diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
index 38b70b5..ecaa5a5 100644
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@@ -9,14 +9,14 @@ jobs:
     runs-on: docker2
     outputs:
       swarm_files: ${{ steps.changes.outputs.swarm_files }}
-      compose_files_matrix: ${{ steps.changes.outputs.compose_files_matrix }}
+      compose_matrix: ${{ steps.changes.outputs.compose_matrix }}
     steps:
       - name: Checkout
         uses: https://data.forgejo.org/actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Detect changed YAML deploy targets (your naming)
+      - name: Detect changed YAML files
         id: changes
         shell: bash
         run: |
@@ -25,48 +25,37 @@ jobs:
           BASE="${{ github.event.before }}"
           HEAD="${{ github.sha }}"
 
-          if [ -z "${BASE}" ] || [ "${BASE}" = "0000000000000000000000000000000000000000" ]; then
+          if [ -z "$BASE" ] || [ "$BASE" = "0000000000000000000000000000000000000000" ]; then
             BASE="$(git rev-parse "${HEAD}~1" || true)"
           fi
-          if [ -z "${BASE}" ]; then
-            echo "No base commit found; deploying nothing."
-            echo "swarm_files=" >> "$GITHUB_OUTPUT"
-            echo 'compose_files_matrix={"include":[]}' >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
 
           CHANGED="$(git diff --name-only "$BASE" "$HEAD" || true)"
           echo "$CHANGED"
 
-          # Swarm: only changed stack YAMLs
+          # --------------------
+          # Swarm stack YAMLs
+          # --------------------
           SWARM_FILES="$(echo "$CHANGED" | grep -E '^services/swarm/stacks/.*\.ya?ml$' || true)"
-          SWARM_FILES_ONE_LINE="$(echo "$SWARM_FILES" | tr '\n' ' ' | xargs || true)"
-          echo "swarm_files=$SWARM_FILES_ONE_LINE" >> "$GITHUB_OUTPUT"
+          echo "swarm_files=$(echo "$SWARM_FILES" | xargs)" >> "$GITHUB_OUTPUT"
 
-          # Compose: any changed YAML under services/compose/<host>/<service>/
-          COMPOSE_FILES="$(
-            echo "$CHANGED" \
-              | grep -E '^services/compose/[^/]+/[^/]+/.*\.ya?ml$' \
-              | sort -u \
-              || true
-          )"
+          # --------------------
+          # Compose YAMLs
+          # services/compose/<host>/<service>/<file>.yml
+          # --------------------
+          COMPOSE_FILES="$(echo "$CHANGED" | grep -E '^services/compose/[^/]+/[^/]+/.*\.ya?ml$' || true)"
 
-          # Build matrix items: {"host":"nas","file":"services/compose/nas/foo/foo.yaml"}
           JSON='{"include":['
           FIRST=1
-          while read -r F; do
-            [ -z "$F" ] && continue
-            HOST="$(echo "$F" | awk -F/ '{print $3}')"
-            if [ $FIRST -eq 1 ]; then
-              FIRST=0
-            else
-              JSON+=","
-            fi
-            JSON+="{\"host\":\"$HOST\",\"file\":\"$F\"}"
+          while read -r FILE; do
+            [ -z "$FILE" ] && continue
+            HOST="$(echo "$FILE" | awk -F/ '{print $3}')"
+            if [ $FIRST -eq 0 ]; then JSON+=','; fi
+            FIRST=0
+            JSON+="{\"host\":\"$HOST\",\"file\":\"$FILE\"}"
           done <<< "$COMPOSE_FILES"
           JSON+=']}'
 
-          echo "compose_files_matrix=$JSON" >> "$GITHUB_OUTPUT"
+          echo "compose_matrix=$JSON" >> "$GITHUB_OUTPUT"
 
   deploy_swarm:
     needs: detect
@@ -76,64 +65,32 @@ jobs:
       - name: Checkout
         uses: https://data.forgejo.org/actions/checkout@v4
 
-      - name: Pre-flight validate swarm stacks
+      - name: Validate swarm stacks
         shell: bash
         run: |
           set -euo pipefail
           for f in ${{ needs.detect.outputs.swarm_files }}; do
-            echo "Validating swarm stack file: $f"
-            docker stack config -c "$f" > /dev/null
+            docker stack config -c "$f" >/dev/null
           done
 
-      - name: Deploy changed swarm stacks
+      - name: Deploy swarm stacks
         shell: bash
         run: |
           set -euo pipefail
           for f in ${{ needs.detect.outputs.swarm_files }}; do
-            echo "Deploying swarm stack file: $f"
-            STACK="$(basename "$f")"
-            STACK="${STACK%.yml}"
-            STACK="${STACK%.yaml}"
+            STACK="$(basename "$f" | sed 's/\.ya\?ml$//')"
             docker stack deploy -c "$f" "$STACK"
           done
 
   deploy_compose:
     needs: detect
-    if: ${{ needs.detect.outputs.compose_files_matrix != '' }}
+    if: ${{ needs.detect.outputs.compose_matrix != '' }}
     strategy:
       fail-fast: false
-      matrix: ${{ fromJSON(needs.detect.outputs.compose_files_matrix) }}
-    runs-on: docker
+      matrix: ${{ fromJSON(needs.detect.outputs.compose_matrix) }}
+    runs-on: ${{ matrix.host }}
     steps:
       - name: Checkout
         uses: https://data.forgejo.org/actions/checkout@v4
 
-      - name: Ensure we are on the right host
-        shell: bash
-        run: |
-          set -euo pipefail
-          WANT="${{ matrix.host }}"
-          HAVE="$(hostname)"
-          echo "Want host: $WANT"
-          echo "Have host: $HAVE"
-          if [ "$WANT" != "$HAVE" ]; then
-            echo "This runner is on $HAVE but job wants $WANT. Failing to avoid deploying on wrong host."
-            exit 1
-          fi
-
-      - name: Pre-flight validate compose file
-        shell: bash
-        run: |
-          set -euo pipefail
-          F="${{ matrix.file }}"
-          echo "Validating compose file: $F"
-          docker compose -f "$F" config -q
-
-      - name: Deploy compose file
-        shell: bash
-        run: |
-          set -euo pipefail
-          F="${{ matrix.file }}"
-          echo "Deploying compose file: $F"
-          docker compose -f "$F" pull
-          docker compose -f "$F" up -d --remove-orphans
+      - name: Validate