From 82faa3d8bd4d73bfb268ef1df40d276f4d733cc7 Mon Sep 17 00:00:00 2001
From: m <paragraphenreiter@gmail.com>
Date: Fri, 8 May 2026 02:39:36 +0200
Subject: [PATCH] =?UTF-8?q?Revert=20"Merge:=20t-paliad-151=20Phase=20A.5?=
 =?UTF-8?q?=20=E2=80=94=20compose=20network=5Fmode:=20host=20+=20Paliadin?=
 =?UTF-8?q?=20env-var=20plumbing.=20Lifts=20the=20DO-NOT-MERGE-before-A.5?=
 =?UTF-8?q?=20gate=20from=20da971a7.=20Dokploy=20secrets=20PALIADIN=5FSSH?=
 =?UTF-8?q?=5FPRIVATE=5FKEY=20+=20PALIADIN=5FKNOWN=5FHOSTS=20already=20reg?=
 =?UTF-8?q?istered=20on=20mlake=20(validated=20SSH=20key=20roundtrip=20via?=
 =?UTF-8?q?=20ssh-keygen=20-y);=20single-line=20vars=20PALIADIN=5FREMOTE?=
 =?UTF-8?q?=5FHOST=3D100.99.98.203=20/=20PORT=3D22022=20/=20USER=3Dm=20als?=
 =?UTF-8?q?o=20staged.=20Next=20deploy=20is=20the=20M1-vs-M2=20traefik=20g?=
 =?UTF-8?q?ate=20(design=20=C2=A74.2):=20if=20paliad.de=20returns=20200/3x?=
 =?UTF-8?q?x=20after=20redeploy,=20traefik=20routes=20under=20host=20mode?=
 =?UTF-8?q?=20(M2)=20and=20the=20route=20ships;=20if=20502,=20revert=20thi?=
 =?UTF-8?q?s=20merge=20and=20revisit=20decision=201."?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit a80652a0859b10ccfea7f92a77fae00548d638d2, reversing
changes made to f820aa8316ef23170b46b862f33ce8c778bebecc.
---
 docker-compose.yml | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c749761..b570cc9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,14 +1,8 @@
 services:
   web:
     build: .
-    # network_mode: host so paliad inherits mLake's tailscale0 interface
-    # and can reach mRiver (100.99.98.203) for the Paliadin remote route
-    # (t-paliad-151). With host mode, `expose` is meaningless — paliad
-    # listens on host port 8080 directly. traefik routing under host mode
-    # is gated by Phase A.5 (see docs/design-paliadin-tailscale-ssh-2026
-    # -05-07.md §4.2 + §7); if that test fails, revert this commit and
-    # revisit decision 1.
-    network_mode: host
+    expose:
+      - "8080"
     environment:
       - PORT=8080
       - SUPABASE_URL=${SUPABASE_URL}
@@ -26,16 +20,5 @@ services:
       - SMTP_FROM=${SMTP_FROM}
       - SMTP_FROM_NAME=${SMTP_FROM_NAME}
       - SMTP_USE_TLS=${SMTP_USE_TLS}
-      # Paliadin remote routing (t-paliad-151). When PALIADIN_REMOTE_HOST
-      # is set, paliad forwards each turn to mRiver via SSH on port 22022
-      # (Tailscale-SSH bypass, see design §4.5). Without these vars,
-      # paliad falls back to local tmux (or DisabledPaliadinService).
-      # The PRIVATE_KEY and KNOWN_HOSTS values are multi-line — register
-      # them in Dokploy as secret env vars, not in plain compose text.
-      - PALIADIN_REMOTE_HOST=${PALIADIN_REMOTE_HOST}
-      - PALIADIN_REMOTE_PORT=${PALIADIN_REMOTE_PORT}
-      - PALIADIN_REMOTE_USER=${PALIADIN_REMOTE_USER}
-      - PALIADIN_SSH_PRIVATE_KEY=${PALIADIN_SSH_PRIVATE_KEY}
-      - PALIADIN_KNOWN_HOSTS=${PALIADIN_KNOWN_HOSTS}
       # - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}  # Phase H (AI Frist-Extraktion), currently deferred
     restart: unless-stopped