diff --git a/roles/homeassistant/defaults/main.yml b/roles/homeassistant/defaults/main.yml
index 7a4f441..86bd068 100644
--- a/roles/homeassistant/defaults/main.yml
+++ b/roles/homeassistant/defaults/main.yml
@@ -1,4 +1,7 @@
 ---
+homeassistant_become: true
+homeassistant_become_user: root
+
 homeassistant_dir: /srv/homeassistant
 is_a_raspberrypi: false
 
diff --git a/roles/homeassistant/tasks/main.yml b/roles/homeassistant/tasks/main.yml
index ef3f378..bf4f632 100644
--- a/roles/homeassistant/tasks/main.yml
+++ b/roles/homeassistant/tasks/main.yml
@@ -1,97 +1,102 @@
 ---
-- name: install homeassistant dependencies
-  apt:
-    name:
-      - autoconf
-      - build-essential
-      - libffi-dev
-      - libopenjp2-7
-      - libssl-dev
-      - libtiff5
-      - python3
-      - python3-dev
-      - python3-pip
-      - virtualenv
-    update_cache: true
-    cache_valid_time: 3600
+- block:
 
-- name: ensure homeassistant group exits
-  group:
-    name: homeassistant
-    system: true
+  - name: install homeassistant dependencies
+    apt:
+      name:
+        - autoconf
+        - build-essential
+        - libffi-dev
+        - libopenjp2-7
+        - libssl-dev
+        - libtiff5
+        - python3
+        - python3-dev
+        - python3-pip
+        - virtualenv
+      update_cache: true
+      cache_valid_time: 3600
 
-- name: ensure homeassistant user exists and has restrictive settings
-  user:
-    name: homeassistant
-    groups: homeassistant
-    password: "*"
-    home: "{{ homeassistant_dir }}"
-    system: true
-    shell: /usr/sbin/nologin
+  - name: ensure homeassistant group exits
+    group:
+      name: homeassistant
+      system: true
 
-- name: get available groups
-  getent:
-    database: group
+  - name: ensure homeassistant user exists and has restrictive settings
+    user:
+      name: homeassistant
+      groups: homeassistant
+      password: "*"
+      home: "{{ homeassistant_dir }}"
+      system: true
+      shell: /usr/sbin/nologin
 
-- name: add homeassistant user to ssl-cert group
-  user:
-    name: homeassistant
-    groups: ssl-cert
-    append: true
-  become: true
-  when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
+  - name: get available groups
+    getent:
+      database: group
 
-- name: add homeassistant user to dialout, gpio and i2c groups
-  user:
-    name: homeassistant
-    groups: dialout,gpio,i2c
-    append: true
-  when: is_a_raspberrypi
+  - name: add homeassistant user to ssl-cert group
+    user:
+      name: homeassistant
+      groups: ssl-cert
+      append: true
+    become: true
+    when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
 
-- name: install wheel and homeassistant inside a virtualenv
-  pip:
-    name:
-      - wheel
-      - homeassistant
-    virtualenv: "{{ homeassistant_dir }}"
+  - name: add homeassistant user to dialout, gpio and i2c groups
+    user:
+      name: homeassistant
+      groups: dialout,gpio,i2c
+      append: true
+    when: is_a_raspberrypi
 
-- name: ensure homeassistant owns "{{ homeassistant_dir }}"
-  file:
-    path: "{{ homeassistant_dir }}"
-    state: directory
-    recurse: true
-    owner: homeassistant
-    group: homeassistant
+  - name: install wheel and homeassistant inside a virtualenv
+    pip:
+      name:
+        - wheel
+        - homeassistant
+      virtualenv: "{{ homeassistant_dir }}"
 
-- name: install homeassistant systemd unit file
-  template:
-    src: etc/systemd/system/homeassistant.service.j2
-    dest: /etc/systemd/system/homeassistant.service
-  notify:
-    - systemctl daemon-reload
+  - name: ensure homeassistant owns "{{ homeassistant_dir }}"
+    file:
+      path: "{{ homeassistant_dir }}"
+      state: directory
+      recurse: true
+      owner: homeassistant
+      group: homeassistant
 
-- name: systemctl enable homeassistant
-  systemd:
-    name: homeassistant
-    enabled: true
+  - name: install homeassistant systemd unit file
+    template:
+      src: etc/systemd/system/homeassistant.service.j2
+      dest: /etc/systemd/system/homeassistant.service
+    notify:
+      - systemctl daemon-reload
 
-- name: ensure homeassistant is running
-  systemd:
-    name: homeassistant
-    state: started
+  - name: systemctl enable homeassistant
+    systemd:
+      name: homeassistant
+      enabled: true
 
-- name: Wait for port 8123
-  wait_for:
-    port: 8123
-    delay: 10
+  - name: ensure homeassistant is running
+    systemd:
+      name: homeassistant
+      state: started
 
-- name: add custom TLS settings in configuration.yaml
-  blockinfile:
-    path: /srv/homeassistant/.homeassistant/configuration.yaml
-    marker: "# {mark} ANSIBLE TLS SETTINGS"
-    block: |
-      http:
-        ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
-        ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
-  when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
-  notify: systemctl restart homeassistant
+  - name: Wait for port 8123
+    wait_for:
+      port: 8123
+      delay: 10
+
+  - name: add custom TLS settings in configuration.yaml
+    blockinfile:
+      path: /srv/homeassistant/.homeassistant/configuration.yaml
+      marker: "# {mark} ANSIBLE TLS SETTINGS"
+      block: |
+        http:
+          ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
+          ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
+    when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
+    notify: systemctl restart homeassistant
+
+  become: "{{ homeassistant_become }}"
+  become_user: "{{ homeassistant_become_user }}"