Posted on 25/09/2025 22:30:00
This is a long read, you’ve been warned :)
I woke up last week wednesday morning like any other workday morning, I glanced at my phone (Google Pixel 7a) and noticed the case was sticking out a bit - I tried to push it back in, but it would pop out again. I didn’t think too much of it just yet, maybe a bad fit, so I took the case off.
When I took the case off, I was greeted with a rather beautiful sight - the back side of my phone was bulging and the back panel had been deglued. This wasn’t an ordinary morning.. and I had in all practicality a “loaded bomb” on my hands - the battery was charged to the brim night before and now it’s extremely dangerous.
I had initially switched over to the Pixel since my previous phone seemingly had garbage battery life - everything I read seemed to suggest that it’s the fault of the highly inefficient 5G modem. This morning I didn’t really have much of a choice but to charge it up before work and move absolute bare essentials over without being overly too late.
My daily driver ran CalyxOS without Google Services and it just so happens that the Calyx Institute is responsible for an Android backup/restore solution called Seedvault - I had enough time to create a local backup and transfer the .SeedVaultAndroidBackup folder over with Syncthing to my laptop, power off the phone, place it in a relatively safe place without flammable materials nearby and went to work.
During the day I was dreading having to set up everything again and I expressed skepticism on how much would Seedvault actually do - after all I’ve been conditioned to think any Android backup/restore solution is either good if its device specific (e.g. NAND backup) or horrible if you had to switch devices.
When I got home from work, I had two goals in mind - I gotta check out Seedvault and I gotta update this thing from Android 13 to whatever latest is available for this phone, so I updated the phone to LineageOS 22.2 (Android 15) - OTA updates don’t work for major updates on this phone because of some chinesium phone jank, I had to risk doing a dirty flash. The dirty flash didn’t go to plan and I had to start over with no data.
I was prompted to restore from Seedvault during LineageOS Initial Launch Setup Wizard (or whatever that thingimajig is called!), but the options were not really ideal - I don’t have access to any WebDAV server with my Seedvault backup on it, I obviously don’t have it on the internal storage of this device either, so I had to skip it.
After setup, I plugged my phone to my laptop, allowed MTP transfer and copied over the .SeedVaultAndroidBackup folder and started the hunt for finding Seedvault again. On CalyxOS, it was super straightforward, always on your app drawer, but on Lineage I had to go on an adventure - I’ll spare you the excruciating detail, you can find it under Settings -> System -> Backup.
I started the restoration process, saw apps being reinstalled, but without data, so I wasn’t exactly amused yet, but then the magic happened. Once the apps were reinstalled, Seedvault restored all of the app data into them, I was shocked to find that I was still logged into every app - I still had my notes and that my home screen looked like I hadn’t even switched phones. It worked remarkably.. perfectly.
Of course there were some drawbacks - Seedvault outright refuses to backup some apps that have data too large - I haven’t discovered what the threshold is just yet, but I lost everything I had on Termux and Fennec. A few apps were also in a broken state with restored data and I had to reinstall them. Many apps dependant on SAF (Storage Access Framework) permissions also broke and needed to be fixed by hand.. but it ultimately changed a week long (if not longer fine tuning) process into an half hour ordeal. I was beyond impressed.
Having experienced Seedvault now first hand and seeing how great it is, I decided I want to have automatic external backups.. but how? Seedvault gives you 4 options for where to store its backups - WebDAV Cloud (beta), on the phone itself, a connected USB flash drive and a specific WebDAV app. I ruled out on-device backup already, carrying around an always attached USB flash drive to phone isn’t practical and I don’t want to use yet another app, so let’s explore WebDAV Cloud (beta) option.
There are many choices for WebDAV functionality, most promiment is probably NextCloud, but I didn’t feel like setting up a whole NextCloud instance just for this.. or even exposing it to the public. I asked a friend and colleague who does homelabbing in his spare time for his opinion and he was playing around with copyparty himself and has been an avid advocate of Tailscale for as long as he’s been homelabbing.
I decided to go with his reccomendation.
I don’t like the idea of having to use Tailscale’s commercial control server - I would rather have this be served by something I administer. Tailscale is just a fancy toolkit and automation framework for Wireguard, it’s nothing exotic in that regard. Fortunately, others agree as well and there’s open source control servers available - I went with Headscale myself. I spent a little bit of my evening setting it up and connected my PC that also partially serves a NAS role, my laptop and my phone. I now had a mesh of my devices I could access anywhere.
Once my tailnet was set up, I created an A record in Headscale that points to my PC with a vanity service name - I figured since it’s related to sacred data of backups and how devastating it would be if I had to set up a device without Seedvault going forward, I’d name it after the Library of Alexandria. I only needed to set up copyparty now…
When I was pitched about Tailscale, I was told that it will automagically work with Caddy to create SSL/TLS certificates for you. I decided to try it out, but to my surprise, it didn’t work.
Okay, no problem, I’ll try a DNS-01 challenge with my registrar, Namecheap… until I actually visited the customer portal and attempted to request an API key. They want me to have 20+ domains or $50 chilling topped up on my balance - that’s broad daylight robbery for an essential service almost everyone else gives away for FREE. This soured my view on Namecheap as a whole and I’m probably looking into changing registrars in near future.
Registrar shenanigans aside - I moved my nameservers to Hetzner DNS which also had a Caddy DNS-01 challenge module… which also refused to work. I reckon it was related to caddy-dns/hetzner#2 or caddy-dns/hetzner#11, but at this point I realized Caddy modules were probably a no-go here. I have to embrace the jank instead.
acme.sh enters the picture - this actually worked and was able to issue me an SSL certificate. I ended up making a daily cron that calls a script for all the services I run through Caddy that need a SSL certificate, it’s not gonna win any rewards for excellence, but it works - if you find yourself in a similar predicament, I got out of it with such a script:
#!/bin/bash
HETZNER_Token="PUT_TOKEN_HERE"
DOMAIN=$1
acme.sh --issue --dns dns_hetzner -d "$DOMAIN" --server letsencrypt --cert-file "/etc/ssl/caddy/$DOMAIN.pem" --key-file "/etc/ssl/caddy/$DOMAIN.key" --fullchain-file /etc/ssl/caddy/$DOMAIN.full.pem --reloadcmd "/scripts/hooks/fix-perms-and-reload-caddy.sh"
With the following helper script (fix-perms-and-reload-caddy.sh)
#!/bin/sh
chown caddy:caddy /etc/ssl/caddy/*
systemctl reload caddy
Then stitch your Caddyfile host together with tls /etc/ssl/caddy/domain.com.pem /etc/ssl/caddy/domain.com.key and you should be good to go.
Now that I had Caddy issues out of the way, I could actually get the party going. I installed copyparty via the package manager and pointed an url in config to a folder on my soft-raid 4TB data pool - chose a service username and randomly generated password and fired it up for the first time.
I feel like I don’t have to lecture anyone on how to create a reverse proxy with Caddy, but if you need a refresher, you can read my blog post where I moved from nginx to Caddy.
I had everything set up and the copyparty was on its way. I opened up Seedvault on my phone, chose WebDAV Cloud, entered the vanity URL I had made in my tailnet for this service alongside the directory, supplied with the credentials I had generated and ran a backup.
It worked first try.
Now that I had a fresh tailnet set up, I decided to also backup photos to better utilize that 4TB of goodness I have laying around mostly unused. I’ve heard of Immich a lot from the same friend that recommended me copyparty and Tailscale, so I decided to also give that a go. I won’t go into detail on this one, but that ended up being deployed successfully as well.
I wouldn’t have considered ever hosting it before as I don’t like the idea of such service being exposed on the public web… and that reminded me of another service I was running - Syncthing Discovery Server - I decided to move that behind my tailnet as well.
This can go on for a lot of services that you wouldn’t necessarily want to expose to public, but you would love to access it anywhere you are currently at.
While it sucks that I lost my daily driver after only about 1 and a half years of ownership, I think I came out of this situation with far more experience and knowledge than I otherwise would have. Luckily I am in the EU, so I have plenty of consumer rights to go about - since Google has officially acknowledged the issue, I decided to send in a case to claim the appeasement offer laid out for under warranty phones.
I am glad to see that in midst of all the recent years enshittification in technology, there is a sliver of hope and technology that doesn’t suck. I came out of this experience not weeping, but smiling. If you feel like any of this really spoke to you, play around with these technologies, it really feels like magic sometimes.
Thank you for reading and may the next post not take another year,
© 2021 - 2025 based.quest | Powered by Hugo | Donate | Atom RSS