diff --git a/.drone.yml b/.drone.yml
index aebf115..ebe3668 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -24,6 +24,7 @@ steps:
       SHARED_SECRET_AUTH_VERSION: v1
       SIGNAL_BRIDGE_YAML_VERSION: v1
       TELEGRAM_BRIDGE_YAML_VERSION: v1
+      PG_BACKUP_VERSION: v1
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_FORM_SECRET_VERSION: v1
       SECRET_MACAROON_SECRET_KEY_VERSION: v1
diff --git a/.env.sample b/.env.sample
index c136e01..efe5ebc 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,6 +6,7 @@ ENABLE_AUTO_UPDATE=true
 LETS_ENCRYPT_ENV=production
 COMPOSE_FILE="compose.yml"
 # POST_DEPLOY_CMDS="db set_admin"
+ENABLE_BACKUPS=true
 
 ## Admin details
 
diff --git a/abra.sh b/abra.sh
index f858435..f7164c4 100644
--- a/abra.sh
+++ b/abra.sh
@@ -8,6 +8,7 @@ export TELEGRAM_BRIDGE_YAML_VERSION=v6
 export NGINX_CONFIG_VERSION=v7
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
+export PG_BACKUP_VERSION=v1
 
 set_admin () {
     admin=akadmin
diff --git a/compose.signal.yml b/compose.signal.yml
index 316060b..8c50cb9 100644
--- a/compose.signal.yml
+++ b/compose.signal.yml
@@ -32,10 +32,6 @@ services:
       - signal-data:/data
     networks:
       - internal
-    deploy:
-      labels:
-          backupbot.backup: "true"
-          backupbot.backup.path: "/data"
 
   signaldb:
     image: postgres:13-alpine
@@ -56,10 +52,13 @@ services:
       - signal-postgres:/var/lib/postgresql/data
     deploy:
       labels:
-          backupbot.backup: "true"
-          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-          backupbot.backup.post-hook: "rm -r /var/lib/postgresql/data/backup.sql"
-          backupbot.backup.path: "/var/lib/postgresql/data"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.signal-postgres.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
+    configs:
+        - source: pg_backup
+          target: /pg_backup.sh
+          mode: 0555
 
 configs:
   signal_bridge_yaml:
diff --git a/compose.telegram.yml b/compose.telegram.yml
index c70ea52..9b914e8 100644
--- a/compose.telegram.yml
+++ b/compose.telegram.yml
@@ -56,6 +56,15 @@ services:
       test: ["CMD", "pg_isready", "-U", "$POSTGRES_USER" ]
     volumes:
       - telegram-postgres:/var/lib/postgresql/data
+    deploy:
+      labels:
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.telegram-postgres.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
+    configs:
+        - source: pg_backup
+          target: /pg_backup.sh
+          mode: 0555
 
 configs:
   telegram_bridge_yaml:
diff --git a/compose.yml b/compose.yml
index f085126..d29bf91 100644
--- a/compose.yml
+++ b/compose.yml
@@ -124,10 +124,14 @@ services:
       - postgres:/var/lib/postgresql/data
     deploy:
       labels:
-          backupbot.backup: "true"
-          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-          backupbot.backup.post-hook: "rm -r /var/lib/postgresql/data/backup.sql"
-          backupbot.backup.path: "/var/lib/postgresql/data"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.postgres.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
+    configs:
+        - source: pg_backup
+          target: /pg_backup.sh
+          mode: 0555
 
 volumes:
   data:
@@ -163,6 +167,9 @@ configs:
     name: ${STACK_NAME}_wk_client_${WK_CLIENT_VERSION}
     file: well_known_client.conf.tmpl
     template_driver: golang
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh
 
 secrets:
   db_password:
diff --git a/pg_backup.sh b/pg_backup.sh
new file mode 100644
index 0000000..4029803
--- /dev/null
+++ b/pg_backup.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@