If I understand the question, the traffic in your local intranet will basically always be encrypted with your root cert. So client -> proxy with your cert, then normal internet encryption from proxy -> internet.
For the apps, it depends on the app, but you can usually insert your cert into their store, it might just be different than the systems store. This could be hard to do on an non-rooted iPhone, idk. My experience is with Linux desktops. For example, in chromium based apps, there is a database in ~/.pki/nssdb that you can insert your cert into. Again, this is something I do at work where we have a very tightly controlled network and application stack. I would not recommend a MiTM proxy for your home environment, it will only cause headaches.
Not quite. This might be a better explanation than I’m providing: https://chat.openai.com/share/c77fc7ed-9d68-4076-ab70-e953a3896bb6