Wireguard on host or in Docker container?

I think I have a fundamental misunderstanding here.

I'm wanting to setup a VPN on a Pi or Windows box sitting in the home network, because the home router does not offer a VPN feature. I wish to remotely VPN into the home WiFi network so I can do everything like I'm there.

Now I'd normally deploy any software I'm using or playing with via Docker, however my spidey senses tell me that ain't right for a VPN. I acknowledge it'll be nice to neatly run my VPN within a container.

To clarify, I'm not trying to direct just container traffic via a VPN tunnel. I wish to use the Pi/Windows box and any other device on the home network as if I'm there. Am actually unsure if I want all home device traffic to go via a VPN at this stage yet the option would be nice. So should Wireguard be setup on the host - akin to installing any other software on a system - or can it all live within a container?

Thank you in advance :)