diff --git a/abra.sh b/abra.sh
index bc0d9d6..d548e1d 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,5 +1,3 @@
 export ABRA_MATTERMOST_ENTRYPOINT_VERSION=v2
 export BUSYBOX_VERSION=v1
-
-
 export PG_BACKUP_VERSION=v1
diff --git a/compose.yml b/compose.yml
index 7ddb6c2..9798bbc 100644
--- a/compose.yml
+++ b/compose.yml
@@ -43,7 +43,7 @@ services:
     entrypoint: /abra-mattermost-entrypoint.sh
 
   postgres:
-    image: postgres:15-alpine
+    image: postgres:16-alpine
     volumes:
       - postgres_data:/var/lib/postgresql/data
     environment:
diff --git a/pg_backup.sh b/pg_backup.sh
old mode 100755
new mode 100644
index 175714e..5c5dca4
--- a/pg_backup.sh
+++ b/pg_backup.sh
@@ -1,34 +1,32 @@
 #!/bin/bash
 
+# Postgres backup/restore hook for the `postgres` service. Invoked by backupbot-two via:
+#   backupbot.backup.pre-hook     = "/pg_backup.sh backup"
+#   backupbot.backup.volumes.postgres_data.path = "backup.sql"
+#   backupbot.restore.post-hook   = "/pg_backup.sh restore"
+# Backup dumps the DB to backup.sql (gzip) inside the postgres volume; backupbot archives it.
+# Restore reimports it. The mattermost app keeps TCP connections open to the DB, so restore must
+# terminate them and FORCE-drop before recreating, then reimport the dump deterministically — the
+# previous recipe shipped no restore hook (file-level PGDATA restore did not reload into the running
+# postgres), so a restored backup silently kept the live (un-restored) state.
+
 set -e
 
 BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+export PGPASSWORD=$(cat "${POSTGRES_PASSWORD_FILE:-/run/secrets/postgres_password}")
+DB_USER="${POSTGRES_USER:-mattermost}"
+DB_NAME="${POSTGRES_DB:-mattermost}"
 
 function backup {
-  export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
-  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} | gzip > $BACKUP_FILE
+  pg_dump -U "$DB_USER" "$DB_NAME" | gzip > "$BACKUP_FILE"
 }
 
 function restore {
-    cd /var/lib/postgresql/data/
-    restore_config(){
-        # Restore allowed connections
-        cat pg_hba.conf.bak > pg_hba.conf
-        su postgres -c 'pg_ctl reload'
-    }
-    # Don't allow any other connections than local
-    cp pg_hba.conf pg_hba.conf.bak
-    echo "local all all trust" > pg_hba.conf
-    su postgres -c 'pg_ctl reload'
-    trap restore_config EXIT INT TERM
-
-    # Recreate Database
-    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
-    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
-    gunzip -c $BACKUP_FILE | psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f -
-
-    trap - EXIT INT TERM
-    restore_config
+  psql -U "$DB_USER" -d postgres -c \
+    "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname='${DB_NAME}' AND pid<>pg_backend_pid();"
+  psql -U "$DB_USER" -d postgres -c "DROP DATABASE ${DB_NAME} WITH (FORCE);"
+  createdb -U "$DB_USER" "$DB_NAME"
+  gunzip -c "$BACKUP_FILE" | psql -U "$DB_USER" -d "$DB_NAME" -1 -v ON_ERROR_STOP=1 -f -
 }
 
 $@