How much hurt you’re in is largely going to be a factor of how dependent you are on IP addresses between all your services. Moving services into a VLAN is also going to require new IPs. If you’re using DNS names between everything that will help, especially if you’re mostly using DHCP. If you’ve got lots of hand configured IPs between you’re services you’re going to have to chase all those down.
My recommendation is to start small. Create the new VLAN and put a new host in it, make sure you’re confident about how you want to set it up in ProxMox and your router, get some experience.
Then think about which services you’re actually going to be benefit from the VLAN switch to move. You’ll probably do best at this point to just leave your ProxMox management interface where it is and just move services over that need it.
All said, I run a small stack at home and haven’t really found any personal need for VLAN segregation for my services, so definitely start with a reason and a plan. Learning can be a reason.
Maybe I was too literal in how I answered the question because I do use VLANs in my home network, but just to segregate my guest wifi which I also use for IoT things that I don’t need on my main network.
I don’t think of this as “home lab” because all my services run on my primary network VLAN and my secondary VLAN only exists at my router, switch and wifi APs.
I haven’t found a need for a “no access” VLAN as if I wanted to keep something from going outbound I would just create a firewall rule. I’ve also found my PiHole to be very effective at blocking telemetry traffic from things.