backup

tailnet-only

An internal service that snapshots every app's SQLite database into Cloudflare R2 as content-addressed tar.gz files. There is no public API or HTML interface — the service is reachable only on the Tailscale tailnet for security.

Backups are taken on a schedule and uploaded with a CIDv1 hash of the archive. Because the hash is content-addressed, identical databases produce identical backup identifiers, providing implicit deduplication and verification.

Screenshot of the Farfield backup UI — Backup dashboard in the logged-in state on the private/internal route.

Admin surface

Backup is deliberately not a public API service. It exposes a small authenticated HTML surface on the private route only.

GET/

Authenticated backup dashboard.

POST/snapshot

Trigger a manual snapshot from the admin session.

POST/backups/{id}/delete

Delete a backup from the admin session.

GET/status

Health check.

Why tailnet-only?

SQLite database files contain all content in plain text. Keeping the backup endpoint off the public internet eliminates an entire class of attack surface. The only way to reach the backup service is through the private mesh network.