You dont need to have the same subnet on different vlans. You also dont need them to each have a router, that isn't how this works.
Each VLAN gets a gateway, in a subnet accessible within that VLAN.
Under no circumstances do you need a separate physical router for having 2 VLANs on the same network. That's not how VLANs work.
Doing all of this on a router doesn't make sense without a physical separation though
I'm going to have to say, I have zero idea why you would suggest this for something that is logical, and specifically not physical.
Logical separations and vlan segregation for trust models is standard practice (though hopefully more will trend towards a zero trust model, but irrelevant here). There is zero need for any physical separation. What are you talking about?
Not OP, but logical separation and firewall rules is a needed first step for security. They already mentioned in the post that one vlan has dedicated outbound (via VPN only) and doesn't have access to their .200.
Physical switches per vlan is completely unnecessary, and entirely why vlans are used rather than subnets.
HP/Lenovo/Dell workstation tiny/mini/micro will be cheaper and better supported. Price-wise, I've set up 4-5 reasonably powerful t/m/m machines for the cost of my M2 Mac mini.
Which is nice for some of the development work I do, but for a server I personally won't use anything other than Linux, and I wouldn't recommend anything else either. Apple adds some funkiness that can be a complete pain (IMO) with some tools, Linux is the only server solution worth using.
So if you want a Mac, go for it, but if you want a server as the most important part, I'd say get an x86 based bit of hardware.
As far as your Birth Certificate... theoretically it should be possible to attain a copy through some kind of State records office/website, though I'm not familiar with Ohio specifically.
Vital Statistics
Here's the info from Ohio:
https://odh.ohio.gov/know-our-programs/vital-statistics/how-to-order-certificates
it hits them hard when they still (I'm a few months away from 40) insist I "give them grandkids".
They should probably vote for people where you having kids is an option then (not assuming you want them BTW, just pointing out the irrational hatred of lgbtq+ has made all kinds of family options harder).
Still the agents mistake.
They could set the start/finish area to be masked, they could set their run info as private, they could have just the run stats (but no GPS) shared, etc.
This isn't a strava issue, just Secret Service Agents being bad about Secrets when doing their Service.
If the noise will interrupt daytime work they will. Or if its close to the deadline and the GC is going to owe a ton of money for being late. Or they have to do some core drills above an occupied floor.
The rare part would be alone and not part of a crew, and more telling, being near the front desk. Construction in a building with a front desk is usually forced to go through the freight entrance only.
I would assume their life is also a struggle.
I wouldn't say jabber is dead, xmpp is still pretty well used. Not enough IMO, but still in use and with readily available modern servers. Jitsi is xmpp+jingle (sip signalling) after all.
No worries, hope it works out for you!
Your first sentence was about physical switches...
There already is a logical separation that makes perfect sense - out through VPN with no network access initiated by that VLAN to the other two internal. That'd a security step that's pretty clear and valid off the bat.
So again - I don't follow anything of what you're driving at, no. Because from the first sentence in your first comment forward isn't making any sense.
Please, clarify, because I don't know why you'd even bring up different switches for an extremely basic logical separation.