claudetools/wiki/clients/pavon.md

---
type: client
name: pavon
display_name: Pavon
last_compiled: 2026-05-24
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
  - clients/pavon/session-logs/2026-04-12-session.md
  - clients/pavon/session-logs/2026-04-29-session.md
  - clients/pavon/PROJECT_STATE.md
  - clients/pavon/infrastructure-analysis.md
  - clients/pavon/final-setup-summary.md
  - clients/pavon/owncloud-archive-scan-completion.md
backlinks:
  - wiki/systems/jupiter.md
  - wiki/systems/uranus.md
---

# Pavon

## Profile

- **Contract type:** Former / archived client (break-fix / project). [WARNING: Confirm whether any active relationship remains — last recorded work 2026-04-29, but context implies this is archive-only infrastructure management, not an ongoing MSP contract.]
- **Key contacts:** [unverified — no contact name or email documented in session logs]
- **Billing rate:** [unverified — not recorded]
- **Syncro customer ID:** [unverified — not recorded]
- **GuruRMM enrollment:** None recorded

## Business Overview

Pavon is a client with video surveillance infrastructure across at least two properties: "Raiders" and "Curves." They operate GeoVision NVR (network video recorder) systems at each site. ACG's relationship with Pavon appears to be infrastructure management of the video archive rather than a full MSP engagement. Work has consisted of archive lifecycle management and OwnCloud integration.

OwnCloud is the **source of truth** for all footage, not a backup. NVR units at the client sites use the OwnCloud Desktop sync client (virtual file placeholders) to upload footage and save local NVR disk. NVRs have no direct SMB access to ACG infrastructure — they reach OwnCloud only via WebDAV. Pavon users do not use OwnCloud directly; footage retrieval goes through the NVR interface.

**Retention policy:** 3 years. Footage older than 3 years may be deleted.

## Infrastructure

### Servers & Services

| Host | IP | Role | OS | Notes |
|---|---|---|---|---|
| Pavon Unraid | 172.16.1.33 | Archive/backup server (client-side) | Unraid 6.x | 121TB total, 37TB used as of 2026-04-12 after cleanup |
| OwnCloud VM | 172.16.3.22 | OwnCloud 10.x + MariaDB 10.5.29 | Rocky Linux 9.6/9.7 | Hosted on Jupiter (KVM guest); `cloud.acghosting.com` |
| Jupiter (Unraid Primary) | 172.16.3.20 | Hypervisor for OwnCloud VM; NFS host for OwnCloud data dir | Unraid (Slackware-based) | Primary ACG infrastructure server |
| Uranus (Unraid Secondary) | 172.16.3.21 | SMB share host for `/Archive` external storage | Unraid | Hosts `Storage` share (35TB camera archive) |

**Note on Uranus vs. Pavon Unraid:** The 2026-04-12 session documented the archive as being on the Pavon Unraid server (172.16.1.33). The 2026-04-29 session shows the OwnCloud external storage mount (Storage 6, `/Archive`) pointing to **Uranus (172.16.3.21)** as the SMB host. [WARNING: Reconcile whether the 35TB archive was migrated from 172.16.1.33 to 172.16.3.21 between these sessions, or whether the April 12 session had a misidentified host. The April 29 session's reference to Uranus appears authoritative — it was discovered as already-configured state, not a change made during that session.]

### Storage Layout

**OwnCloud VM data directory:** `/owncloud` (NFS-mounted from Jupiter: `172.16.3.20:/mnt/user/OwnCloud`)

- **Filesystem state (as of 2026-04-29):** 932 GB total, 677 GB used, 248 GB free — **74% full** [WARNING: approaching capacity]
- **OwnCloud data root:** `/owncloud` on VM
- **Pavon user home files** (`storage numeric_id 78, home::pavon`):
  - `/owncloud/pavon/files/Curves/` — 188,920 files (Curves property NVR footage, 2025–2026)
  - `/owncloud/pavon/files/Raiders/` — 48,978 files (Raiders property NVR footage, 2025–2026)
  - Total: ~237K files
- **Version junk (to clean):** 30 GB in `/owncloud/pavon/files_versions/` (1,326 version files) — `occ versions:cleanup pavon` will reclaim immediately [deferred]
- **External storage (Storage 6, `/Archive`):** SMB Personal to Uranus (172.16.3.21), share `Storage`, SMB user `owncloud`. ~35TB camera archive (May–Oct 2023). `filesystem_check_changes` already set to 0.

**Pavon Unraid server (172.16.1.33) — state as of 2026-04-12:**

- Total: 121TB; Used: 37TB (31%); Free: 84TB (69%) — after 25TB cleanup
- Archive share path: `/mnt/user/Storage/`
- Camera folders: cam02, cam04, cam06, cam07, cam08, cam10, cam11, cam12, cam13, cam14, cam16

### Camera Systems

**Historical archive (May–Oct 2023, ~35TB on Uranus/Storage):**
- Old Raiders configuration, cameras cam02–cam16, `.avi` (lowercase) extension

**Current (2025–2026, in OwnCloud local storage):**
- Raiders: Cam01–07 + Cam17–23 (in `/Cameras` and `/Cameras2` subfolders), `.Avi` extension, 442GB
- Curves: Cam17–43 + Aud25 (in `/Data-F`), `.Avi` extension, 4.5TB

**File age distribution for pavon (as of 2026-04-29):**

- 2024: 1 file (oldest from 2024-12-21)
- 2025: 162,898 files
- 2026: 74,719 files
- Older than 365 days: 256 files

### Email & Identity

- No M365 or email infrastructure documented for this client.

### Network

- Pavon Unraid (172.16.1.33) is on a different subnet (172.16.1.x) from ACG infrastructure (172.16.3.x). Both on the same 172.16.0.0/16 LAN, all 1Gbps.
- NVR units at Curves and Raiders reach OwnCloud via WebDAV over the internet or LAN [unverified — network path not fully documented].

### OwnCloud VM Details

- **OS:** Rocky Linux 9.6 (noted as 9.7 in one document — 9.6 per April 29 session which is more recent)
- **OwnCloud path:** `/var/www/owncloud/`
- **occ command:** `sudo -u apache php /var/www/owncloud/occ ...`
- **Apache config:** `/etc/httpd/conf.d/owncloud.conf`
- **MariaDB:** 10.5.29, local socket auth as root
- **Web user:** `apache`
- **Cron:** Apache crontab at `/var/spool/cron/apache` — hardened with `flock -n /tmp/oc-cron.lock` on 2026-04-29 to prevent stacking spiral
- **OwnCloud users:** 10 total (Martell, anaise, bst, jburger, mara, minrec, pavon, rohrbach, sysadmin, themarcgroup)
- **URL:** http://cloud.acghosting.com or http://172.16.3.22

## Access

- **Pavon Unraid SSH:** `ssh root@172.16.1.33`
- **Pavon Unraid WebGUI:** http://172.16.1.33
- **OwnCloud VM SSH:** `ssh root@172.16.3.22` (ed25519 key; host key fingerprint: `SHA256:Yy4oFv5HudmKjNJ4IZgHcuSSmeBvUg+ZJta6iLasdqU`)
- **OwnCloud WebGUI:** http://cloud.acghosting.com
- **OwnCloud pavon user:** pavon / Password44$ [WARNING: plaintext in session log — vault this]
- **Jupiter Unraid WebGUI:** http://172.16.3.20 (VM management via VMs → OwnCloud → VNC)
- **Vault path (infrastructure):**
  - `infrastructure/jupiter-unraid-primary.sops.yaml` — Jupiter root credentials
  - `infrastructure/owncloud-vm.sops.yaml` — OwnCloud VM root credentials

**[WARNING] Credential drift:** SOPS has `r3tr0gradE99!!` for OwnCloud VM root (confirmed working as of 2026-04-29). 1Password has stale value `Paper123!@#-unifi!` (does NOT work). Reconcile 1Password item `h6usgzxxn26kvckxz5dhssxdai` before next session.

**Pavon Unraid root password:** `r3tr0gradE99!` (from session log — vault status unverified).

## Patterns & Known Issues

- **OwnCloud cron stacking spiral:** Without the `flock -n` wrapper, each 15-minute cron tick fires a new `occ system:cron` process regardless of whether the prior one finished. Combined with an inefficient MariaDB query against `oc_filecache` (full table scan of 257K rows in storage 78 due to missing `(storage, name)` index + collation mismatch + mid-string LIKE wildcard), this caused 75–126 stale cron processes and load average of 80 on 2026-04-29. **Fix applied:** `/var/spool/cron/apache` now uses `flock -n /tmp/oc-cron.lock`. Backup: `/root/apache-crontab.backup-20260428-pre-flock`. Do not remove the flock wrapper.
- **Do not kill the OwnCloud VM:** NVRs at Curves and Raiders depend on it being reachable to upload footage and to rehydrate virtual file placeholders. Taking the VM offline breaks active recording workflows.
- **files_versions cannot be group-restricted in OwnCloud Community:** `app:enable --groups` is rejected. Per-user versioning disable is not possible. Only workaround: `occ versions:cleanup pavon` to purge accumulated versions (30 GB waiting). A dangling group `versioning_users` was created during the failed attempt — harmless, can be deleted with `occ group:delete versioning_users`.
- **OwnCloud file cache corruption:** Can occur when multiple `occ files:scan` processes run concurrently (database lock contention). Fix: kill all scan processes, restart httpd and php-fpm, run a fresh scan. Files are physically intact; only the cache index is lost.
- **GeoVision NVR has no age-based file routing:** Cannot configure NVRs to move old files to a different folder. Migration to `/Archive` must be done from the OwnCloud VM or Uranus side.
- **OwnCloud data dir at 74% capacity:** `/owncloud` (NFS from Jupiter) was 677/932 GB used as of 2026-04-29. The 30 GB version cleanup and a migration cron for files older than 90 days (to `/Archive` on Uranus) were both deferred. This needs attention before capacity becomes critical.
- **Nextcloud migration:** OwnCloud Community is no longer actively developed. Migration to Nextcloud was discussed in April 2026 — fresh install preferred. No urgency as of last session, but worth planning in the 3–6 month window.

## Active Work / Deferred Tasks

All items below were deferred per client request after the 2026-04-29 stabilization. System is stable (cron flock in place). None are emergencies.

| # | Task | Notes |
|---|---|---|
| 1 | Clean 30 GB of pavon version files | `occ versions:cleanup pavon` + `occ trashbin:cleanup pavon` — instant reclaim |
| 2 | Set up daily versions cleanup cron | `0 3 * * *` → `occ versions:cleanup pavon && occ trashbin:cleanup pavon` |
| 3 | Build monthly migration cron (internal → /Archive) | Files older than 90 days; open question: OwnCloud API vs host-level CIFS move (CIFS may break file-ID invariant for SMB Personal backend) |
| 4 | Build 3-year retention pruning cron on /Archive | `find /Archive -type f -mtime +1095 -delete` then `occ files:scan pavon/Archive` |
| 5 | Reconcile 1Password OwnCloud VM password | SOPS is correct (`r3tr0gradE99!!`); update 1Password item `h6usgzxxn26kvckxz5dhssxdai` |
| 6 | Delete dangling `versioning_users` group | `occ group:delete versioning_users` — harmless if left |
| 7 | Vault pavon OwnCloud user password | Password44$ is plaintext in session log |
| 8 | Nextcloud migration planning | 3–6 month horizon; fresh install, Rocky Linux 9.x, same SMB external storage config |

## History Highlights

- **2026-04-12** — Major archive cleanup: 184,124 files (25TB, Dec 2022–Mar 2023) deleted from Pavon Unraid (172.16.1.33). 84TB freed (69% capacity). Remaining 35TB (May–Oct 2023) mounted as external storage in OwnCloud via SMB. File cache corruption resolved during setup via full rescan (142,867 files re-indexed). All 11 camera folders in `/Archive` verified accessible.
- **2026-04-29** — OwnCloud VM cron stacking spiral diagnosed on Jupiter (load avg 80, 75–126 stale cron processes). Root cause: missing flock wrapper + inefficient MariaDB filecache query pattern for camera filenames. Killed stale processes, load dropped from 80 to 5. Wrapped apache crontab with `flock -n`. Architecture clarified: OwnCloud is source of truth; NVRs use WebDAV virtual file sync; Pavon never touches OwnCloud directly. Credential drift between SOPS and 1Password discovered. External storage `/Archive` confirmed pointing to Uranus (172.16.3.21). All follow-up work deferred per user request.

## Backlinks

- `wiki/systems/jupiter.md` — OwnCloud VM hosted on Jupiter; OwnCloud data dir NFS from Jupiter
- `wiki/systems/uranus.md` — `/Archive` SMB share host