diff --git a/host_vars/lasagne.binary.kitchen b/host_vars/lasagne.binary.kitchen
index 05ac66c..4871259 100644
--- a/host_vars/lasagne.binary.kitchen
+++ b/host_vars/lasagne.binary.kitchen
@@ -36,4 +36,6 @@ mosquitto_bridges:
     address: 172.23.4.6:1883
     topics:
       - topic: "# out 0"
-      - topic: "# in 0"
\ No newline at end of file
+      - topic: "# in 0"
+
+ha_pg_db_pass: "{{ vault_ha_pg_db_pass }}"
\ No newline at end of file
diff --git a/roles/homeassistant/defaults/main.yml b/roles/homeassistant/defaults/main.yml
index 8565fda..b7a786f 100644
--- a/roles/homeassistant/defaults/main.yml
+++ b/roles/homeassistant/defaults/main.yml
@@ -11,3 +11,8 @@ ha_venv_dir: "/opt/homeassistant"
 
 # The default user
 ha_user: homeassistant
+
+ha_pg_db_version: 15
+ha_pg_db_name: homeassistant
+ha_pg_db_user: homeassistant
+ha_pg_db_pass: xxxxx
diff --git a/roles/homeassistant/handlers/main.yml b/roles/homeassistant/handlers/main.yml
new file mode 100644
index 0000000..8cb9a93
--- /dev/null
+++ b/roles/homeassistant/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart postgresql
+  ansible.builtin.service:
+    name: postgresql
+    state: restarted
diff --git a/roles/homeassistant/tasks/main.yml b/roles/homeassistant/tasks/main.yml
index bd2e656..ee248b2 100644
--- a/roles/homeassistant/tasks/main.yml
+++ b/roles/homeassistant/tasks/main.yml
@@ -8,3 +8,4 @@
   ansible.builtin.include_tasks: '{{ item }}'
   loop:
     - preparation.yml
+    - postgres.yml
diff --git a/roles/homeassistant/tasks/postgres.yml b/roles/homeassistant/tasks/postgres.yml
new file mode 100644
index 0000000..eee0f56
--- /dev/null
+++ b/roles/homeassistant/tasks/postgres.yml
@@ -0,0 +1,54 @@
+---
+
+- name: Postgres | establish dependencies
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - postgresql-{{ ha_pg_db_version }}
+    - libpq-dev
+    - python3-psycopg2
+
+- name: Postgres | Configure PostgreSQL database
+  community.general.postgresql_db:
+    name: "{{ ha_pg_db_name }}"
+    template: template0
+    encoding: utf8
+  become: true
+  become_user: postgres
+
+- name: Postgres | Configure PostgreSQL user
+  community.general.postgresql_user:
+    db: "{{ ha_pg_db_name }}"
+    name: "{{ ha_pg_db_user }}"
+    password: "{{ ha_pg_db_pass }}"
+  become: true
+  become_user: postgres
+
+- name: Postgres | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ ha_pg_db_user }}
+  community.postgresql.postgresql_privs:
+    db: "{{ ha_pg_db_user }}"
+    privs: ALL
+    type: schema
+    objs: public
+    role: "{{ ha_pg_db_user }}"
+  become: true
+  become_user: postgres
+
+- name: Postgres | Grant all users access to all dbs
+  community.general.postgresql_pg_hba:
+    dest: /etc/postgresql/{{ ha_pg_db_version }}/main/pg_hba.conf
+    contype: host
+    users: all
+    databases: all
+    method: scram-sha-256
+    source: 0.0.0.0/0
+  notify: Restart postgresql
+
+- name: Postgres | Listen to external interfaces
+  community.general.postgresql_set:
+    name: listen_addresses
+    value: "*"
+  become: true
+  become_user: postgres
+  notify: Restart postgresql