[frigate] Remove orphan config.yaml with leaked RTSP passwords

## Context
A Frigate configuration file was added to modules/kubernetes/frigate/ in
bcad200a (2026-04-15, ~2 days ago) as part of a bulk `chore: add untracked
stacks, scripts, and agent configs` commit. The file contains 14 inline
rtsp://admin:<password>@<host>:554/... URLs, leaking two distinct RTSP
passwords for the cameras at 192.168.1.10 (LAN-only) and
valchedrym.ddns.net (confirmed reachable from public internet on port
554). Both remotes are public, so the creds have been exposed for ~2 days.

Grep across the repo confirms nothing references this config.yaml — the
active stacks/frigate/main.tf stack reads its configuration from a
persistent volume claim named `frigate-config-encrypted`, not from this
file. The file is therefore an orphan from the bulk add, with no
production function.

## This change
- git rm modules/kubernetes/frigate/config.yaml

## What is NOT in this change
- Camera password rotation. The user does not own the cameras; rotation
  must be coordinated out-of-band with the camera operators. The DDNS
  camera (valchedrym.ddns.net:554) is internet-reachable, so the leaked
  password is high-priority to rotate from the device side.
- Git-history rewrite. The file plus its leaked strings remain in all
  commits from bcad200a forward. Scheduled to be purged via
  `git filter-repo --path modules/kubernetes/frigate/config.yaml
  --invert-paths --replace-text <list>` in the broader remediation pass.
- Future Frigate config provisioning. If the stack is re-platformed to
  source config from Git rather than the PVC, the replacement should go
  through ExternalSecret + env-var interpolation, not an inline YAML.

## Test plan
### Automated
  $ grep -rn 'frigate/config\.yaml' --include='*.tf' --include='*.hcl' \
       --include='*.yaml' --include='*.yml' --include='*.sh'
  (no output — confirms orphan status)

### Manual Verification
1. `git show HEAD --stat` shows exactly one deletion:
     modules/kubernetes/frigate/config.yaml | 229 ---------------------------------
2. `test ! -e modules/kubernetes/frigate/config.yaml` returns true.
3. `kubectl -n frigate get pvc frigate-config-encrypted` still shows the
   PVC bound (unaffected by this change).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

modules/kubernetes/frigate/config.yaml

@@ -1,229 +0,0 @@
-mqtt:
-  enabled: false
-birdseye:
-  quality: 25
-detect:
-  fps: 1
-  enabled: true
-go2rtc:
-  streams:
-    vermont-1:
-      - rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/101/3
-cameras:
-    # # Temp disabled until valchedrym is back up
-    valchedrym-cam-1:
-        enabled: true
-        ffmpeg:
-            inputs:
-                #- path: rtsp://admin:REDACTED_RTSP_PW@192.168.0.11:554/Streaming/Channels/101 # <----- The stream you want to use for detection
-                - path: rtsp://admin:REDACTED_RTSP_PW@valchedrym.ddns.net:554/Streaming/Channels/101 # <----- The stream you want to use for detection
-        detect:
-            enabled: false # <---- disable detection until you have a working camera feed
-            width: 704 # <---- update for your camera's resolution
-            height: 576 # <---- update for your camera's resolution
-        rtmp:
-          enabled: false
-        record:
-          enabled: false
-        snapshots:
-          enabled: false
-        objects:
-          # Optional: list of objects to track from labelmap.txt (full list - https://docs.frigate.video/configuration/objects)
-          track:
-            - person
-            - bicycle
-            - car
-            - bird
-            - cat
-            - dog
-            - horse
-    valchedrym-cam-2:
-        enabled: true
-        ffmpeg:
-            inputs:
-                #- path: rtsp://admin:REDACTED_RTSP_PW@192.168.0.11:554/Streaming/Channels/201 # <----- The stream you want to use for detection
-                - path: rtsp://admin:REDACTED_RTSP_PW@valchedrym.ddns.net:554/Streaming/Channels/201 # <----- The stream you want to use for detection
-        detect:
-            enabled: false # <---- disable detection until you have a working camera feed
-            width: 704 # <---- update for your camera's resolution
-            height: 576 # <---- update for your camera's resolution
-        rtmp:
-          enabled: false
-        record:
-          enabled: false
-        snapshots:
-          enabled: false
-        objects:
-          # Optional: list of objects to track from labelmap.txt (full list - https://docs.frigate.video/configuration/objects)
-          track:
-            - person
-            - bicycle
-            - car
-            - bird
-            - cat
-            - dog
-            - horse
-    vermont-1:
-      enabled: true
-      ffmpeg:
-        inputs:
-          - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/101/3       # <----- The stream you want to use for detection
-            roles:
-              - record
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-      detect:
-        enabled: false
-    vermont-2:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/201/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-3:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/301/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-4:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/401/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-5:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/501/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-6:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/601/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-7:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/701/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-8:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/801/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    vermont-9:
-      enabled: true
-      ffmpeg:
-          inputs:
-              - path: rtsp://admin:REDACTED_RTSP_PW@192.168.1.10:554/Streaming/Channels/901/1 # <----- The stream you want to use for detection
-      detect:
-          enabled: false # <---- disable detection until you have a working camera feed
-          width: 704 # <---- update for your camera's resolution
-          height: 576 # <---- update for your camera's resolution
-      rtmp:
-        enabled: false
-      record:
-        enabled: false
-      snapshots:
-        enabled: false
-    # london-ipcam:
-    #     enabled: false
-    #     ffmpeg:
-    #         inputs:
-    #             - path: rtsp://192.168.2.2:8554/london_cam # <----- The stream you want to use for detection
-    #               roles:
-    #                 - rtmp
-    #                 - record
-    #                 - detect
-    #     detect:
-    #         enabled: False
-    #         width: 1280
-    #         height: 720
-    #     record:
-    #         enabled: False # Not needed for this camera but keeping for reference
-    #         events:
-    #           retain:
-    #             default: 10
-    #     objects:
-    #       # Optional: list of objects to track from labelmap.txt (full list - https://docs.frigate.video/configuration/objects)
-    #       track:
-    #         - person
-    #         - shoe
-    #         - handbag
-    #         - wine glass
-    #         - knife
-    #         - pizza
-    #         - laptop
-    #         - book