Regenerate deployment architecture diagram via beautiful-mermaid

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/deployment.md

@@ -8,15 +8,34 @@ Self-hosted on a single Linux box (Proxmox LXC / VM / bare metal). Four layers,
 4. **External reverse proxy** (off-box, e.g. at the network edge) — does TLS termination for the public hostname; forwards to LAN IP:8080
 
 ```
-                ┌─ Internet  ──→ TLS proxy ──┐
-                │                            │
-    Tor peer ───┼─ onion   ──→ tor daemon ──┤
-                │                            ├──→ Caddy:8080 ──→ Node:3000
-Yggdrasil peer ─┼─ ygg     ──→ ygg IPv6   ──┤
-                │                            │
- NetBird peer ──┼─ WG      ──→ netbird IP  ──┘
+┌────────────────┐     ┌─────────────────────┐     ┌──────────────────────┐     ┌────────────────┐
+│                │     │                     │     │                      │     │                │
+│ Internet user  ├────►│  External TLS proxy ├────►│ Internal Caddy :8080 ├────►│ Node app :3000 │
+│                │     │                     │     │                      │     │                │
+└────────────────┘     └─────────────────────┘     └──────────────────────┘     └────────────────┘
+                                                               ▲
+                                                               │
+┌────────────────┐     ┌─────────────────────┐                 │
+│                │     │                     │                 │
+│    Tor peer    ├────►│ tor daemon (.onion) ├─────────────────┤
+│                │     │                     │                 │
+└────────────────┘     └─────────────────────┘                 │
+                                                               │
+┌────────────────┐     ┌─────────────────────┐                 │
+│                │     │                     │                 │
+│ Yggdrasil peer ├────►│    Yggdrasil IPv6   ├─────────────────┤
+│                │     │                     │                 │
+└────────────────┘     └─────────────────────┘                 │
+                                                               │
+┌────────────────┐     ┌─────────────────────┐                 │
+│                │     │                     │                 │
+│  NetBird peer  ├────►│      NetBird IP     ├─────────────────┘
+│                │     │                     │
+└────────────────┘     └─────────────────────┘
 ```
 
+_Diagram rendered from a Mermaid source via [beautiful-mermaid](https://github.com/lukilabs/beautiful-mermaid)._
+
 All non-TLS: the external proxy terminates TLS, Tor encrypts its own path, Yggdrasil/NetBird are encrypted overlays. Caddy and the node app speak plain HTTP.
 
 ---