You can layer them however you want, so you can slap luks on the physical drives, or the mdraid, or the individual LVM volumes as you do right now. If the entire setup is either locked or unlocked, luks between the raid and LVM PV makes sense. Having luks on the individual LVs have the advantage that you can have your data partially unlocked.
2FA is complicated. You can use a second factor like, you need to enter both a password and be in possession of the flash drive, but you can't do it with the standard TOTP codes because you need the key to validate them in the first place.
One thing you can explore is TPM: the computer can detect if it's been tampered with, and if all checks out, it will unwrap the key. You can add a password or flash drive as a second factor. There's also the whole smartcard rabbit hole.
What exactly are you unsatisfied with? I think that's a better starting point to advise on.