Cleanup diun references from ntfy, diun was never actually committed

2-nomad-config/ntfy.nomad.hcl

@@ -46,14 +46,8 @@ job "ntfy" {
     # Bcrypt hashes are not secrets and are hardcoded below (same as /etc/shadow — safe to commit).
     # Generate with: docker run --rm -it binwiederhier/ntfy user hash
     #            or: echo "mypassword" | docker run --rm -i binwiederhier/ntfy user hash
-    # For the diun account the plaintext is irrelevant (token-only auth); use a random password:
-    #            openssl rand -base64 32 | docker run --rm -i binwiederhier/ntfy user hash
-    #
     # Required SOPS keys:
     #   ntfy.database_pw  — postgres password for the ntfy role
-    #   diun.ntfy_token   — access token for Diun (actual secret — grants write access)
-    #                       Must start with "tk_" and be exactly 32 chars total.
-    #                       Generate: tok=$(openssl rand -hex 15); echo "tk_${tok:0:29}"
     task "ntfy" {
       driver = "docker"
 
@@ -80,11 +74,6 @@ behind-proxy: true
 enable-login: true
 auth-users:
   - "admin:$2a$10$rLp4qagJnsA8Es5hQlISH.WrlzwMrXE2MBaEgz7zdd2lkAVu30lMy:admin"
-  - "diun:$2y$10$4wi1VG.Vp5p3Q2OEIXaTSOmwZm.G9dpNca9BqQRMdGGnk2yQqK3Gq:user"
-auth-tokens:
-  - "diun:{{with nomadVar "nomad/jobs/ntfy"}}{{.diun_token}}{{end}}:Diun"
-auth-access:
-  - "diun:diun:write-only"
 EOF
         destination = "local/server.yml"
       }

2-nomad-config/ntfy.tf

@@ -6,7 +6,6 @@ resource "nomad_variable" "ntfy" {
   path = "nomad/jobs/ntfy"
   items = {
     database_pw = data.sops_file.secrets.data["ntfy.database_pw"]
-    diun_token  = data.sops_file.secrets.data["diun.ntfy_token"]
   }
 }