Clean Proxmox Rebuild
Objective
Reinstall Proxmox, recreate pfSense, and build new Debian LXCs for DNS and Docker without restoring old guest disks or host filesystems. Preserve only the configuration and application state required to recreate current services.
This plan uses read-only Proxmox and Docker audits from June 14, 2026. Run the pre-wipe capture again immediately before shutdown so later changes are not missed.
Use the pre-reinstall migration checklist as the command-by-command run sheet. This page defines what must survive and why.
Backup Boundary
Keep:
- Proxmox network, storage, VM, and LXC definitions as reference text
- a full encrypted pfSense configuration export without RRD or volatile data
- Pi-hole settings and Cloudflared configuration
- Docker Compose files, environment files, build source, and network definitions
- logical database exports and application-native exports
- repositories, attachments, uploaded files, private keys, and unique website content
Discard:
- Proxmox host and guest operating-system disks
- stopped guest disks after written retirement approval
- Docker images, build cache, stopped containers, and Docker runtime metadata
- logs, rotated logs, pfSense RRD data, Pi-hole query history, and generated sites
- package caches, ISO images, LXC templates, and cloud-init templates
Configuration-only backups do not preserve business data. A service with repositories, databases, uploads, attachments, or unique content needs both its configuration and the state listed below.
Proxmox Host
Capture these files and command outputs to restricted storage:
mkdir -p /root/rebuild-capture/proxmox/{qm,pct}
cp /etc/network/interfaces /root/rebuild-capture/proxmox/
cp /etc/hosts /etc/hostname /etc/pve/storage.cfg \
/root/rebuild-capture/proxmox/
pveversion -v > /root/rebuild-capture/proxmox/pveversion.txt
pvesm status > /root/rebuild-capture/proxmox/storage-status.txt
qm list > /root/rebuild-capture/proxmox/qm-list.txt
pct list > /root/rebuild-capture/proxmox/pct-list.txt
for id in $(qm list | awk 'NR > 1 {print $1}'); do
qm config "$id" > "/root/rebuild-capture/proxmox/qm/$id.conf"
done
for id in $(pct list | awk 'NR > 1 {print $1}'); do
pct config "$id" > "/root/rebuild-capture/proxmox/pct/$id.conf"
done
Use these as build references. Do not copy them blindly over a new Proxmox installation. Recreate bridges, VLAN awareness, storage, and startup order in the new installation, then create new guest disks.
Virtual Machines
| VM | Minimum to keep | Rebuild decision |
|---|---|---|
110 pfsense |
qm config 110; encrypted full config.xml with package data, without RRD or extra volatile data |
Install a new pfSense VM and restore the XML; do not back up its 20 GiB disk |
102 revit |
qm config 102 only until ownership review |
Do not preserve the disk unless an owner confirms a current business need |
113 rsat-pc |
qm config 113 only until ownership review |
Prefer a new Windows administration workstation; do not preserve the old disk or snapshot by default |
5000 ubuntu-cloud |
Template source/version note only | Download a current cloud image and recreate the template |
For pfSense, retain package settings in the XML, select Skip RRD Data, leave
Include Extra Data disabled, and encrypt the export. Keep the redacted
config.redacted.xml only for documentation; it is not a recovery backup.
LXC Containers
| LXC | Minimum to keep | Rebuild decision |
|---|---|---|
100 proxy |
pct config 100, Docker workload backup below, Debian/package version reference |
Create a new unprivileged Debian LXC, enable nesting, install current Docker Engine, then restore applications |
107 dns |
pct config 107, Pi-hole Teleporter export, Cloudflared config and service unit, package/version reference |
Create a new Debian LXC and install current Pi-hole and Cloudflared; do not restore the root filesystem |
101 gam |
pct config 101 and ownership decision |
Retire by default; no rootfs backup |
105 down |
pct config 105, ownership decision, and filesystem recovery/data inventory before wiping |
Its 580 GiB disk has 571 GiB allocated and currently fails to mount; do not delete it |
106 rdhost |
pct config 106, RustDesk keys, SQLite database, configuration, and systemd units |
Rebuild as a fresh RustDesk server or retire only after confirming that no clients depend on its identity |
LXC 107 currently runs Debian 12 with Pi-hole Core v5.18.4, Web v5.21,
FTL v5.25.2, and Cloudflared 2025.6.1. Rebuild with current Pi-hole v6
instead of restoring the old root filesystem.
Keep the Pi-hole Teleporter export and verify that it contains custom lists, groups, clients, local DNS records, and settings. Also capture:
pihole -v
dpkg-query -W > packages.txt
systemctl cat cloudflared > cloudflared.service.txt
The current Cloudflared tunnel token is embedded in the systemd service command. Store it in the approved secret manager, rotate it before the rebuild, and create the new service from the rotated token. Do not place the service output or token in documentation backups.
Retain /etc/pihole/setupVars.conf, custom DNS records, and the Teleporter
archive as migration references. Do not retain /var/log,
/etc/pihole/pihole-FTL.db, downloaded gravity list files, or other query
history.
For LXC 106, keep these small but identity-bearing files:
/opt/rustdesk/db_v2.sqlite3*
/opt/rustdesk/id_ed25519
/opt/rustdesk/id_ed25519.pub
/root/.config/rustdesk/RustDesk.toml
/etc/systemd/system/rustdeskrelay.service
/etc/systemd/system/rustdesksignal.service
The RustDesk state is approximately 13 MiB and should be copied consistently while its services are stopped.
LXC 105 is an immediate recovery task. A read-only check reported an ext4
filesystem requiring journal recovery and an invalid MMP block checksum.
Create a storage-level copy before any repairing fsck, then inspect the copy.
Do not run a modifying filesystem repair against the only copy.
Docker Host
For every retained project, keep:
docker-compose.yml,.env, Dockerfiles, and local build sourcedocker compose config --imagesoutput and the intended version pins- external network definitions for
aproxyandbackend - only the persistent state identified below
Do not back up /var/lib/docker, image layers, containers, build cache, or
container logs. Replace floating latest tags with tested version pins during
the rebuild.
Platform Services
| Service | Minimum retained state |
|---|---|
| Traefik | Compose, .env, data/traefik.yml, data/conf.d, and certificate state if it cannot be regenerated; exclude data/logs |
| Forgejo and runner | Compose, .env, runner config.yml and registration details, Forgejo repositories/LFS/attachments/keys, and logical PostgreSQL dump of gitea |
| Drone | Compose, .env, and a consistent SQLite backup of data/database.sqlite; exclude job logs |
| Portainer | Compose plus Portainer configuration export or its small data directory; it may be rebuilt empty if all stacks are Compose-managed |
| Nginx documentation site | Compose only; regenerate published MkDocs output from this repository |
| Adminer | Compose only; no persistent state |
Databases
Use logical exports, not copies of live database directories:
| Database | Minimum retained state |
|---|---|
| PostgreSQL | Roles/globals plus separate dumps for active databases. Confirmed active dependencies include gitea, homebox, and vaultwarden |
| MariaDB | Separate logical dump per retained database and the root/application credentials from .env |
| MongoDB | mongodump for each retained application database; do not copy WiredTiger files as the primary backup |
The live database servers contain names associated with retired or unverified
applications. Review documenso, foa, kestra, kh3_hr_db, n8n,
planka, akaunting, bigcapital, espocrm, ldap, snipeit, vikunja,
and wordpress before deciding which dumps to delete. Keeping compressed,
per-database dumps temporarily is safer and smaller than keeping old VM disks.
Applications
| Service | Minimum retained state |
|---|---|
| Vaultwarden | Compose, .env, PostgreSQL vaultwarden, and /root/vaultwarden/data for keys and attachments |
| Homebox | Compose, .env, PostgreSQL homebox, and any uploaded-file storage |
| Appsmith | Reconstructed Compose plus /root/appsmith/data/stacks excluding its logs directory; use application exports as an additional copy |
| MeshCentral | Reconstructed Compose, data/config.json, certificate/private-key files, user files, and a current MeshCentral/MongoDB backup; retain one verified recent auto-backup, not the full history |
| Stirling PDF | Compose, .env, data/config, and only custom OCR language data; exclude data/logs |
| Receipt App | Compose, Dockerfile, and local application source; no persistent mount was found |
Appsmith and MeshCentral currently have no Compose file on disk. Reconstruct
and test their Compose definitions from docker inspect before shutdown.
Websites
| Service | Minimum retained state |
|---|---|
website |
Full working content tree or a repaired and pushed repository; the live Git object store reports corruption |
kh3website, khy, khywebsite |
Commit and push all intended changes, then keep only the remote repository and deployment Compose; otherwise archive the working content trees |
kh3-dev-site |
Archive its 183 MiB content tree and reconstruct Compose; no source repository or Compose file is present |
dashboard |
Reconstruct Compose; current content is effectively empty |
noticeboard |
Reconstruct Compose; regenerate the MkDocs site from its source repository |
documentation nginx |
Compose only; generated site content is disposable |
Do not treat the existing Git directories as backups. Three website working
trees contain many modifications, and the website repository is damaged.
Current Wipe Blockers
Do not wipe the host until all of these are resolved:
- Proxmox guest definitions are captured again immediately before shutdown.
- LXC
105 downhas a protected copy, filesystem recovery, owner decision, and data inventory. - Appsmith, MeshCentral, Dashboard, Noticeboard, and
kh3-dev-sitehave tested Compose files. - Modified website trees are pushed or archived, and the damaged
websiterepository is replaced or archived. - Active databases are mapped to owners and application restore tests.
- Pi-hole Teleporter and Cloudflared backups are tested on a temporary LXC.
- The pfSense XML is restored into a temporary VM and interfaces are remapped correctly.
- RustDesk clients are migrated with the existing server identity or formally retired.
Rebuild Order
- Install Proxmox and recreate host networking and storage.
- Create pfSense, restore its XML, and verify WAN, LAN, DMZ, VLAN, and VPN.
- Create the DNS LXC; restore Pi-hole and Cloudflared configuration.
- Create the Docker LXC; install Docker and create
aproxyandbackend. - Restore databases, then Traefik, Forgejo, and authentication dependencies.
- Restore applications and unique website content.
- Rebuild disposable generated sites and administration tools.
- Validate service routes, DNS, backups, and startup order before deleting the temporary backup set.