Whoa there, I never have - and never would - suggest that anything should be protected by a single factor. Where are you getting that?
Authy sucks. It's not just that the TOTP they send you might not be secure (SMS is easily exploited), it's been shown that they're leaking other personal data.
You don't have to cobble anything together. As you say, self-hosted BitWarden is a good option. As for your "glue", you should trust it more than a third party, since you know what went into yours, and its not a massive honeypot treasure trove.
Edit: I've been using "honeypot" wrong. It would actually be good if the hackers tried to hack one of those.