I read through your document and had one comment. When you disabled inter-VLan routing, you basically said that no traffic can go from 192.168.1.0/24 to 192.168.2.0/24. Likewise, you can’t get from 192.168.1.0/24 to 192.168.3.0/24 (or 192.168.4.0/24). Basically, none of the different Lans can see or communicate with each other. It is like having 4 separate physical routers and no cables connecting them. So, when you are on your office VLan (vlan1), you can only see the router IP for that LAN (192.168.1.1). Likewise, if you are on VLan2, you would only be able to get to the router config through 192.168.2.1.
You can specify which VLans are “allowed” to manage the router. I would suggest locking it down to just vlan1 since all of those devices must be plugged in.
Hope this helps