diff --git a/roles/wal-g-pg/files/wal-g-postgresql.cil b/roles/wal-g-pg/files/wal-g-postgresql.cil
new file mode 100644
index 0000000..f288f8b
--- /dev/null
+++ b/roles/wal-g-pg/files/wal-g-postgresql.cil
@@ -0,0 +1 @@
+(allow postgresql_t http_port_t (tcp_socket (name_connect)))
diff --git a/roles/wal-g-pg/handlers/main.yml b/roles/wal-g-pg/handlers/main.yml
new file mode 100644
index 0000000..ec02016
--- /dev/null
+++ b/roles/wal-g-pg/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: load wal-g-postgresql selinux module
+  command:
+    semodule -i /usr/local/share/selinux/wal-g-postgresql.cil
diff --git a/roles/wal-g-pg/meta/main.yml b/roles/wal-g-pg/meta/main.yml
new file mode 100644
index 0000000..6b7c3b9
--- /dev/null
+++ b/roles/wal-g-pg/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+- dch-yum
diff --git a/roles/wal-g-pg/tasks/main.yml b/roles/wal-g-pg/tasks/main.yml
new file mode 100644
index 0000000..ac51f9f
--- /dev/null
+++ b/roles/wal-g-pg/tasks/main.yml
@@ -0,0 +1,38 @@
+- name: ensure wal-g is installed
+  package:
+    name: wal-g-postgresql
+    state: present
+  tags:
+  - install
+
+- name: ensure wal-g is configured
+  copy:
+    content: |+
+      {{ wal_g_pg_config | to_nice_yaml(indent=2) }}
+    dest: /etc/postgresql/wal-g.yml
+    owner: root
+    group: postgres
+    mode: u=rw,g=r,o=
+  tags:
+  - config
+
+- name: ensure local selinux share directory exists
+  file:
+    path: /usr/local/share/selinux
+    state: directory
+  tags:
+  - selinux
+- name: ensure wal-g-postgresql selinux module is installed
+  copy:
+    src: wal-g-postgresql.cil
+    dest: /usr/local/share/selinux/wal-g-postgresql.cil
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - load wal-g-postgresql selinux module
+  tags:
+  - selinux
+
+- name: flush handlers
+  meta: flush_handlers