diff --git a/argocd/manifests/databases-ringtail/immich-pg.yaml b/argocd/manifests/databases-ringtail/immich-pg.yaml
index cccf5bf..982bc43 100644
--- a/argocd/manifests/databases-ringtail/immich-pg.yaml
+++ b/argocd/manifests/databases-ringtail/immich-pg.yaml
@@ -1,13 +1,12 @@
 # PostgreSQL Cluster for Immich on ringtail k3s.
 #
-# Initial bring-up is via CNPG pg_basebackup against the minikube
-# immich-pg cluster (reachable on the tailnet at
-# immich-pg.tail8d86e.ts.net). Once the basebackup completes and
-# the replica catches up, set replica.enabled=false to promote.
-#
-# After promotion, the externalClusters and bootstrap blocks can be
-# left in place (CNPG ignores them once initialized) or pruned in a
-# follow-up commit. See [[immich-pg-data-migration]] for procedure.
+# Initially bootstrapped via CNPG pg_basebackup from the minikube
+# immich-pg cluster on 2026-05-13, then promoted to primary. The
+# externalClusters + bootstrap.pg_basebackup blocks have been pruned
+# from this manifest now that the migration is complete — leaving
+# them around is a footgun (re-enabling replica.enabled=true would
+# try to demote this cluster against a stale source). See
+# [[immich-pg-data-migration]] for the procedure used.
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
@@ -21,38 +20,7 @@ spec:
     size: 10Gi
     storageClass: local-path
 
-  # Promoted away from the minikube source on 2026-05-13.
-  # The externalClusters + bootstrap.pg_basebackup blocks below are
-  # ignored by CNPG once the cluster is initialized; left in place
-  # so the manifest documents how this cluster came to exist. Remove
-  # in a follow-up once the minikube source is decommissioned.
-  replica:
-    enabled: false
-    source: source-immich-pg
-
-  # Bootstrap from the source via pg_basebackup.
-  bootstrap:
-    pg_basebackup:
-      source: source-immich-pg
-
-  externalClusters:
-    - name: source-immich-pg
-      connectionParameters:
-        host: immich-pg.tail8d86e.ts.net
-        user: streaming_replica
-        sslmode: verify-ca
-        dbname: postgres
-      sslCert:
-        name: source-immich-pg-replication
-        key: tls.crt
-      sslKey:
-        name: source-immich-pg-replication
-        key: tls.key
-      sslRootCert:
-        name: source-immich-pg-ca
-        key: ca.crt
-
-  # Managed roles (applied after promotion)
+  # Managed roles
   managed:
     roles:
       - name: borgmatic