diff --git a/roles/home/README.md b/roles/home/README.md
new file mode 100644
index 00000000..5f4e1133
--- /dev/null
+++ b/roles/home/README.md
@@ -0,0 +1,9 @@
+TODO
+
+## Notes
+
+- Official Docs recommend running in privileged mode (it appears to facilitate 
+  the opening of serial ports for Z-Wave devices etc) which I have not done as it
+  removes the benefits of running in a containerized environment.
+
+- Official Docs recommend running in host networking mode, which is not implemented here.
\ No newline at end of file
diff --git a/roles/home/defaults/main.yml b/roles/home/defaults/main.yml
new file mode 100644
index 00000000..c6205f2b
--- /dev/null
+++ b/roles/home/defaults/main.yml
@@ -0,0 +1 @@
+subdomain_homeassistant: home
\ No newline at end of file
diff --git a/roles/home/tasks/backup.yml b/roles/home/tasks/backup.yml
new file mode 100644
index 00000000..3b835af0
--- /dev/null
+++ b/roles/home/tasks/backup.yml
@@ -0,0 +1,7 @@
+---
+- name: Backup home
+  ansible.builtin.include_role:
+    name: common
+    tasks_from: backup
+  vars:
+    app: home
diff --git a/roles/home/tasks/main.yml b/roles/home/tasks/main.yml
new file mode 100644
index 00000000..50c5ae46
--- /dev/null
+++ b/roles/home/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Install home
+  include_role:
+    name: common
+    tasks_from: install
+  vars:
+    app: home
+    data_dirs:
+    - config
diff --git a/roles/home/tasks/remove.yml b/roles/home/tasks/remove.yml
new file mode 100644
index 00000000..b26527f8
--- /dev/null
+++ b/roles/home/tasks/remove.yml
@@ -0,0 +1,7 @@
+---
+- name: Remove home
+  ansible.builtin.include_role:
+    name: common
+    tasks_from: remove
+  vars:
+    app: home
diff --git a/roles/home/tasks/restore.yml b/roles/home/tasks/restore.yml
new file mode 100644
index 00000000..b366d316
--- /dev/null
+++ b/roles/home/tasks/restore.yml
@@ -0,0 +1,7 @@
+---
+- name: Restore home
+  ansible.builtin.include_role:
+    name: common
+    tasks_from: restore
+  vars:
+    app: home
diff --git a/roles/home/templates/compose.yml.j2 b/roles/home/templates/compose.yml.j2
new file mode 100644
index 00000000..42d04f76
--- /dev/null
+++ b/roles/home/templates/compose.yml.j2
@@ -0,0 +1,25 @@
+version: "3.8"
+services:
+  homeassistant:
+    image: homeassistant/home-assistant
+    user: "{{uid}}:{{gid}}"  # run the container service as app user (not root)
+    restart: unless-stopped
+    environment:
+      TZ: {{tz}}
+    volumes:
+    - {{app_root}}/config:/config
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.homeassistant.entrypoints: websecure
+      traefik.http.routers.homeassistant.rule: Host(`{{subdomain_homeassistant}}.{{domain}}`)
+      traefik.http.routers.homeassistant.tls: "true"
+      traefik.http.services.homeassistant.loadbalancer.server.port: 8123
+{% if server_is_live %}
+      traefik.http.routers.get.tls.certresolver: {{cert_resolver}}
+{% endif %}
+    networks:
+      - traefik
+
+networks:
+  traefik:
+    external: true
\ No newline at end of file