towerful

Sure, but what you are describing is the problem that k8s solves.
I've run plenty of production things from docker compose. Auto scaling hasn't been a requirement, and HA was built into the application (so 2 separate VMs running the compose stack). Docker was perfect for it, and k8s would've been a sledgehammer.

It's not a workaround.
In the old days, if you had 2 services that were hard coded to use the same network port, you would need virtualization or a different server and make sure the networking for those is correct.

Network ports allow multiple services to use the same network adapter as a port is like a "sub" address.
Docker being able to remap host network ports to containers ports is a huge feature.
If a container doesn't need to be accessed outside of the docker network, you don't need to expose the port.

The only way to have multiple services on the same port is to use either a load balancer (for multiple instances of the same service) or an application-aware reverse proxy (like nginx, haproxy, caddy etc for web things, I'm sure there are other application-aware reverse proxies).

Surely you want to enable 802.1q? Like, that is vlan aware switching and routing. Or is that on the nas?

Edit:
Some troubleshooting:

Connect a laptop into the same subnet as your Nas (so same vlan and IP range/subnet) and connect to the nas. This either eliminates the NAS or the router from the equation

That whole "shortest path" has caught me out before (tho in a different way)!
And firewall logs of "state violation" aren't always helpful when that's pretty much the default log message

If they are on the same subnet, why are they going via the router? Surely the NIC/OS will know it's a local address within its subnet, and will send it directly; as opposed to not knowing where to send the packet, so letting the router deal with it.

I'm assuming you are using a standard 24 bit subnet mask, because you haven't provided anything that indicates otherwise and the issue you present would be indicative of a local link being used - this possible

Obviously it's a fart counter. Resets at midnight.
OP has been busy!

I'm sure this is a meme, but the trust is proving the OS is not tampered with.
Like, if malware was able to inject a malicious windows update URL into the OS, and inject a malicious certificate that gets the OS to trust the malicious updates by the malicious URL.
The signature of the OS would then differ from what the TPM/CPU recorded during OS boot and what the TPM/CPU has hashed during running. This would indicate that the OS has been tampered with.
So the trust in TPM is that the TPM and CPU are working together correctly (which is certified during manufacturing), so that the TPM can then attest that the OS (or software or whatever) hasn't been tampered with.

So yeh, it's MS (or whatever software company) trusting that the software it is interacting with is running as it is intended

If you want to power your house independently from the grid, your house has to be independent from the grid.
Anything where you sell your excess power back to the grid is in tight cooperation with the grid operators.

Standard house wiring is not set up to accommodate back feeding the grid nor independently powering.
So you will need a changeover switch professionally fitted if you want an independent power source, or your solar panel installers will fit the appropriate equipment to back-feed the grid.
Anything else will likely involve deaths, fires, broken equipment, criminal prosecution, insurance invalidation and all that nasty stuff.

Between the for-profit businesses of Google and bitwarden, I'm going to trust bitwarden more.

Bitwarden, DNS and email are the 3 services I pay for.
Passwords can't be inaccessible, free DNS services never have an LE API, and email is extremely difficult to self host. The uptime and security I expect for these things means I'm happy paying someone else to take care of it.

Bitwarden seem to be a great company and doing everything right (even though they are being annoyingly slow with passkeys on android, my only fault with their service).
Their subscription is extremely reasonable, so even if I figured I could self host it, I'd rather pay bitwarden

People hate having their favorite brand associated with vile or unethical things.

True. But not ads, which this quote is taking about. People hate ads. It's the ads people hate, not the context of the ads.
If your favourite brand hired some neo-nazi as their new spokesperson, that's a bit different than some garbage ad sitting beside some garbage AI content.
The only reason "ads beside garbage content" is ever leveraged (ie a news story) is as a way to either hurt the garbage content or hurt the company the ad is for.

Like with shitty twitter content, consumers can pressure twitter to deal with the content by alerting companies that they are being seen next to shitty content. Companies then leverage the fact that they are paying twitter to get their ads away from that content. If enough companies do this, twitter might change their content policy to prevent this kind of shitty content.
Like with YouTube, it has loads of demonitizing policies to ensure companies who advertise there don't get negative press due to association with the content, which means YouTube should have a majority of quality content.

But, no. (The majority of) People don't hate their brand advertising next to particular content. People just hate ads.

The xkcd explained brushes near it.

Many of the passengers would suffer extreme injuries from the changes of velocity (up to 230 mph based on a loop radius of 3 x ship length) and rotation (unlike rollercoasters, or even airplanes during simple take-off and landing, passengers aren't normally strapped down).