FIX (email): Recrate client in case of auth error

FIX (helm): Add git clone step

README.md

@@ -157,6 +157,49 @@ Then run:
 docker compose up -d
 ```
 
+### Option 4: Kubernetes with Helm
+
+For Kubernetes deployments, use the official Helm chart.
+
+**Step 1:** Clone the repository:
+
+```bash
+git clone https://github.com/RostislavDugin/postgresus.git
+cd postgresus
+```
+
+**Step 2:** Install with Helm:
+
+```bash
+helm install postgresus ./deploy/postgresus -n postgresus --create-namespace
+```
+
+To customize the installation, create a `values.yaml` file:
+
+```yaml
+ingress:
+  hosts:
+    - host: backup.yourdomain.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: backup-yourdomain-com-tls
+      hosts:
+        - backup.yourdomain.com
+
+persistence:
+  size: 20Gi
+```
+
+Then install with your custom values:
+
+```bash
+helm install postgresus ./deploy/postgresus -n postgresus --create-namespace -f values.yaml
+```
+
+See the [Helm chart README](deploy/postgresus/README.md) for all configuration options.
+
 ---
 
 ## 🚀 Usage

backend/internal/features/databases/databases/postgresql/model.go

@@ -593,7 +593,8 @@ func buildConnectionStringForDB(p *PostgresqlDatabase, dbName string, password s
 		sslMode = "require"
 	}
 
-	return fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s sslmode=%s",
+	return fmt.Sprintf(
+		"host=%s port=%d user=%s password=%s dbname=%s sslmode=%s default_query_exec_mode=simple_protocol",
 		p.Host,
 		p.Port,
 		p.Username,

backend/internal/features/notifiers/models/email_notifier/auth.go

@@ -0,0 +1,28 @@
+package email_notifier
+
+import (
+	"errors"
+	"net/smtp"
+)
+
+type loginAuth struct {
+	username, password string
+}
+
+func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	return "LOGIN", []byte{}, nil
+}
+
+func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if more {
+		switch string(fromServer) {
+		case "Username:":
+			return []byte(a.username), nil
+		case "Password:":
+			return []byte(a.password), nil
+		default:
+			return nil, errors.New("unknown LOGIN challenge: " + string(fromServer))
+		}
+	}
+	return nil, nil
+}

backend/internal/features/notifiers/models/email_notifier/model.go

@@ -58,11 +58,10 @@ func (e *EmailNotifier) Validate(encryptor encryption.FieldEncryptor) error {
 
 func (e *EmailNotifier) Send(
 	encryptor encryption.FieldEncryptor,
-	logger *slog.Logger,
+	_ *slog.Logger,
 	heading string,
 	message string,
 ) error {
-	// Decrypt SMTP password if provided
 	var smtpPassword string
 	if e.SMTPPassword != "" {
 		decrypted, err := encryptor.Decrypt(e.NotifierID, e.SMTPPassword)
@@ -72,7 +71,6 @@ func (e *EmailNotifier) Send(
 		smtpPassword = decrypted
 	}
 
-	// Compose email
 	from := e.From
 	if from == "" {
 		from = e.SMTPUser
@@ -81,153 +79,13 @@ func (e *EmailNotifier) Send(
 		}
 	}
 
-	to := []string{e.TargetEmail}
-
-	// Format the email content
-	subject := fmt.Sprintf("Subject: %s\r\n", heading)
-	mime := fmt.Sprintf(
-		"MIME-version: 1.0;\nContent-Type: %s; charset=\"%s\";\n\n",
-		MIMETypeHTML,
-		MIMECharsetUTF8,
-	)
-	body := message
-	fromHeader := fmt.Sprintf("From: %s\r\n", from)
-	toHeader := fmt.Sprintf("To: %s\r\n", e.TargetEmail)
-
-	// Combine all parts of the email
-	emailContent := []byte(fromHeader + toHeader + subject + mime + body)
-
-	addr := net.JoinHostPort(e.SMTPHost, fmt.Sprintf("%d", e.SMTPPort))
-	timeout := DefaultTimeout
-
-	// Determine if authentication is required
+	emailContent := e.buildEmailContent(heading, message, from)
 	isAuthRequired := e.SMTPUser != "" && smtpPassword != ""
 
-	// Handle different port scenarios
 	if e.SMTPPort == ImplicitTLSPort {
-		// Implicit TLS (port 465)
-		// Set up TLS config
-		tlsConfig := &tls.Config{
-			ServerName: e.SMTPHost,
-		}
-
-		// Dial with timeout
-		dialer := &net.Dialer{Timeout: timeout}
-		conn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
-		if err != nil {
-			return fmt.Errorf("failed to connect to SMTP server: %w", err)
-		}
-		defer func() {
-			_ = conn.Close()
-		}()
-
-		// Create SMTP client
-		client, err := smtp.NewClient(conn, e.SMTPHost)
-		if err != nil {
-			return fmt.Errorf("failed to create SMTP client: %w", err)
-		}
-		defer func() {
-			_ = client.Quit()
-		}()
-
-		// Set up authentication only if credentials are provided
-		if isAuthRequired {
-			auth := smtp.PlainAuth("", e.SMTPUser, smtpPassword, e.SMTPHost)
-			if err := client.Auth(auth); err != nil {
-				return fmt.Errorf("SMTP authentication failed: %w", err)
-			}
-		}
-
-		// Set sender and recipients
-		if err := client.Mail(from); err != nil {
-			return fmt.Errorf("failed to set sender: %w", err)
-		}
-		for _, recipient := range to {
-			if err := client.Rcpt(recipient); err != nil {
-				return fmt.Errorf("failed to set recipient: %w", err)
-			}
-		}
-
-		// Send the email body
-		writer, err := client.Data()
-		if err != nil {
-			return fmt.Errorf("failed to get data writer: %w", err)
-		}
-		_, err = writer.Write(emailContent)
-		if err != nil {
-			return fmt.Errorf("failed to write email content: %w", err)
-		}
-		err = writer.Close()
-		if err != nil {
-			return fmt.Errorf("failed to close data writer: %w", err)
-		}
-
-		return nil
-	} else {
-		// STARTTLS (port 587) or other ports
-		// Create a custom dialer with timeout
-		dialer := &net.Dialer{Timeout: timeout}
-		conn, err := dialer.Dial("tcp", addr)
-		if err != nil {
-			return fmt.Errorf("failed to connect to SMTP server: %w", err)
-		}
-
-		// Create client from connection
-		client, err := smtp.NewClient(conn, e.SMTPHost)
-		if err != nil {
-			return fmt.Errorf("failed to create SMTP client: %w", err)
-		}
-		defer func() {
-			_ = client.Quit()
-		}()
-
-		// Send email using the client
-		if err := client.Hello(DefaultHelloName); err != nil {
-			return fmt.Errorf("SMTP hello failed: %w", err)
-		}
-
-		// Start TLS if available
-		if ok, _ := client.Extension("STARTTLS"); ok {
-			if err := client.StartTLS(&tls.Config{ServerName: e.SMTPHost}); err != nil {
-				return fmt.Errorf("STARTTLS failed: %w", err)
-			}
-		}
-
-		// Authenticate only if credentials are provided
-		if isAuthRequired {
-			auth := smtp.PlainAuth("", e.SMTPUser, smtpPassword, e.SMTPHost)
-			if err := client.Auth(auth); err != nil {
-				return fmt.Errorf("SMTP authentication failed: %w", err)
-			}
-		}
-
-		if err := client.Mail(from); err != nil {
-			return fmt.Errorf("failed to set sender: %w", err)
-		}
-
-		for _, recipient := range to {
-			if err := client.Rcpt(recipient); err != nil {
-				return fmt.Errorf("failed to set recipient: %w", err)
-			}
-		}
-
-		writer, err := client.Data()
-		if err != nil {
-			return fmt.Errorf("failed to get data writer: %w", err)
-		}
-
-		_, err = writer.Write(emailContent)
-		if err != nil {
-			return fmt.Errorf("failed to write email content: %w", err)
-		}
-
-		err = writer.Close()
-		if err != nil {
-			return fmt.Errorf("failed to close data writer: %w", err)
-		}
-
-		return client.Quit()
+		return e.sendImplicitTLS(emailContent, from, smtpPassword, isAuthRequired)
 	}
+	return e.sendStartTLS(emailContent, from, smtpPassword, isAuthRequired)
 }
 
 func (e *EmailNotifier) HideSensitiveData() {
@@ -256,3 +114,166 @@ func (e *EmailNotifier) EncryptSensitiveData(encryptor encryption.FieldEncryptor
 	}
 	return nil
 }
+
+func (e *EmailNotifier) buildEmailContent(heading, message, from string) []byte {
+	subject := fmt.Sprintf("Subject: %s\r\n", heading)
+	mime := fmt.Sprintf(
+		"MIME-version: 1.0;\nContent-Type: %s; charset=\"%s\";\n\n",
+		MIMETypeHTML,
+		MIMECharsetUTF8,
+	)
+	fromHeader := fmt.Sprintf("From: %s\r\n", from)
+	toHeader := fmt.Sprintf("To: %s\r\n", e.TargetEmail)
+	return []byte(fromHeader + toHeader + subject + mime + message)
+}
+
+func (e *EmailNotifier) sendImplicitTLS(
+	emailContent []byte,
+	from string,
+	password string,
+	isAuthRequired bool,
+) error {
+	createClient := func() (*smtp.Client, func(), error) {
+		return e.createImplicitTLSClient()
+	}
+
+	client, cleanup, err := e.authenticateWithRetry(createClient, password, isAuthRequired)
+	if err != nil {
+		return err
+	}
+	defer cleanup()
+
+	return e.sendEmail(client, from, emailContent)
+}
+
+func (e *EmailNotifier) sendStartTLS(
+	emailContent []byte,
+	from string,
+	password string,
+	isAuthRequired bool,
+) error {
+	createClient := func() (*smtp.Client, func(), error) {
+		return e.createStartTLSClient()
+	}
+
+	client, cleanup, err := e.authenticateWithRetry(createClient, password, isAuthRequired)
+	if err != nil {
+		return err
+	}
+	defer cleanup()
+
+	return e.sendEmail(client, from, emailContent)
+}
+
+func (e *EmailNotifier) createImplicitTLSClient() (*smtp.Client, func(), error) {
+	addr := net.JoinHostPort(e.SMTPHost, fmt.Sprintf("%d", e.SMTPPort))
+	tlsConfig := &tls.Config{ServerName: e.SMTPHost}
+	dialer := &net.Dialer{Timeout: DefaultTimeout}
+
+	conn, err := tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to connect to SMTP server: %w", err)
+	}
+
+	client, err := smtp.NewClient(conn, e.SMTPHost)
+	if err != nil {
+		_ = conn.Close()
+		return nil, nil, fmt.Errorf("failed to create SMTP client: %w", err)
+	}
+
+	return client, func() { _ = client.Quit() }, nil
+}
+
+func (e *EmailNotifier) createStartTLSClient() (*smtp.Client, func(), error) {
+	addr := net.JoinHostPort(e.SMTPHost, fmt.Sprintf("%d", e.SMTPPort))
+	dialer := &net.Dialer{Timeout: DefaultTimeout}
+
+	conn, err := dialer.Dial("tcp", addr)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to connect to SMTP server: %w", err)
+	}
+
+	client, err := smtp.NewClient(conn, e.SMTPHost)
+	if err != nil {
+		_ = conn.Close()
+		return nil, nil, fmt.Errorf("failed to create SMTP client: %w", err)
+	}
+
+	if err := client.Hello(DefaultHelloName); err != nil {
+		_ = client.Quit()
+		_ = conn.Close()
+		return nil, nil, fmt.Errorf("SMTP hello failed: %w", err)
+	}
+
+	if ok, _ := client.Extension("STARTTLS"); ok {
+		if err := client.StartTLS(&tls.Config{ServerName: e.SMTPHost}); err != nil {
+			_ = client.Quit()
+			_ = conn.Close()
+			return nil, nil, fmt.Errorf("STARTTLS failed: %w", err)
+		}
+	}
+
+	return client, func() { _ = client.Quit() }, nil
+}
+
+func (e *EmailNotifier) authenticateWithRetry(
+	createClient func() (*smtp.Client, func(), error),
+	password string,
+	isAuthRequired bool,
+) (*smtp.Client, func(), error) {
+	client, cleanup, err := createClient()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if !isAuthRequired {
+		return client, cleanup, nil
+	}
+
+	// Try PLAIN auth first
+	plainAuth := smtp.PlainAuth("", e.SMTPUser, password, e.SMTPHost)
+	if err := client.Auth(plainAuth); err == nil {
+		return client, cleanup, nil
+	}
+
+	// PLAIN auth failed, connection may be closed - recreate and try LOGIN auth
+	cleanup()
+
+	client, cleanup, err = createClient()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	loginAuth := &loginAuth{username: e.SMTPUser, password: password}
+	if err := client.Auth(loginAuth); err != nil {
+		cleanup()
+		return nil, nil, fmt.Errorf("SMTP authentication failed: %w", err)
+	}
+
+	return client, cleanup, nil
+}
+
+func (e *EmailNotifier) sendEmail(client *smtp.Client, from string, content []byte) error {
+	if err := client.Mail(from); err != nil {
+		return fmt.Errorf("failed to set sender: %w", err)
+	}
+
+	if err := client.Rcpt(e.TargetEmail); err != nil {
+		return fmt.Errorf("failed to set recipient: %w", err)
+	}
+
+	writer, err := client.Data()
+	if err != nil {
+		return fmt.Errorf("failed to get data writer: %w", err)
+	}
+
+	if _, err = writer.Write(content); err != nil {
+		return fmt.Errorf("failed to write email content: %w", err)
+	}
+
+	if err = writer.Close(); err != nil {
+		return fmt.Errorf("failed to close data writer: %w", err)
+	}
+
+	return nil
+}

backend/internal/features/notifiers/models/webhook/model.go

@@ -10,20 +10,57 @@ import (
 	"net/http"
 	"net/url"
 	"postgresus-backend/internal/util/encryption"
+	"strings"
 
 	"github.com/google/uuid"
+	"gorm.io/gorm"
 )
 
+type WebhookHeader struct {
+	Key   string `json:"key"`
+	Value string `json:"value"`
+}
+
 type WebhookNotifier struct {
 	NotifierID    uuid.UUID     `json:"notifierId"    gorm:"primaryKey;column:notifier_id"`
 	WebhookURL    string        `json:"webhookUrl"    gorm:"not null;column:webhook_url"`
 	WebhookMethod WebhookMethod `json:"webhookMethod" gorm:"not null;column:webhook_method"`
+	BodyTemplate  *string       `json:"bodyTemplate"  gorm:"column:body_template;type:text"`
+	HeadersJSON   string        `json:"-"             gorm:"column:headers;type:text"`
+
+	Headers []WebhookHeader `json:"headers" gorm:"-"`
 }
 
 func (t *WebhookNotifier) TableName() string {
 	return "webhook_notifiers"
 }
 
+func (t *WebhookNotifier) BeforeSave(_ *gorm.DB) error {
+	if len(t.Headers) > 0 {
+		data, err := json.Marshal(t.Headers)
+
+		if err != nil {
+			return err
+		}
+
+		t.HeadersJSON = string(data)
+	} else {
+		t.HeadersJSON = "[]"
+	}
+
+	return nil
+}
+
+func (t *WebhookNotifier) AfterFind(_ *gorm.DB) error {
+	if t.HeadersJSON != "" {
+		if err := json.Unmarshal([]byte(t.HeadersJSON), &t.Headers); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (t *WebhookNotifier) Validate(encryptor encryption.FieldEncryptor) error {
 	if t.WebhookURL == "" {
 		return errors.New("webhook URL is required")
@@ -49,66 +86,9 @@ func (t *WebhookNotifier) Send(
 
 	switch t.WebhookMethod {
 	case WebhookMethodGET:
-		reqURL := fmt.Sprintf("%s?heading=%s&message=%s",
-			webhookURL,
-			url.QueryEscape(heading),
-			url.QueryEscape(message),
-		)
-
-		resp, err := http.Get(reqURL)
-		if err != nil {
-			return fmt.Errorf("failed to send GET webhook: %w", err)
-		}
-		defer func() {
-			if cerr := resp.Body.Close(); cerr != nil {
-				logger.Error("failed to close response body", "error", cerr)
-			}
-		}()
-
-		if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-			body, _ := io.ReadAll(resp.Body)
-			return fmt.Errorf(
-				"webhook GET returned status: %s, body: %s",
-				resp.Status,
-				string(body),
-			)
-		}
-
-		return nil
-
+		return t.sendGET(webhookURL, heading, message, logger)
 	case WebhookMethodPOST:
-		payload := map[string]string{
-			"heading": heading,
-			"message": message,
-		}
-
-		body, err := json.Marshal(payload)
-		if err != nil {
-			return fmt.Errorf("failed to marshal webhook payload: %w", err)
-		}
-
-		resp, err := http.Post(webhookURL, "application/json", bytes.NewReader(body))
-		if err != nil {
-			return fmt.Errorf("failed to send POST webhook: %w", err)
-		}
-
-		defer func() {
-			if cerr := resp.Body.Close(); cerr != nil {
-				logger.Error("failed to close response body", "error", cerr)
-			}
-		}()
-
-		if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-			body, _ := io.ReadAll(resp.Body)
-			return fmt.Errorf(
-				"webhook POST returned status: %s, body: %s",
-				resp.Status,
-				string(body),
-			)
-		}
-
-		return nil
-
+		return t.sendPOST(webhookURL, heading, message, logger)
 	default:
 		return fmt.Errorf("unsupported webhook method: %s", t.WebhookMethod)
 	}
@@ -120,15 +100,130 @@ func (t *WebhookNotifier) HideSensitiveData() {
 func (t *WebhookNotifier) Update(incoming *WebhookNotifier) {
 	t.WebhookURL = incoming.WebhookURL
 	t.WebhookMethod = incoming.WebhookMethod
+	t.BodyTemplate = incoming.BodyTemplate
+	t.Headers = incoming.Headers
 }
 
 func (t *WebhookNotifier) EncryptSensitiveData(encryptor encryption.FieldEncryptor) error {
 	if t.WebhookURL != "" {
 		encrypted, err := encryptor.Encrypt(t.NotifierID, t.WebhookURL)
+
 		if err != nil {
 			return fmt.Errorf("failed to encrypt webhook URL: %w", err)
 		}
+
 		t.WebhookURL = encrypted
 	}
+
 	return nil
 }
+
+func (t *WebhookNotifier) sendGET(webhookURL, heading, message string, logger *slog.Logger) error {
+	reqURL := fmt.Sprintf("%s?heading=%s&message=%s",
+		webhookURL,
+		url.QueryEscape(heading),
+		url.QueryEscape(message),
+	)
+
+	req, err := http.NewRequest(http.MethodGet, reqURL, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create GET request: %w", err)
+	}
+
+	t.applyHeaders(req)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return fmt.Errorf("failed to send GET webhook: %w", err)
+	}
+
+	defer func() {
+		if cerr := resp.Body.Close(); cerr != nil {
+			logger.Error("failed to close response body", "error", cerr)
+		}
+	}()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		body, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf(
+			"webhook GET returned status: %s, body: %s",
+			resp.Status,
+			string(body),
+		)
+	}
+
+	return nil
+}
+
+func (t *WebhookNotifier) sendPOST(webhookURL, heading, message string, logger *slog.Logger) error {
+	body := t.buildRequestBody(heading, message)
+
+	req, err := http.NewRequest(http.MethodPost, webhookURL, bytes.NewReader(body))
+	if err != nil {
+		return fmt.Errorf("failed to create POST request: %w", err)
+	}
+
+	hasContentType := false
+
+	for _, h := range t.Headers {
+		if strings.EqualFold(h.Key, "Content-Type") {
+			hasContentType = true
+			break
+		}
+	}
+
+	if !hasContentType {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	t.applyHeaders(req)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return fmt.Errorf("failed to send POST webhook: %w", err)
+	}
+
+	defer func() {
+		if cerr := resp.Body.Close(); cerr != nil {
+			logger.Error("failed to close response body", "error", cerr)
+		}
+	}()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		respBody, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf(
+			"webhook POST returned status: %s, body: %s",
+			resp.Status,
+			string(respBody),
+		)
+	}
+
+	return nil
+}
+
+func (t *WebhookNotifier) buildRequestBody(heading, message string) []byte {
+	if t.BodyTemplate != nil && *t.BodyTemplate != "" {
+		result := *t.BodyTemplate
+		result = strings.ReplaceAll(result, "{{heading}}", heading)
+		result = strings.ReplaceAll(result, "{{message}}", message)
+		return []byte(result)
+	}
+
+	payload := map[string]string{
+		"heading": heading,
+		"message": message,
+	}
+	body, _ := json.Marshal(payload)
+
+	return body
+}
+
+func (t *WebhookNotifier) applyHeaders(req *http.Request) {
+	for _, h := range t.Headers {
+		if h.Key != "" {
+			req.Header.Set(h.Key, h.Value)
+		}
+	}
+}

backend/migrations/20251128120000_add_webhook_headers_and_body_template.sql

@@ -0,0 +1,18 @@
+-- +goose Up
+-- +goose StatementBegin
+
+ALTER TABLE webhook_notifiers
+    ADD COLUMN body_template TEXT,
+    ADD COLUMN headers       TEXT DEFAULT '[]';
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+
+ALTER TABLE webhook_notifiers
+    DROP COLUMN body_template,
+    DROP COLUMN headers;
+
+-- +goose StatementEnd
+

deploy/postgresus/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/postgresus/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: postgresus
+description: A Helm chart for Postgresus - PostgreSQL backup and management system
+type: application
+version: 1.0.0
+appVersion: "v1.45.3"
+keywords:
+  - postgresql
+  - backup
+  - database
+  - restore
+home: https://github.com/RostislavDugin/postgresus

deploy/postgresus/README.md

@@ -0,0 +1,84 @@
+# Postgresus Helm Chart
+
+## Installation
+
+```bash
+helm install postgresus ./deploy/postgresus -n postgresus --create-namespace
+```
+
+## Configuration
+
+### Main Parameters
+
+| Parameter          | Description        | Default Value               |
+| ------------------ | ------------------ | --------------------------- |
+| `namespace.create` | Create namespace   | `true`                      |
+| `namespace.name`   | Namespace name     | `postgresus`                |
+| `image.repository` | Docker image       | `rostislavdugin/postgresus` |
+| `image.tag`        | Image tag          | `latest`                    |
+| `image.pullPolicy` | Image pull policy  | `Always`                    |
+| `replicaCount`     | Number of replicas | `1`                         |
+
+### Resources
+
+| Parameter                   | Description    | Default Value |
+| --------------------------- | -------------- | ------------- |
+| `resources.requests.memory` | Memory request | `1Gi`         |
+| `resources.requests.cpu`    | CPU request    | `500m`        |
+| `resources.limits.memory`   | Memory limit   | `1Gi`         |
+| `resources.limits.cpu`      | CPU limit      | `500m`        |
+
+### Storage
+
+| Parameter                      | Description               | Default Value          |
+| ------------------------------ | ------------------------- | ---------------------- |
+| `persistence.enabled`          | Enable persistent storage | `true`                 |
+| `persistence.storageClassName` | Storage class             | `""` (cluster default) |
+| `persistence.accessMode`       | Access mode               | `ReadWriteOnce`        |
+| `persistence.size`             | Storage size              | `10Gi`                 |
+| `persistence.mountPath`        | Mount path                | `/postgresus-data`     |
+
+### Service
+
+| Parameter                  | Description             | Default Value |
+| -------------------------- | ----------------------- | ------------- |
+| `service.type`             | Service type            | `ClusterIP`   |
+| `service.port`             | Service port            | `4005`        |
+| `service.targetPort`       | Target port             | `4005`        |
+| `service.headless.enabled` | Enable headless service | `true`        |
+
+### Ingress
+
+| Parameter               | Description       | Default Value            |
+| ----------------------- | ----------------- | ------------------------ |
+| `ingress.enabled`       | Enable Ingress    | `true`                   |
+| `ingress.className`     | Ingress class     | `nginx`                  |
+| `ingress.hosts[0].host` | Hostname          | `postgresus.example.com` |
+| `ingress.tls`           | TLS configuration | See values.yaml          |
+
+### Health Checks
+
+| Parameter                | Description            | Default Value |
+| ------------------------ | ---------------------- | ------------- |
+| `livenessProbe.enabled`  | Enable liveness probe  | `true`        |
+| `readinessProbe.enabled` | Enable readiness probe | `true`        |
+
+## Custom Ingress Example
+
+```yaml
+# custom-values.yaml
+ingress:
+  hosts:
+    - host: backup.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: backup-example-com-tls
+      hosts:
+        - backup.example.com
+```
+
+```bash
+helm install postgresus ./deploy/postgresus -n postgresus --create-namespace -f custom-values.yaml
+```

deploy/postgresus/helm/_helpers.tpl

@@ -0,0 +1,72 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "postgresus.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "postgresus.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "postgresus.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "postgresus.labels" -}}
+helm.sh/chart: {{ include "postgresus.chart" . }}
+{{ include "postgresus.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "postgresus.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "postgresus.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app: postgresus
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "postgresus.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "postgresus.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Namespace
+*/}}
+{{- define "postgresus.namespace" -}}
+{{- if .Values.namespace.create }}
+{{- .Values.namespace.name }}
+{{- else }}
+{{- .Release.Namespace }}
+{{- end }}
+{{- end }}

deploy/postgresus/helm/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "postgresus.fullname" . }}-ingress
+  namespace: {{ include "postgresus.namespace" . }}
+  labels:
+    {{- include "postgresus.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ include "postgresus.fullname" $ }}-service
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}

deploy/postgresus/helm/namespace.yaml

@@ -0,0 +1,8 @@
+{{- if .Values.namespace.create }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace.name }}
+  labels:
+    {{- include "postgresus.labels" . | nindent 4 }}
+{{- end }}

deploy/postgresus/helm/service.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "postgresus.fullname" . }}-service
+  namespace: {{ include "postgresus.namespace" . }}
+  labels:
+    {{- include "postgresus.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "postgresus.selectorLabels" . | nindent 4 }}
+---
+{{- if .Values.service.headless.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "postgresus.fullname" . }}-headless
+  namespace: {{ include "postgresus.namespace" . }}
+  labels:
+    {{- include "postgresus.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "postgresus.selectorLabels" . | nindent 4 }}
+{{- end }}

deploy/postgresus/helm/statefulset.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "postgresus.fullname" . }}
+  namespace: {{ include "postgresus.namespace" . }}
+  labels:
+    {{- include "postgresus.labels" . | nindent 4 }}
+spec:
+  serviceName: {{ include "postgresus.fullname" . }}-headless
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "postgresus.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "postgresus.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.targetPort }}
+              protocol: TCP
+          volumeMounts:
+            - name: postgresus-storage
+              mountPath: {{ .Values.persistence.mountPath }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe.httpGet | nindent 12 }}
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe.httpGet | nindent 12 }}
+            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+          {{- end }}
+  {{- if .Values.persistence.enabled }}
+  volumeClaimTemplates:
+    - metadata:
+        name: postgresus-storage
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode }}
+        {{- if .Values.persistence.storageClassName }}
+        storageClassName: {{ .Values.persistence.storageClassName }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size }}
+  {{- end }}
+  updateStrategy:
+    {{- toYaml .Values.updateStrategy | nindent 4 }}

deploy/postgresus/values.yaml

@@ -0,0 +1,111 @@
+# Default values for postgresus
+
+# Namespace configuration
+namespace:
+  create: true
+  name: postgresus
+
+# Image configuration
+image:
+  repository: rostislavdugin/postgresus
+  tag: latest
+  pullPolicy: Always
+
+# StatefulSet configuration
+replicaCount: 1
+
+# Service configuration
+service:
+  type: ClusterIP
+  port: 4005
+  targetPort: 4005
+  # Headless service for StatefulSet
+  headless:
+    enabled: true
+
+# Resource limits and requests
+resources:
+  requests:
+    memory: "1Gi"
+    cpu: "500m"
+  limits:
+    memory: "1Gi"
+    cpu: "500m"
+
+# Persistent storage configuration
+persistence:
+  enabled: true
+  # Storage class name. Leave empty to use cluster default.
+  # Examples: "longhorn", "standard", "gp2", etc.
+  storageClassName: ""
+  accessMode: ReadWriteOnce
+  size: 10Gi
+  # Mount path in container
+  mountPath: /postgresus-data
+
+# Ingress configuration
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/use-http2: "true"
+    # Gzip settings
+    nginx.ingress.kubernetes.io/enable-gzip: "true"
+    nginx.ingress.kubernetes.io/gzip-types: "text/plain text/css application/json application/javascript text/javascript text/xml application/xml application/xml+rss image/svg+xml"
+    nginx.ingress.kubernetes.io/gzip-min-length: "1000"
+    nginx.ingress.kubernetes.io/gzip-level: "9"
+    nginx.ingress.kubernetes.io/gzip-buffers: "16 8k"
+    nginx.ingress.kubernetes.io/gzip-http-version: "1.1"
+    nginx.ingress.kubernetes.io/gzip-vary: "on"
+    # Cert-manager settings
+    cert-manager.io/cluster-issuer: "clusteriissuer-letsencrypt"
+    cert-manager.io/duration: "2160h"
+    cert-manager.io/renew-before: "360h"
+  hosts:
+    - host: postgresus.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: postgresus.example.com-tls
+      hosts:
+        - postgresus.example.com
+
+# Health checks configuration
+# Note: The application only has /api/v1/system/health endpoint
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /api/v1/system/health
+    port: 4005
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 3
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /api/v1/system/health
+    port: 4005
+  initialDelaySeconds: 10
+  periodSeconds: 5
+  timeoutSeconds: 3
+  failureThreshold: 3
+
+# StatefulSet update strategy
+updateStrategy:
+  type: RollingUpdate
+  rollingUpdate:
+    partition: 0
+
+# Pod labels and annotations
+podLabels: {}
+podAnnotations: {}
+
+# Node selector, tolerations and affinity
+nodeSelector: {}
+tolerations: []
+affinity: {}

frontend/src/entity/notifiers/index.ts

@@ -9,6 +9,7 @@ export type { TelegramNotifier } from './models/telegram/TelegramNotifier';
 export { validateTelegramNotifier } from './models/telegram/validateTelegramNotifier';
 
 export type { WebhookNotifier } from './models/webhook/WebhookNotifier';
+export type { WebhookHeader } from './models/webhook/WebhookHeader';
 export { validateWebhookNotifier } from './models/webhook/validateWebhookNotifier';
 export { WebhookMethod } from './models/webhook/WebhookMethod';
 

frontend/src/entity/notifiers/models/webhook/WebhookHeader.ts

@@ -0,0 +1,4 @@
+export interface WebhookHeader {
+  key: string;
+  value: string;
+}

frontend/src/entity/notifiers/models/webhook/WebhookNotifier.ts

@@ -1,6 +1,9 @@
+import type { WebhookHeader } from './WebhookHeader';
 import type { WebhookMethod } from './WebhookMethod';
 
 export interface WebhookNotifier {
   webhookUrl: string;
   webhookMethod: WebhookMethod;
+  bodyTemplate?: string;
+  headers?: WebhookHeader[];
 }

frontend/src/features/databases/ui/edit/EditDatabaseSpecificDataComponent.tsx

@@ -48,10 +48,12 @@ export const EditDatabaseSpecificDataComponent = ({
 
   const [isConnectionTested, setIsConnectionTested] = useState(false);
   const [isTestingConnection, setIsTestingConnection] = useState(false);
+  const [isConnectionFailed, setIsConnectionFailed] = useState(false);
 
   const testConnection = async () => {
     if (!editingDatabase) return;
     setIsTestingConnection(true);
+    setIsConnectionFailed(false);
 
     try {
       await databaseApi.testDatabaseConnectionDirect(editingDatabase);
@@ -61,6 +63,7 @@ export const EditDatabaseSpecificDataComponent = ({
         description: 'You can continue with the next step',
       });
     } catch (e) {
+      setIsConnectionFailed(true);
       alert((e as Error).message);
     }
 
@@ -89,6 +92,7 @@ export const EditDatabaseSpecificDataComponent = ({
     setIsSaving(false);
     setIsConnectionTested(false);
     setIsTestingConnection(false);
+    setIsConnectionFailed(false);
 
     setEditingDatabase({ ...database });
   }, [database]);
@@ -327,6 +331,13 @@ export const EditDatabaseSpecificDataComponent = ({
           </Button>
         )}
       </div>
+
+      {isConnectionFailed && (
+        <div className="mt-3 text-sm text-gray-500 dark:text-gray-400">
+          If your database uses IP whitelist, make sure Postgresus server IP is added to the allowed
+          list.
+        </div>
+      )}
     </div>
   );
 };

frontend/src/features/notifiers/ui/edit/EditNotifierComponent.tsx

@@ -119,6 +119,7 @@ export function EditNotifierComponent({
       notifier.webhookNotifier = {
         webhookUrl: '',
         webhookMethod: WebhookMethod.POST,
+        headers: [],
       };
     }
 

frontend/src/features/notifiers/ui/edit/notifiers/EditWebhookNotifierComponent.tsx

@@ -1,7 +1,8 @@
-import { InfoCircleOutlined } from '@ant-design/icons';
-import { Input, Select, Tooltip } from 'antd';
+import { DeleteOutlined, InfoCircleOutlined, PlusOutlined } from '@ant-design/icons';
+import { Button, Input, Select, Tooltip } from 'antd';
+import { useMemo } from 'react';
 
-import type { Notifier } from '../../../../../entity/notifiers';
+import type { Notifier, WebhookHeader } from '../../../../../entity/notifiers';
 import { WebhookMethod } from '../../../../../entity/notifiers/models/webhook/WebhookMethod';
 
 interface Props {
@@ -10,7 +11,64 @@ interface Props {
   setUnsaved: () => void;
 }
 
+const DEFAULT_BODY_TEMPLATE = `{
+  "heading": "{{heading}}",
+  "message": "{{message}}"
+}`;
+
+function validateJsonTemplate(template: string): string | null {
+  if (!template.trim()) {
+    return null; // Empty is valid (will use default)
+  }
+
+  // Replace placeholders with valid JSON strings before parsing
+  const testJson = template.replace(/\{\{heading\}\}/g, 'test').replace(/\{\{message\}\}/g, 'test');
+
+  try {
+    JSON.parse(testJson);
+    return null;
+  } catch (e) {
+    if (e instanceof SyntaxError) {
+      return 'Invalid JSON format';
+    }
+    return 'Invalid JSON';
+  }
+}
+
 export function EditWebhookNotifierComponent({ notifier, setNotifier, setUnsaved }: Props) {
+  const headers = notifier?.webhookNotifier?.headers || [];
+  const bodyTemplate = notifier?.webhookNotifier?.bodyTemplate || '';
+
+  const jsonError = useMemo(() => validateJsonTemplate(bodyTemplate), [bodyTemplate]);
+
+  const updateWebhookNotifier = (updates: Partial<typeof notifier.webhookNotifier>) => {
+    setNotifier({
+      ...notifier,
+      webhookNotifier: {
+        ...(notifier.webhookNotifier || { webhookUrl: '', webhookMethod: WebhookMethod.POST }),
+        ...updates,
+      },
+    });
+    setUnsaved();
+  };
+
+  const addHeader = () => {
+    updateWebhookNotifier({
+      headers: [...headers, { key: '', value: '' }],
+    });
+  };
+
+  const updateHeader = (index: number, field: 'key' | 'value', value: string) => {
+    const newHeaders = [...headers];
+    newHeaders[index] = { ...newHeaders[index], [field]: value };
+    updateWebhookNotifier({ headers: newHeaders });
+  };
+
+  const removeHeader = (index: number) => {
+    const newHeaders = headers.filter((_, i) => i !== index);
+    updateWebhookNotifier({ headers: newHeaders });
+  };
+
   return (
     <>
       <div className="mb-1 flex w-full flex-col items-start sm:flex-row sm:items-center">
@@ -18,14 +76,7 @@ export function EditWebhookNotifierComponent({ notifier, setNotifier, setUnsaved
         <Input
           value={notifier?.webhookNotifier?.webhookUrl || ''}
           onChange={(e) => {
-            setNotifier({
-              ...notifier,
-              webhookNotifier: {
-                ...(notifier.webhookNotifier || { webhookMethod: WebhookMethod.POST }),
-                webhookUrl: e.target.value.trim(),
-              },
-            });
-            setUnsaved();
+            updateWebhookNotifier({ webhookUrl: e.target.value.trim() });
           }}
           size="small"
           className="w-full max-w-[250px]"
@@ -39,54 +90,162 @@ export function EditWebhookNotifierComponent({ notifier, setNotifier, setUnsaved
           <Select
             value={notifier?.webhookNotifier?.webhookMethod || WebhookMethod.POST}
             onChange={(value) => {
-              setNotifier({
-                ...notifier,
-                webhookNotifier: {
-                  ...(notifier.webhookNotifier || { webhookUrl: '' }),
-                  webhookMethod: value,
-                },
-              });
-              setUnsaved();
+              updateWebhookNotifier({ webhookMethod: value });
             }}
             size="small"
-            className="w-full max-w-[250px]"
+            className="w-[100px] max-w-[250px]"
             options={[
               { value: WebhookMethod.POST, label: 'POST' },
               { value: WebhookMethod.GET, label: 'GET' },
             ]}
           />
-
-          <Tooltip
-            className="cursor-pointer"
-            title="The HTTP method that will be used to call the webhook"
-          >
-            <InfoCircleOutlined className="ml-2" style={{ color: 'gray' }} />
-          </Tooltip>
         </div>
       </div>
 
+      <div className="mt-3 mb-1 flex w-full flex-col items-start">
+        <div className="mb-1 flex items-center">
+          <span className="min-w-[150px]">
+            Custom headers{' '}
+            <Tooltip title="Add custom HTTP headers to the webhook request (e.g., Authorization, X-API-Key)">
+              <InfoCircleOutlined className="ml-1" style={{ color: 'gray' }} />
+            </Tooltip>
+          </span>
+        </div>
+
+        <div className="w-full max-w-[500px]">
+          {headers.map((header: WebhookHeader, index: number) => (
+            <div key={index} className="mb-1 flex items-center gap-2">
+              <Input
+                value={header.key}
+                onChange={(e) => updateHeader(index, 'key', e.target.value)}
+                size="small"
+                style={{ width: 150, flexShrink: 0 }}
+                placeholder="Header name"
+              />
+              <Input
+                value={header.value}
+                onChange={(e) => updateHeader(index, 'value', e.target.value)}
+                size="small"
+                style={{ flex: 1, minWidth: 0 }}
+                placeholder="Header value"
+              />
+              <Button
+                type="text"
+                danger
+                size="small"
+                icon={<DeleteOutlined />}
+                onClick={() => removeHeader(index)}
+              />
+            </div>
+          ))}
+
+          <Button
+            type="dashed"
+            size="small"
+            icon={<PlusOutlined />}
+            onClick={addHeader}
+            className="mt-1"
+          >
+            Add header
+          </Button>
+        </div>
+      </div>
+
+      {notifier?.webhookNotifier?.webhookMethod === WebhookMethod.POST && (
+        <div className="mt-3 mb-1 flex w-full flex-col items-start">
+          <div className="mb-1 flex items-center">
+            <span className="min-w-[150px]">Body template </span>
+          </div>
+
+          <div className="mb-2 text-xs text-gray-500 dark:text-gray-400">
+            <span className="mr-4">
+              <code className="rounded bg-gray-100 px-1.5 py-0.5 dark:bg-gray-700">
+                {'{{heading}}'}
+              </code>{' '}
+              — notification title
+            </span>
+            <span>
+              <code className="rounded bg-gray-100 px-1.5 py-0.5 dark:bg-gray-700">
+                {'{{message}}'}
+              </code>{' '}
+              — notification message
+            </span>
+          </div>
+
+          <Input.TextArea
+            value={bodyTemplate}
+            onChange={(e) => {
+              updateWebhookNotifier({ bodyTemplate: e.target.value });
+            }}
+            className="w-full max-w-[500px] font-mono text-xs"
+            rows={6}
+            placeholder={DEFAULT_BODY_TEMPLATE}
+            status={jsonError ? 'error' : undefined}
+          />
+          {jsonError && <div className="mt-1 text-xs text-red-500">{jsonError}</div>}
+        </div>
+      )}
+
       {notifier?.webhookNotifier?.webhookUrl && (
-        <div className="mt-3">
-          <div className="mb-1">Example request</div>
+        <div className="mt-4">
+          <div className="mb-1 font-medium">Example request</div>
 
           {notifier?.webhookNotifier?.webhookMethod === WebhookMethod.GET && (
-            <div className="rounded bg-gray-100 p-2 px-3 text-sm break-all">
-              GET {notifier?.webhookNotifier?.webhookUrl}?heading=✅ Backup completed for
-              database&message=Backup completed successfully in 2m 17s.\nCompressed backup size:
-              1.7GB
+            <div className="rounded bg-gray-100 p-2 px-3 text-sm break-all dark:bg-gray-800">
+              <div className="font-semibold text-blue-600 dark:text-blue-400">GET</div>
+              <div className="mt-1">
+                {notifier?.webhookNotifier?.webhookUrl}
+                {
+                  '?heading=✅ Backup completed for database "my-database" (workspace "Production")&message=Backup completed successfully in 1m 23s.%0ACompressed backup size: 256.00 MB'
+                }
+              </div>
+              {headers.length > 0 && (
+                <div className="mt-2 border-t border-gray-200 pt-2 dark:border-gray-600">
+                  <div className="text-xs font-semibold text-gray-500 dark:text-gray-400">
+                    Headers:
+                  </div>
+                  {headers
+                    .filter((h) => h.key)
+                    .map((h, i) => (
+                      <div key={i} className="text-xs">
+                        {h.key}: {h.value || '(empty)'}
+                      </div>
+                    ))}
+                </div>
+              )}
             </div>
           )}
 
           {notifier?.webhookNotifier?.webhookMethod === WebhookMethod.POST && (
-            <div className="rounded bg-gray-100 p-2 px-3 font-mono text-sm break-all whitespace-pre-line">
-              {`POST ${notifier?.webhookNotifier?.webhookUrl}
-Content-Type: application/json
-
-{
-  "heading": "✅ Backup completed for database",
-  "message": "Backup completed successfully in 2m 17s.\\nCompressed backup size: 1.7GB"
-}
-`}
+            <div className="rounded bg-gray-100 p-2 px-3 font-mono text-sm break-words whitespace-pre-wrap dark:bg-gray-800">
+              <div className="font-semibold text-blue-600 dark:text-blue-400">
+                POST {notifier?.webhookNotifier?.webhookUrl}
+              </div>
+              <div className="mt-1 text-gray-600 dark:text-gray-400">
+                {headers.find((h) => h.key.toLowerCase() === 'content-type')
+                  ? ''
+                  : 'Content-Type: application/json'}
+                {headers
+                  .filter((h) => h.key)
+                  .map((h) => `\n${h.key}: ${h.value}`)
+                  .join('')}
+              </div>
+              <div className="mt-2 break-words whitespace-pre-wrap">
+                {notifier?.webhookNotifier?.bodyTemplate
+                  ? notifier.webhookNotifier.bodyTemplate
+                      .replace(
+                        '{{heading}}',
+                        '✅ Backup completed for database "my-database" (workspace "Production")',
+                      )
+                      .replace(
+                        '{{message}}',
+                        'Backup completed successfully in 1m 23s.\\nCompressed backup size: 256.00 MB',
+                      )
+                  : `{
+  "heading": "✅ Backup completed for database "my-database" (workspace "My workspace")",
+  "message": "Backup completed successfully in 1m 23s. Compressed backup size: 256.00 MB"
+}`}
+              </div>
             </div>
           )}
         </div>

frontend/src/features/notifiers/ui/show/notifier/ShowWebhookNotifierComponent.tsx

@@ -1,22 +1,50 @@
-import type { Notifier } from '../../../../../entity/notifiers';
+import type { Notifier, WebhookHeader } from '../../../../../entity/notifiers';
+import { WebhookMethod } from '../../../../../entity/notifiers';
 
 interface Props {
   notifier: Notifier;
 }
 
 export function ShowWebhookNotifierComponent({ notifier }: Props) {
+  const headers = notifier?.webhookNotifier?.headers || [];
+  const hasHeaders = headers.filter((h: WebhookHeader) => h.key).length > 0;
+
   return (
     <>
       <div className="flex items-center">
         <div className="min-w-[110px]">Webhook URL</div>
-
-        <div className="w-[250px]">{notifier?.webhookNotifier?.webhookUrl || '-'}</div>
+        <div className="max-w-[350px] truncate">{notifier?.webhookNotifier?.webhookUrl || '-'}</div>
       </div>
 
       <div className="mt-1 mb-1 flex items-center">
         <div className="min-w-[110px]">Method</div>
         <div>{notifier?.webhookNotifier?.webhookMethod || '-'}</div>
       </div>
+
+      {hasHeaders && (
+        <div className="mt-1 mb-1 flex items-start">
+          <div className="min-w-[110px]">Headers</div>
+          <div className="flex flex-col text-sm">
+            {headers
+              .filter((h: WebhookHeader) => h.key)
+              .map((h: WebhookHeader, i: number) => (
+                <div key={i} className="text-gray-600">
+                  <span className="font-medium">{h.key}:</span> {h.value || '(empty)'}
+                </div>
+              ))}
+          </div>
+        </div>
+      )}
+
+      {notifier?.webhookNotifier?.webhookMethod === WebhookMethod.POST &&
+        notifier?.webhookNotifier?.bodyTemplate && (
+          <div className="mt-1 mb-1 flex items-start">
+            <div className="min-w-[110px]">Body Template</div>
+            <div className="max-w-[350px] rounded bg-gray-50 p-2 font-mono text-xs whitespace-pre-wrap">
+              {notifier.webhookNotifier.bodyTemplate}
+            </div>
+          </div>
+        )}
     </>
   );
 }

install-postgresus.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e  # Exit on any error
+
 # Check if script is run as root
 if [ "$(id -u)" -ne 0 ]; then
     echo "Error: This script must be run as root (sudo ./install-postgresus.sh)" >&2
@@ -27,39 +29,88 @@ else
     log "Directory already exists: $INSTALL_DIR"
 fi
 
+# Detect OS
+detect_os() {
+    if [ -f /etc/os-release ]; then
+        . /etc/os-release
+        OS=$ID
+        VERSION_CODENAME=${VERSION_CODENAME:-}
+    else
+        log "ERROR: Cannot detect OS. /etc/os-release not found."
+        exit 1
+    fi
+}
+
 # Check if Docker is installed
 if ! command -v docker &> /dev/null; then
     log "Docker not found. Installing Docker..."
     
-    # Install Docker
+    detect_os
+    log "Detected OS: $OS, Codename: $VERSION_CODENAME"
+    
+    # Install prerequisites
     apt-get update
-    apt-get remove -y docker docker-engine docker.io containerd runc
-    apt-get install -y ca-certificates curl gnupg lsb-release
-    mkdir -p /etc/apt/keyrings
-    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+    apt-get install -y ca-certificates curl gnupg
+
+    # Set up Docker repository
+    install -m 0755 -d /etc/apt/keyrings
+    
+    # Determine Docker repo URL based on OS
+    case "$OS" in
+        ubuntu)
+            DOCKER_URL="https://download.docker.com/linux/ubuntu"
+            # Fallback for unsupported versions
+            case "$VERSION_CODENAME" in
+                plucky|oracular) VERSION_CODENAME="noble" ;;  # Ubuntu 25.x -> 24.04
+            esac
+            ;;
+        debian)
+            DOCKER_URL="https://download.docker.com/linux/debian"
+            # Fallback for unsupported versions
+            case "$VERSION_CODENAME" in
+                trixie|forky) VERSION_CODENAME="bookworm" ;;  # Debian 13/14 -> 12
+            esac
+            ;;
+        *)
+            log "ERROR: Unsupported OS: $OS. Please install Docker manually."
+            exit 1
+            ;;
+    esac
+    
+    log "Using Docker repository: $DOCKER_URL with codename: $VERSION_CODENAME"
+    
+    # Download and add Docker GPG key (no sudo needed - already root)
+    curl -fsSL "$DOCKER_URL/gpg" | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+    chmod a+r /etc/apt/keyrings/docker.gpg
+    
+    # Add Docker repository
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOCKER_URL $VERSION_CODENAME stable" > /etc/apt/sources.list.d/docker.list
+    
     apt-get update
-    apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+    
+    # Verify Docker installation
+    if ! command -v docker &> /dev/null; then
+        log "ERROR: Docker installation failed!"
+        exit 1
+    fi
+    
     log "Docker installed successfully"
 else
     log "Docker already installed"
 fi
 
-# Check if docker-compose is installed
-if ! command -v docker-compose &> /dev/null && ! command -v docker compose &> /dev/null; then
-    log "Docker Compose not found. Installing Docker Compose..."
-    apt-get update
-    apt-get install -y docker-compose-plugin
-    log "Docker Compose installed successfully"
+# Check if docker compose is available
+if ! docker compose version &> /dev/null; then
+    log "ERROR: Docker Compose plugin not available!"
+    exit 1
 else
-    log "Docker Compose already installed"
+    log "Docker Compose available"
 fi
 
 # Write docker-compose.yml
 log "Writing docker-compose.yml to $INSTALL_DIR"
 cat > "$INSTALL_DIR/docker-compose.yml" << 'EOF'
-version: "3"
-
 services:
   postgresus:
     container_name: postgresus
@@ -75,11 +126,15 @@ log "docker-compose.yml created successfully"
 # Start PostgresUS
 log "Starting PostgresUS..."
 cd "$INSTALL_DIR"
-docker compose up -d
-log "PostgresUS started successfully"
+if docker compose up -d; then
+    log "PostgresUS started successfully"
+else
+    log "ERROR: Failed to start PostgresUS!"
+    exit 1
+fi
 
 log "Postgresus installation completed successfully!"
 log "-------------------------------------------"
 log "To launch:"
 log "> cd $INSTALL_DIR && docker compose up -d"
-log "Access Postgresus at: http://localhost:4005"
+log "Access Postgresus at: http://localhost:4005"