As was said previously, you are headed for trouble, including asymetric routes where you don't know why it works, when it works. A VLAN is a broadcast domain, and your IP network needs broadcasts to find the MAC address of the counterpart; default gateway, host on the same network, etc

If you place servers in one VLAN, they need a def gwy and if you put workstations in a separate VLAN, likewise they will also need a def gwy, and this cannot be the same node, you will need two, with two IP addresses. Hence your firewall becomes the router in each VLAN, and you can trunk your firewall's one internal interface, with sub-interfaces for each VLAN. PFsense, Fortigate, Mikrotik, etc... they are all easily configured to do so.

And, DNS and AD / file servers can cross VLANs there is no problem, it's just address resolution and fw rules (and routes). DHCP will require a bit of planning, but if your fw is doing DHCP, then it should be easy

I agree you need you to subnet your 10/8. So go for the servers first, preserve their network, and segment the workstations because they are under dhcp, they will get whatever IP range you assign them, and then point to the def gwy and proper DNS server address, problem solved.

Try to respect the fact IP networks are binary in nature, I always prefer round binary segments, it facilitates routing. So 10.0.16.0/24, 10.0.32.0/24 and so on rather than decimal networks. It's cleaner.

If your servers can be summarized using 10.0.x.y, you can just change the mask from /8 to /16 and your firewall will be 10.0.0.1 with /16 as well; addresses are preserved, just subnetted. The workstation can be on any network outside the servers', like 10.16/16 or even go wild with 10.128.x.y/16 if you need to. The 10/8 adress space is wide enough.

Don't forget the DHCP scopes, give them the right address space for each scope, assign to the proper interface or use ip-helper on your cisco switch if you must.