diff --git a/configs/mcp.nix b/configs/mcp.nix
index c4a55ff..e0de34a 100644
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -22,40 +22,9 @@ in
 
   users.groups.mcp = {};
 
-  # MCP Master — multi-node orchestrator (v2).
-  # Runs on the master node only (rift). Coordinates deployments across
-  # agents, manages edge routing, and maintains cluster state.
-  # Uses ExecStartPre to skip startup if the binary is absent (safe on
-  # worker nodes that import this module but don't run the master).
-  systemd.services.mcp-master = {
-    description = "MCP Master";
-    after = [ "network-online.target" "mcp-agent.service" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-
-    unitConfig = {
-      ConditionPathExists = "/srv/mcp-master/mcp-master";
-    };
-
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "/srv/mcp-master/mcp-master server --config /srv/mcp-master/mcp-master.toml";
-      Restart = "on-failure";
-      RestartSec = 5;
-
-      NoNewPrivileges = true;
-      ProtectSystem = "full";
-      ProtectHome = true;
-      PrivateTmp = true;
-      PrivateDevices = true;
-      ProtectKernelTunables = true;
-      ProtectKernelModules = true;
-      RestrictSUIDSGID = true;
-      LockPersonality = true;
-      RestrictRealtime = true;
-      ReadWritePaths = [ "/srv/mcp-master" ];
-    };
-  };
+  # MCP Master runs as an MCP-managed container (not a systemd service).
+  # Deployed via: mcp deploy mcp-master --direct
+  # See ~/.config/mcp/services/mcp-master.toml
 
   systemd.services.mcp-agent = {
     description = "MCP Agent";