Skip to content

Clean Proxmox Rebuild

Objective

Reinstall Proxmox, recreate pfSense, and build new Debian LXCs for DNS and Docker without restoring old guest disks or host filesystems. Preserve only the configuration and application state required to recreate current services.

This plan uses read-only Proxmox and Docker audits from June 14, 2026. Run the pre-wipe capture again immediately before shutdown so later changes are not missed.

Use the pre-reinstall migration checklist as the command-by-command run sheet. This page defines what must survive and why.

Backup Boundary

Keep:

  • Proxmox network, storage, VM, and LXC definitions as reference text
  • a full encrypted pfSense configuration export without RRD or volatile data
  • Pi-hole settings and Cloudflared configuration
  • Docker Compose files, environment files, build source, and network definitions
  • logical database exports and application-native exports
  • repositories, attachments, uploaded files, private keys, and unique website content

Discard:

  • Proxmox host and guest operating-system disks
  • stopped guest disks after written retirement approval
  • Docker images, build cache, stopped containers, and Docker runtime metadata
  • logs, rotated logs, pfSense RRD data, Pi-hole query history, and generated sites
  • package caches, ISO images, LXC templates, and cloud-init templates

Configuration-only backups do not preserve business data. A service with repositories, databases, uploads, attachments, or unique content needs both its configuration and the state listed below.

Proxmox Host

Capture these files and command outputs to restricted storage:

mkdir -p /root/rebuild-capture/proxmox/{qm,pct}
cp /etc/network/interfaces /root/rebuild-capture/proxmox/
cp /etc/hosts /etc/hostname /etc/pve/storage.cfg \
  /root/rebuild-capture/proxmox/
pveversion -v > /root/rebuild-capture/proxmox/pveversion.txt
pvesm status > /root/rebuild-capture/proxmox/storage-status.txt
qm list > /root/rebuild-capture/proxmox/qm-list.txt
pct list > /root/rebuild-capture/proxmox/pct-list.txt
for id in $(qm list | awk 'NR > 1 {print $1}'); do
  qm config "$id" > "/root/rebuild-capture/proxmox/qm/$id.conf"
done
for id in $(pct list | awk 'NR > 1 {print $1}'); do
  pct config "$id" > "/root/rebuild-capture/proxmox/pct/$id.conf"
done

Use these as build references. Do not copy them blindly over a new Proxmox installation. Recreate bridges, VLAN awareness, storage, and startup order in the new installation, then create new guest disks.

Virtual Machines

VM Minimum to keep Rebuild decision
110 pfsense qm config 110; encrypted full config.xml with package data, without RRD or extra volatile data Install a new pfSense VM and restore the XML; do not back up its 20 GiB disk
102 revit qm config 102 only until ownership review Do not preserve the disk unless an owner confirms a current business need
113 rsat-pc qm config 113 only until ownership review Prefer a new Windows administration workstation; do not preserve the old disk or snapshot by default
5000 ubuntu-cloud Template source/version note only Download a current cloud image and recreate the template

For pfSense, retain package settings in the XML, select Skip RRD Data, leave Include Extra Data disabled, and encrypt the export. Keep the redacted config.redacted.xml only for documentation; it is not a recovery backup.

LXC Containers

LXC Minimum to keep Rebuild decision
100 proxy pct config 100, Docker workload backup below, Debian/package version reference Create a new unprivileged Debian LXC, enable nesting, install current Docker Engine, then restore applications
107 dns pct config 107, Pi-hole Teleporter export, Cloudflared config and service unit, package/version reference Create a new Debian LXC and install current Pi-hole and Cloudflared; do not restore the root filesystem
101 gam pct config 101 and ownership decision Retire by default; no rootfs backup
105 down pct config 105, ownership decision, and filesystem recovery/data inventory before wiping Its 580 GiB disk has 571 GiB allocated and currently fails to mount; do not delete it
106 rdhost pct config 106, RustDesk keys, SQLite database, configuration, and systemd units Rebuild as a fresh RustDesk server or retire only after confirming that no clients depend on its identity

LXC 107 currently runs Debian 12 with Pi-hole Core v5.18.4, Web v5.21, FTL v5.25.2, and Cloudflared 2025.6.1. Rebuild with current Pi-hole v6 instead of restoring the old root filesystem.

Keep the Pi-hole Teleporter export and verify that it contains custom lists, groups, clients, local DNS records, and settings. Also capture:

pihole -v
dpkg-query -W > packages.txt
systemctl cat cloudflared > cloudflared.service.txt

The current Cloudflared tunnel token is embedded in the systemd service command. Store it in the approved secret manager, rotate it before the rebuild, and create the new service from the rotated token. Do not place the service output or token in documentation backups.

Retain /etc/pihole/setupVars.conf, custom DNS records, and the Teleporter archive as migration references. Do not retain /var/log, /etc/pihole/pihole-FTL.db, downloaded gravity list files, or other query history.

For LXC 106, keep these small but identity-bearing files:

/opt/rustdesk/db_v2.sqlite3*
/opt/rustdesk/id_ed25519
/opt/rustdesk/id_ed25519.pub
/root/.config/rustdesk/RustDesk.toml
/etc/systemd/system/rustdeskrelay.service
/etc/systemd/system/rustdesksignal.service

The RustDesk state is approximately 13 MiB and should be copied consistently while its services are stopped.

LXC 105 is an immediate recovery task. A read-only check reported an ext4 filesystem requiring journal recovery and an invalid MMP block checksum. Create a storage-level copy before any repairing fsck, then inspect the copy. Do not run a modifying filesystem repair against the only copy.

Docker Host

For every retained project, keep:

  • docker-compose.yml, .env, Dockerfiles, and local build source
  • docker compose config --images output and the intended version pins
  • external network definitions for aproxy and backend
  • only the persistent state identified below

Do not back up /var/lib/docker, image layers, containers, build cache, or container logs. Replace floating latest tags with tested version pins during the rebuild.

Platform Services

Service Minimum retained state
Traefik Compose, .env, data/traefik.yml, data/conf.d, and certificate state if it cannot be regenerated; exclude data/logs
Forgejo and runner Compose, .env, runner config.yml and registration details, Forgejo repositories/LFS/attachments/keys, and logical PostgreSQL dump of gitea
Drone Compose, .env, and a consistent SQLite backup of data/database.sqlite; exclude job logs
Portainer Compose plus Portainer configuration export or its small data directory; it may be rebuilt empty if all stacks are Compose-managed
Nginx documentation site Compose only; regenerate published MkDocs output from this repository
Adminer Compose only; no persistent state

Databases

Use logical exports, not copies of live database directories:

Database Minimum retained state
PostgreSQL Roles/globals plus separate dumps for active databases. Confirmed active dependencies include gitea, homebox, and vaultwarden
MariaDB Separate logical dump per retained database and the root/application credentials from .env
MongoDB mongodump for each retained application database; do not copy WiredTiger files as the primary backup

The live database servers contain names associated with retired or unverified applications. Review documenso, foa, kestra, kh3_hr_db, n8n, planka, akaunting, bigcapital, espocrm, ldap, snipeit, vikunja, and wordpress before deciding which dumps to delete. Keeping compressed, per-database dumps temporarily is safer and smaller than keeping old VM disks.

Applications

Service Minimum retained state
Vaultwarden Compose, .env, PostgreSQL vaultwarden, and /root/vaultwarden/data for keys and attachments
Homebox Compose, .env, PostgreSQL homebox, and any uploaded-file storage
Appsmith Reconstructed Compose plus /root/appsmith/data/stacks excluding its logs directory; use application exports as an additional copy
MeshCentral Reconstructed Compose, data/config.json, certificate/private-key files, user files, and a current MeshCentral/MongoDB backup; retain one verified recent auto-backup, not the full history
Stirling PDF Compose, .env, data/config, and only custom OCR language data; exclude data/logs
Receipt App Compose, Dockerfile, and local application source; no persistent mount was found

Appsmith and MeshCentral currently have no Compose file on disk. Reconstruct and test their Compose definitions from docker inspect before shutdown.

Websites

Service Minimum retained state
website Full working content tree or a repaired and pushed repository; the live Git object store reports corruption
kh3website, khy, khywebsite Commit and push all intended changes, then keep only the remote repository and deployment Compose; otherwise archive the working content trees
kh3-dev-site Archive its 183 MiB content tree and reconstruct Compose; no source repository or Compose file is present
dashboard Reconstruct Compose; current content is effectively empty
noticeboard Reconstruct Compose; regenerate the MkDocs site from its source repository
documentation nginx Compose only; generated site content is disposable

Do not treat the existing Git directories as backups. Three website working trees contain many modifications, and the website repository is damaged.

Current Wipe Blockers

Do not wipe the host until all of these are resolved:

  1. Proxmox guest definitions are captured again immediately before shutdown.
  2. LXC 105 down has a protected copy, filesystem recovery, owner decision, and data inventory.
  3. Appsmith, MeshCentral, Dashboard, Noticeboard, and kh3-dev-site have tested Compose files.
  4. Modified website trees are pushed or archived, and the damaged website repository is replaced or archived.
  5. Active databases are mapped to owners and application restore tests.
  6. Pi-hole Teleporter and Cloudflared backups are tested on a temporary LXC.
  7. The pfSense XML is restored into a temporary VM and interfaces are remapped correctly.
  8. RustDesk clients are migrated with the existing server identity or formally retired.

Rebuild Order

  1. Install Proxmox and recreate host networking and storage.
  2. Create pfSense, restore its XML, and verify WAN, LAN, DMZ, VLAN, and VPN.
  3. Create the DNS LXC; restore Pi-hole and Cloudflared configuration.
  4. Create the Docker LXC; install Docker and create aproxy and backend.
  5. Restore databases, then Traefik, Forgejo, and authentication dependencies.
  6. Restore applications and unique website content.
  7. Rebuild disposable generated sites and administration tools.
  8. Validate service routes, DNS, backups, and startup order before deleting the temporary backup set.

References