Yes I’ve decided to just manually mount the qubes partitions on a clean system, in a temp vm using qvm-block attach, then rsync the files, not the appvms out to a third drive, then will just rebuild the appvms on the new qubes system.
About keeping appvms seperate from dom 0, you’re right I was thinking this might add a security benefit, but if dom 0 is compromised, then likely all appvms are compromised as well.
Reading this post, Storage and backup of large amounts of data for ongoing backups in the future I’ve decided I’ll just rsync the files to external drive. It seems the way rsync is made I’ll be able to cancel a backup and resume when time permits without having to recopy already copied files with it’s built in file hash verification. Beyond that I won’t do any sort of RPC in dom 0 for cross qubes communication. And won’t do appvms on secondary storage, instead just backup not for security but in case of drive failure. So for appvm security I’ll just keep documentation on each appvm and the apps installed so I can quickly recreate them anew if compromised.