--- /dev/null
+---
+title: "How a spicy pillow got me into Seedvault and Tailscale"
+date: 2025-09-25T22:30:00+03:00
+description: "After my daily driver, Google Pixel 7a, kicked the bucket due to a battery swelling issue, I needed to set up my old phone again back from its grave - this lead me down the path of using Seedvault and getting toes dipped into world of Tailscale."
+tags: ['backup', 'hardware', 'phone', 'linux', 'review', 'tailscale', 'opensource']
+type: blog
+draft: false
+---
+
+This is a long read, you've been warned :)
+
+# Prelude
+I woke up last week wednesday morning like any other workday morning, I glanced at my phone (Google Pixel 7a) and noticed the case was
+sticking out a bit - I tried to push it back in, but it would pop out again. I didn't think too much of it just yet, maybe a bad fit,
+so I took the case off.
+
+When I took the case off, I was greeted with [a rather beautiful sight](/img/pixel7a-rip.jpg) - the back side of my phone was bulging and the back panel had
+been deglued. This wasn't an ordinary morning.. and I had in all practicality a "loaded bomb" on my hands - the battery was charged to the
+brim night before and now it's extremely dangerous.
+
+## Return of the old phone
+I had initially switched over to the Pixel since my previous phone seemingly had garbage battery life - everything I read seemed to suggest
+that it's the fault of the highly inefficient 5G modem. This morning I didn't really have much of a choice but to charge it up before work
+and move absolute bare essentials over without being overly too late.
+
+My daily driver ran CalyxOS without Google Services and it just so happens that the Calyx Institute is responsible for an Android backup/restore
+solution called [Seedvault](https://github.com/seedvault-app/seedvault) - I had enough time to create a local backup and transfer the
+.SeedVaultAndroidBackup folder over with Syncthing to my laptop, power off the phone, place it in a relatively safe place without flammable
+materials nearby and went to work.
+
+During the day I was dreading having to set up everything again and I expressed skepticism on how much would Seedvault actually do - after all
+I've been conditioned to think any Android backup/restore solution is either good if its device specific (e.g. NAND backup) or horrible if you
+had to switch devices.
+
+## The trial of Seedvault
+When I got home from work, I had two goals in mind - I gotta check out Seedvault and I gotta update this thing from Android 13 to whatever latest
+is available for this phone, so I updated the phone to LineageOS 22.2 (Android 15) - OTA updates don't work for major updates on this phone because
+of some chinesium phone jank, I had to risk doing a dirty flash. The dirty flash didn't go to plan and I had to start over with no data.
+
+I was prompted to restore from Seedvault during LineageOS Initial Launch Setup Wizard (or whatever that thingimajig is called!), but the options were
+not really ideal - I don't have access to any WebDAV server with my Seedvault backup on it, I obviously don't have it on the internal storage of this
+device either, so I had to skip it.
+
+After setup, I plugged my phone to my laptop, allowed MTP transfer and copied over the .SeedVaultAndroidBackup folder and started the hunt for finding
+Seedvault again. On CalyxOS, it was super straightforward, always on your app drawer, but on Lineage I had to go on an adventure - I'll spare you the
+excruciating detail, you can find it under Settings -> System -> Backup.
+
+I started the restoration process, saw apps being reinstalled, but without data, so I wasn't exactly amused yet, but then the magic happened. Once the
+apps were reinstalled, Seedvault restored all of the app data into them, I was shocked to find that I was still logged into every app - I still had my
+notes and that my home screen looked like I hadn't even switched phones. It worked remarkably.. perfectly.
+
+Of course there were some drawbacks - Seedvault outright refuses to backup some apps that have data too large - I haven't discovered what the threshold
+is just yet, but I lost everything I had on Termux and Fennec. A few apps were also in a broken state with restored data and I had to reinstall them.
+Many apps dependant on SAF (Storage Access Framework) permissions also broke and needed to be fixed by hand.. but it ultimately changed a week long
+(if not longer fine tuning) process into an half hour ordeal. I was beyond impressed.
+
+## Lets go all in - Automated Backups
+Having experienced Seedvault now first hand and seeing how great it is, I decided I want to have automatic external backups.. but how?
+Seedvault gives you 4 options for where to store its backups - WebDAV Cloud (beta), on the phone itself, a connected USB flash drive and a specific
+WebDAV app. I ruled out on-device backup already, carrying around an always attached USB flash drive to phone isn't practical and I don't want to
+use yet another app, so let's explore WebDAV Cloud (beta) option.
+
+There are many choices for WebDAV functionality, most promiment is probably NextCloud, but I didn't feel like setting up a whole NextCloud instance
+just for this.. or even exposing it to the public. I asked a friend and colleague who does homelabbing in his spare time for his opinion and he was
+playing around with [copyparty](https://github.com/9001/copyparty) himself and has been an avid advocate of [Tailscale](https://tailscale.com/) for
+as long as he's been homelabbing.
+
+I decided to go with his reccomendation.
+
+## Entering the Tailnet
+I don't like the idea of having to use Tailscale's commercial control server - I would rather have this be served by something I administer.
+Tailscale is just a fancy toolkit and automation framework for Wireguard, it's nothing exotic in that regard. Fortunately, others agree as well
+and there's open source control servers available - I went with [Headscale](https://headscale.net) myself. I spent a little bit of my evening setting
+it up and connected my PC that also partially serves a NAS role, my laptop and my phone. I now had a mesh of my devices I could access anywhere.
+
+Once my tailnet was set up, I created an A record in Headscale that points to my PC with a vanity service name - I figured since it's related to
+sacred data of backups and how devastating it would be if I had to set up a device without Seedvault going forward, I'd name it after the Library of
+Alexandria. I only needed to set up copyparty now...
+
+## Trouble in Paradise
+When I was pitched about Tailscale, I was told that it will automagically work with Caddy to create SSL/TLS certificates for you. I decided to try it
+out, but to my surprise, it didn't work.
+
+Okay, no problem, I'll try a DNS-01 challenge with my registrar, Namecheap... until I actually visited the
+customer portal and attempted to request an API key. They want me to have 20+ domains or $50 chilling topped up on my balance - that's broad daylight
+robbery for an essential service almost everyone else gives away for FREE. This soured my view on Namecheap as a whole and I'm probably looking into
+changing registrars in near future.
+
+Registrar shenanigans aside - I moved my nameservers to Hetzner DNS which also had a Caddy DNS-01 challenge module... which also refused to work.
+I reckon it was related to [caddy-dns/hetzner#2](https://github.com/caddy-dns/hetzner/issues/2) or [caddy-dns/hetzner#11](https://github.com/caddy-dns/hetzner/issues/11),
+but at this point I realized Caddy modules were probably a no-go here. I have to embrace the jank instead.
+
+[acme.sh](https://github.com/acmesh-official/acme.sh) enters the picture - this actually worked and was able to issue me an SSL certificate.
+I ended up making a daily cron that calls a script for all the services I run through Caddy that need a SSL certificate, it's not gonna win any
+rewards for excellence, but it works - if you find yourself in a similar predicament, I got out of it with such a script:
+```
+#!/bin/bash
+HETZNER_Token="PUT_TOKEN_HERE"
+DOMAIN=$1
+acme.sh --issue --dns dns_hetzner -d "$DOMAIN" --server letsencrypt --cert-file "/etc/ssl/caddy/$DOMAIN.pem" --key-file "/etc/ssl/caddy/$DOMAIN.key" --fullchain-file /etc/ssl/caddy/$DOMAIN.full.pem --reloadcmd "/scripts/hooks/fix-perms-and-reload-caddy.sh"
+```
+With the following helper script (fix-perms-and-reload-caddy.sh)
+```
+#!/bin/sh
+chown caddy:caddy /etc/ssl/caddy/*
+systemctl reload caddy
+```
+Then stitch your Caddyfile host together with `tls /etc/ssl/caddy/domain.com.pem /etc/ssl/caddy/domain.com.key` and you should be good to go.
+
+## Are you invited to the copyparty?
+Now that I had Caddy issues out of the way, I could actually get the party going. I installed copyparty via the package manager and pointed
+an url in config to a folder on my soft-raid 4TB data pool - chose a service username and randomly generated password and fired it up for the
+first time.
+
+I feel like I don't have to lecture anyone on how to create a reverse proxy with Caddy, but if you need a refresher, you can read my blog post
+where [I moved from nginx to Caddy](/moving-from-nginx-to-caddy).
+
+I had everything set up and the copyparty was on its way. I opened up Seedvault on my phone, chose WebDAV Cloud, entered the vanity URL I had
+made in my tailnet for this service alongside the directory, supplied with the credentials I had generated and ran a backup.
+
+It worked first try.
+
+## Endless possibilities
+Now that I had a fresh tailnet set up, I decided to also backup photos to better utilize that 4TB of goodness I have laying around mostly unused.
+I've heard of [Immich](https://immich.app/) a lot from the same friend that recommended me copyparty and Tailscale, so I decided to also give
+that a go. I won't go into detail on this one, but that ended up being deployed successfully as well.
+
+I wouldn't have considered ever hosting it before as I don't like the idea of such service being exposed on the public web... and that reminded
+me of another service I was running - Syncthing Discovery Server - I decided to move that behind my tailnet as well.
+
+This can go on for a lot of services that you wouldn't necessarily want to expose to public, but you would love to access it anywhere you are
+currently at.
+
+## Closing thoughts
+While it sucks that I lost my daily driver after only about 1 and a half years of ownership, I think I came out of this situation with far more
+experience and knowledge than I otherwise would have. Luckily I am in the EU, so I have plenty of consumer rights to go about - since Google has
+[officially acknowledged the issue](https://support.google.com/pixelphone/answer/16043453?hl=en), I decided to send in a case to claim the appeasement
+offer laid out for under warranty phones.
+
+I am glad to see that in midst of all the recent years enshittification in technology, there is a sliver of hope and technology that doesn't suck.
+I came out of this experience not weeping, but smiling. If you feel like any of this really spoke to you, play around with these technologies, it really
+feels like magic sometimes.
+
+Thank you for reading and may the next post not take another year,
+- Cernodile
projects / web-hugo.git / commitdiff
