diff --git a/group_vars/postgresql.yml b/group_vars/postgresql.yml
index da6e2fa..c74d4b2 100644
--- a/group_vars/postgresql.yml
+++ b/group_vars/postgresql.yml
@@ -23,6 +23,11 @@ postgresql_config:
   hot_standby: 'on'
 
 pg_hba_extra:
+- type: local
+  database: all
+  user: postgres-exporter
+  address: ''
+  method: peer
 - type: hostssl
   database: sameuser
   user: all
diff --git a/postgresql.yml b/postgresql.yml
index 2f84ac4..dd65d9d 100644
--- a/postgresql.yml
+++ b/postgresql.yml
@@ -9,3 +9,5 @@
     tags:
     - wal-g
   - postgresql-server
+  - role: postgres-exporter
+    tags: postgres-exporter
diff --git a/roles/postgres-exporter/handlers/main.yml b/roles/postgres-exporter/handlers/main.yml
new file mode 100644
index 0000000..12b5cae
--- /dev/null
+++ b/roles/postgres-exporter/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: reload systemd
+  systemd:
+    daemon_reload: true
+
+- name: restart postgres exporter
+  service:
+    name: postgres-exporter
+    state: restarted
diff --git a/roles/postgres-exporter/tasks/main.yml b/roles/postgres-exporter/tasks/main.yml
new file mode 100644
index 0000000..5c3fb3f
--- /dev/null
+++ b/roles/postgres-exporter/tasks/main.yml
@@ -0,0 +1,85 @@
+- name: ensure required packages are installed
+  package:
+    name:
+    - acl
+    - podman
+    - python3-psycopg2
+    state: present
+  tags:
+  - install
+
+- name: ensure postgres-exporter os group exists
+  group:
+    name: postgres-exporter
+    gid: 221
+    system: true
+    state: present
+  tags:
+  - user
+  - group
+- name: ensure postgres-exporter os user exists
+  user:
+    name: postgres-exporter
+    uid: 221
+    system: true
+    state: present
+  tags:
+  - user
+
+- name: ensure postgres-exporter postgresql role exists
+  become_user: postgres
+  postgresql_user:
+    name: postgres-exporter
+    state: present
+  tags:
+  - pguser
+- name: ensure postgres-exporter postgresql is in pg_monitor group
+  become_user: postgres
+  postgresql_membership:
+    groups:
+    - pg_monitor
+    target_roles:
+    - postgres-exporter
+  tags:
+  - pguser
+
+- name: ensure postgres-exporter container is defined
+  template:
+    src: postgres-exporter.container.j2
+    dest: /etc/containers/systemd/postgres-exporter.container
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload systemd
+  - restart postgres exporter
+  tags:
+  - systemd
+  - container
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: ensure postgres exporter starts at boot
+  service:
+    name: postgres-exporter
+    enabled: true
+  tags:
+  - service
+
+- name: ensure postgres exporter is running
+  service:
+    name: postgres-exporter
+    state: started
+  tags:
+  - service
+
+- name: ensure firewall is configured for postgres exporter
+  firewalld:
+    port: 9187/tcp
+    immediate: true
+    permanent: true
+    state: enabled
+  when: host_uses_firewalld|d(true)
+  tags:
+  - firewalld
diff --git a/roles/postgres-exporter/templates/postgres-exporter.container.j2 b/roles/postgres-exporter/templates/postgres-exporter.container.j2
new file mode 100644
index 0000000..0a0a681
--- /dev/null
+++ b/roles/postgres-exporter/templates/postgres-exporter.container.j2
@@ -0,0 +1,19 @@
+[Unit]
+Description=PostgreSQL Exporter for Prometheus
+Wants=network-online.target
+After=network-online.target
+After=postgresql.service
+
+[Container]
+Image=quay.io/prometheuscommunity/postgres-exporter:v0.15.0
+Environment=DATA_SOURCE_URI='postgres-exporter@:5432/template1?host=/run/postgresql'
+Mount=type=bind,source=/run/postgresql,target=/run/postgresql
+# container_t cannot access the PostgreSQL socket postgresql_var_run_t
+SecurityLabelDisable=true
+User=221
+Group=221
+DropCapability=all
+PublishPort=9187:9187
+
+[Install]
+WantedBy=multi-user.target