From: Joann Mõndresku Date: Thu, 25 Sep 2025 19:39:14 +0000 (+0300) Subject: The tale of Spicy Pillow, Vault of Seeds and a Scale of Tails X-Git-Url: https://git.based.quest/?a=commitdiff_plain;h=087dc3fe66d26efd9fa57033dad9e3e99a1c6937;p=web-hugo.git The tale of Spicy Pillow, Vault of Seeds and a Scale of Tails --- diff --git a/content/posts/how-a-spicy-pillow-got-me-into-seedvault-and-tailscale.md b/content/posts/how-a-spicy-pillow-got-me-into-seedvault-and-tailscale.md new file mode 100644 index 0000000..dab7f89 --- /dev/null +++ b/content/posts/how-a-spicy-pillow-got-me-into-seedvault-and-tailscale.md @@ -0,0 +1,145 @@ +--- +title: "How a spicy pillow got me into Seedvault and Tailscale" +date: 2025-09-25T22:30:00+03:00 +description: "After my daily driver, Google Pixel 7a, kicked the bucket due to a battery swelling issue, I needed to set up my old phone again back from its grave - this lead me down the path of using Seedvault and getting toes dipped into world of Tailscale." +tags: ['backup', 'hardware', 'phone', 'linux', 'review', 'tailscale', 'opensource'] +type: blog +draft: false +--- + +This is a long read, you've been warned :) + +# Prelude +I woke up last week wednesday morning like any other workday morning, I glanced at my phone (Google Pixel 7a) and noticed the case was +sticking out a bit - I tried to push it back in, but it would pop out again. I didn't think too much of it just yet, maybe a bad fit, +so I took the case off. + +When I took the case off, I was greeted with [a rather beautiful sight](/img/pixel7a-rip.jpg) - the back side of my phone was bulging and the back panel had +been deglued. This wasn't an ordinary morning.. and I had in all practicality a "loaded bomb" on my hands - the battery was charged to the +brim night before and now it's extremely dangerous. + +## Return of the old phone +I had initially switched over to the Pixel since my previous phone seemingly had garbage battery life - everything I read seemed to suggest +that it's the fault of the highly inefficient 5G modem. This morning I didn't really have much of a choice but to charge it up before work +and move absolute bare essentials over without being overly too late. + +My daily driver ran CalyxOS without Google Services and it just so happens that the Calyx Institute is responsible for an Android backup/restore +solution called [Seedvault](https://github.com/seedvault-app/seedvault) - I had enough time to create a local backup and transfer the +.SeedVaultAndroidBackup folder over with Syncthing to my laptop, power off the phone, place it in a relatively safe place without flammable +materials nearby and went to work. + +During the day I was dreading having to set up everything again and I expressed skepticism on how much would Seedvault actually do - after all +I've been conditioned to think any Android backup/restore solution is either good if its device specific (e.g. NAND backup) or horrible if you +had to switch devices. + +## The trial of Seedvault +When I got home from work, I had two goals in mind - I gotta check out Seedvault and I gotta update this thing from Android 13 to whatever latest +is available for this phone, so I updated the phone to LineageOS 22.2 (Android 15) - OTA updates don't work for major updates on this phone because +of some chinesium phone jank, I had to risk doing a dirty flash. The dirty flash didn't go to plan and I had to start over with no data. + +I was prompted to restore from Seedvault during LineageOS Initial Launch Setup Wizard (or whatever that thingimajig is called!), but the options were +not really ideal - I don't have access to any WebDAV server with my Seedvault backup on it, I obviously don't have it on the internal storage of this +device either, so I had to skip it. + +After setup, I plugged my phone to my laptop, allowed MTP transfer and copied over the .SeedVaultAndroidBackup folder and started the hunt for finding +Seedvault again. On CalyxOS, it was super straightforward, always on your app drawer, but on Lineage I had to go on an adventure - I'll spare you the +excruciating detail, you can find it under Settings -> System -> Backup. + +I started the restoration process, saw apps being reinstalled, but without data, so I wasn't exactly amused yet, but then the magic happened. Once the +apps were reinstalled, Seedvault restored all of the app data into them, I was shocked to find that I was still logged into every app - I still had my +notes and that my home screen looked like I hadn't even switched phones. It worked remarkably.. perfectly. + +Of course there were some drawbacks - Seedvault outright refuses to backup some apps that have data too large - I haven't discovered what the threshold +is just yet, but I lost everything I had on Termux and Fennec. A few apps were also in a broken state with restored data and I had to reinstall them. +Many apps dependant on SAF (Storage Access Framework) permissions also broke and needed to be fixed by hand.. but it ultimately changed a week long +(if not longer fine tuning) process into an half hour ordeal. I was beyond impressed. + +## Lets go all in - Automated Backups +Having experienced Seedvault now first hand and seeing how great it is, I decided I want to have automatic external backups.. but how? +Seedvault gives you 4 options for where to store its backups - WebDAV Cloud (beta), on the phone itself, a connected USB flash drive and a specific +WebDAV app. I ruled out on-device backup already, carrying around an always attached USB flash drive to phone isn't practical and I don't want to +use yet another app, so let's explore WebDAV Cloud (beta) option. + +There are many choices for WebDAV functionality, most promiment is probably NextCloud, but I didn't feel like setting up a whole NextCloud instance +just for this.. or even exposing it to the public. I asked a friend and colleague who does homelabbing in his spare time for his opinion and he was +playing around with [copyparty](https://github.com/9001/copyparty) himself and has been an avid advocate of [Tailscale](https://tailscale.com/) for +as long as he's been homelabbing. + +I decided to go with his reccomendation. + +## Entering the Tailnet +I don't like the idea of having to use Tailscale's commercial control server - I would rather have this be served by something I administer. +Tailscale is just a fancy toolkit and automation framework for Wireguard, it's nothing exotic in that regard. Fortunately, others agree as well +and there's open source control servers available - I went with [Headscale](https://headscale.net) myself. I spent a little bit of my evening setting +it up and connected my PC that also partially serves a NAS role, my laptop and my phone. I now had a mesh of my devices I could access anywhere. + +Once my tailnet was set up, I created an A record in Headscale that points to my PC with a vanity service name - I figured since it's related to +sacred data of backups and how devastating it would be if I had to set up a device without Seedvault going forward, I'd name it after the Library of +Alexandria. I only needed to set up copyparty now... + +## Trouble in Paradise +When I was pitched about Tailscale, I was told that it will automagically work with Caddy to create SSL/TLS certificates for you. I decided to try it +out, but to my surprise, it didn't work. + +Okay, no problem, I'll try a DNS-01 challenge with my registrar, Namecheap... until I actually visited the +customer portal and attempted to request an API key. They want me to have 20+ domains or $50 chilling topped up on my balance - that's broad daylight +robbery for an essential service almost everyone else gives away for FREE. This soured my view on Namecheap as a whole and I'm probably looking into +changing registrars in near future. + +Registrar shenanigans aside - I moved my nameservers to Hetzner DNS which also had a Caddy DNS-01 challenge module... which also refused to work. +I reckon it was related to [caddy-dns/hetzner#2](https://github.com/caddy-dns/hetzner/issues/2) or [caddy-dns/hetzner#11](https://github.com/caddy-dns/hetzner/issues/11), +but at this point I realized Caddy modules were probably a no-go here. I have to embrace the jank instead. + +[acme.sh](https://github.com/acmesh-official/acme.sh) enters the picture - this actually worked and was able to issue me an SSL certificate. +I ended up making a daily cron that calls a script for all the services I run through Caddy that need a SSL certificate, it's not gonna win any +rewards for excellence, but it works - if you find yourself in a similar predicament, I got out of it with such a script: +``` +#!/bin/bash +HETZNER_Token="PUT_TOKEN_HERE" +DOMAIN=$1 +acme.sh --issue --dns dns_hetzner -d "$DOMAIN" --server letsencrypt --cert-file "/etc/ssl/caddy/$DOMAIN.pem" --key-file "/etc/ssl/caddy/$DOMAIN.key" --fullchain-file /etc/ssl/caddy/$DOMAIN.full.pem --reloadcmd "/scripts/hooks/fix-perms-and-reload-caddy.sh" +``` +With the following helper script (fix-perms-and-reload-caddy.sh) +``` +#!/bin/sh +chown caddy:caddy /etc/ssl/caddy/* +systemctl reload caddy +``` +Then stitch your Caddyfile host together with `tls /etc/ssl/caddy/domain.com.pem /etc/ssl/caddy/domain.com.key` and you should be good to go. + +## Are you invited to the copyparty? +Now that I had Caddy issues out of the way, I could actually get the party going. I installed copyparty via the package manager and pointed +an url in config to a folder on my soft-raid 4TB data pool - chose a service username and randomly generated password and fired it up for the +first time. + +I feel like I don't have to lecture anyone on how to create a reverse proxy with Caddy, but if you need a refresher, you can read my blog post +where [I moved from nginx to Caddy](/moving-from-nginx-to-caddy). + +I had everything set up and the copyparty was on its way. I opened up Seedvault on my phone, chose WebDAV Cloud, entered the vanity URL I had +made in my tailnet for this service alongside the directory, supplied with the credentials I had generated and ran a backup. + +It worked first try. + +## Endless possibilities +Now that I had a fresh tailnet set up, I decided to also backup photos to better utilize that 4TB of goodness I have laying around mostly unused. +I've heard of [Immich](https://immich.app/) a lot from the same friend that recommended me copyparty and Tailscale, so I decided to also give +that a go. I won't go into detail on this one, but that ended up being deployed successfully as well. + +I wouldn't have considered ever hosting it before as I don't like the idea of such service being exposed on the public web... and that reminded +me of another service I was running - Syncthing Discovery Server - I decided to move that behind my tailnet as well. + +This can go on for a lot of services that you wouldn't necessarily want to expose to public, but you would love to access it anywhere you are +currently at. + +## Closing thoughts +While it sucks that I lost my daily driver after only about 1 and a half years of ownership, I think I came out of this situation with far more +experience and knowledge than I otherwise would have. Luckily I am in the EU, so I have plenty of consumer rights to go about - since Google has +[officially acknowledged the issue](https://support.google.com/pixelphone/answer/16043453?hl=en), I decided to send in a case to claim the appeasement +offer laid out for under warranty phones. + +I am glad to see that in midst of all the recent years enshittification in technology, there is a sliver of hope and technology that doesn't suck. +I came out of this experience not weeping, but smiling. If you feel like any of this really spoke to you, play around with these technologies, it really +feels like magic sometimes. + +Thank you for reading and may the next post not take another year, +- Cernodile diff --git a/static/img/pixel7a-rip.jpg b/static/img/pixel7a-rip.jpg new file mode 100644 index 0000000..3f6cbd3 Binary files /dev/null and b/static/img/pixel7a-rip.jpg differ