# Storage and retention Capacity planning for Blocao Cells. ## Bitrate budget Default policy: dual-stream recording per camera. | Stream | Resolution | Codec | Bitrate | Use | |---|---|---|---|---| | Main | 1080p @ 15fps | H.265 | ~2.0-2.5 Mbps | Event-triggered clips | | Sub | 480p @ 5fps | H.265 | ~280-400 Kbps | Continuous recording | **Per camera, per day**: - Main (event-triggered, ~10% activity): ~2.0 Mbps × 86400s × 10% = ~2.0 GB - Sub (continuous): ~0.3 Mbps × 86400s = ~3.2 GB - Subtotal: ~5.2 GB/cam/day - With 90% efficiency for fragmentation/index: ~5.8 GB/cam/day ## Retention math | Cameras | Days | Total | Recommended disk | |---|---|---|---| | 4 | 30 | ~700 GB | NVMe 500GB hot + HDD 2TB cold | | 8 | 30 | ~1.4 TB | NVMe 500GB hot + HDD 4TB cold | | 8 | 60 | ~2.8 TB | NVMe 1TB hot + HDD 4TB cold | | 8 | 90 | ~4.2 TB | NVMe 1TB hot + HDD 6TB cold | | 16 | 30 | ~2.8 TB | NVMe 1TB hot + HDD 6TB cold | | 16 | 90 | ~8.4 TB | NVMe 2TB hot + HDD 12TB cold | Numbers include 10% buffer for fragmentation and indexing. ## Hot/cold tiering Frigate writes to the hot tier (NVMe). A nightly job moves files older than 7 days to the cold tier (HDD). The hot tier is the working set: recent events, today's queries. The cold tier holds the rest of retention. HDDs preferred for cold: - **WD Purple** (surveillance-rated): 4TB, 6TB, 8TB sweet spot. - **Seagate SkyHawk** (also surveillance-rated): equivalent. - Avoid consumer drives (e.g. WD Blue): they're not rated for 24/7 write workloads. NVMe options: - **Samsung 990 Pro** or **Crucial T700**: high endurance, MLC. - 500GB minimum; 1TB recommended for sites with >8 cameras. ## Buffer policy Soft and hard limits on disk usage: | % used | Status | Action | |---|---|---| | < 75% | Healthy | Normal operation | | 75-85% | Soft limit | Alert in HEALTH panel; oldest events flagged for removal | | 85-95% | Hard limit | Aggressive pruning of low-importance events; warning in SYNOPSIS | | > 95% | Critical | Stop writing new clips, only keep in-memory; alert at hub level | The **evidence locker** is a separate partition with its own quota. Pinned-to-case clips move there and are not subject to retention rotation. Default evidence locker: 100GB on NVMe. ## Encryption LUKS on both NVMe and HDD partitions. Key management: - **Default**: key file on the Cell, protected by hardware secure element when available (RK3588 has a Cryptographic Engine — not currently used; planned for hardening). - **Customer BYOK**: customer-supplied key, sealed by Tang+Clevis or HashiCorp Vault. The encryption is **at rest only**. Frigate works on plaintext within RAM and over LAN inside VLAN-20. ## Backup considerations Per-site backup is **not** the default — most customers don't want extra disks at every site. Options: 1. **No backup**: accept the 30-day window as the SLA. If the Cell dies, data lost. 2. **Hub mirror**: events and embeddings replicate to hub; raw video doesn't. Customer can reconstruct history via embeddings + bring back from a pinned-case archive. 3. **Customer-side rsync**: nightly cron pushes evidence locker only to customer's NAS. For Argentina banking deployments (BCRA 90-day retention), option 2 is the typical answer. The hub holds enough metadata to prove "events occurred at time X" even if the raw clip is lost. ## See also - [`data-sovereignty.md`](data-sovereignty.md) — encryption and what leaves the site. - [`../06-legal/retention-argentina.md`](../06-legal/retention-argentina.md) — regulatory baselines.