fix: trying to fix auto-pulls 21 !

backend/Dockerfile

@@ -1,15 +1,7 @@
 FROM python:3.11-slim
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    git \
+    systemctl \
-    curl \
-    && curl -fsSL https://download.docker.com/linux/static/stable/x86_64/docker-27.5.1.tgz \
-    | tar -xz --strip-components=1 -C /usr/local/bin docker/docker \
-    && curl -fsSL "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64" \
-    -o /usr/local/bin/docker-compose \
-    && chmod +x /usr/local/bin/docker-compose \
-    && mkdir -p /usr/local/lib/docker/cli-plugins \
-    && ln -s /usr/local/bin/docker-compose /usr/local/lib/docker/cli-plugins/docker-compose \
     && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app

backend/admin/router.py

@@ -42,36 +42,13 @@ async def deploy(request: Request):
 
     logger.info("Auto-deploy triggered via Gitea webhook")
 
-    project_path = settings.deploy_project_path
+    # Trigger the host-side systemd service which runs as the bellsystems user.
-    # Write a deploy script to the host filesystem (via the mounted project path)
+    # This avoids running git/docker as root inside the container.
-    # then execute it with nsenter into the host's PID namespace so it runs as
-    # a host process — not a container child — and survives container restarts.
-    script_path = f"{project_path}/deploy.sh"
-    log_path = f"{project_path}/deploy.log"
-    script = (
-        f"#!/bin/sh\n"
-        f"exec > {log_path} 2>&1\n"
-        f"echo \"Deploy started at $(date)\"\n"
-        f"git config --global --add safe.directory {project_path}\n"
-        f"cd {project_path}\n"
-        f"git fetch origin main\n"
-        f"git reset --hard origin/main\n"
-        f"docker-compose up -d --build\n"
-        f"echo \"Deploy finished at $(date)\"\n"
-    )
-
-    with open(script_path, "w") as f:
-        f.write(script)
-
-    # nsenter into host PID namespace (PID 1 = host init) so the process
-    # is owned by the host and survives this container restarting.
-    trigger_cmd = f"chmod +x {script_path} && nsenter -t 1 -m -u -i -n -p -- sh -c 'nohup {script_path} &'"
-
     await asyncio.create_subprocess_shell(
-        trigger_cmd,
+        "systemctl start bellsystems-deploy",
         stdout=asyncio.subprocess.DEVNULL,
         stderr=asyncio.subprocess.DEVNULL,
     )
 
-    logger.info("Auto-deploy triggered on host via nsenter")
+    logger.info("Auto-deploy triggered via systemd")
     return {"ok": True, "message": "Deploy started"}

docker-compose.yml

@@ -10,11 +10,9 @@ services:
       - ./data/built_melodies:/app/storage/built_melodies
       - ./data/firmware:/app/storage/firmware
       - ./data/firebase-service-account.json:/app/firebase-service-account.json:ro
-      # Auto-deploy: project root and Docker socket
+      # Auto-deploy: systemd socket so container can trigger host services
-      - /home/bellsystems/bellsystems-cp:/home/bellsystems/bellsystems-cp
+      - /run/systemd/private:/run/systemd/private
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /run/dbus/system_bus_socket:/run/dbus/system_bus_socket
-    pid: host
-    privileged: true
     ports:
       - "8000:8000"
     depends_on: []

frontend/src/layout/Header.jsx

@@ -12,7 +12,7 @@ export default function Header() {
       }}
     >
       <h2 className="text-lg font-semibold" style={{ color: "var(--text-heading)" }}>
-        BellCloud™ - Console 6
+        BellCloud™ - Console
       </h2>
 
       <div className="flex items-center gap-4">