github only shows the first 5 pages

OpenWRT references:
https://openwrt.org/docs/guide-user/services/vpn/wireguard/start
https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
https://openwrt.org/docs/guide-user/services/vpn/wireguard/client