diff --git a/roles/homeassistant/files/homeassistant-local.pp b/roles/homeassistant/files/homeassistant-local.pp
new file mode 100644
index 0000000..e3fe854
Binary files /dev/null and b/roles/homeassistant/files/homeassistant-local.pp differ
diff --git a/roles/homeassistant/files/homeassistant-local.te b/roles/homeassistant/files/homeassistant-local.te
new file mode 100644
index 0000000..60f2983
--- /dev/null
+++ b/roles/homeassistant/files/homeassistant-local.te
@@ -0,0 +1,21 @@
+
+module homeassistant-local 1.0;
+
+require {
+	type container_t;
+	type system_dbusd_var_run_t;
+	type system_dbusd_t;
+	type bluetooth_t;
+	class sock_file write;
+	class unix_stream_socket connectto;
+	class dbus send_msg;
+}
+
+#============= bluetooth_t ==============
+allow bluetooth_t container_t:dbus send_msg;
+
+#============= container_t ==============
+allow container_t bluetooth_t:dbus send_msg;
+allow container_t system_dbusd_t:dbus send_msg;
+allow container_t system_dbusd_t:unix_stream_socket connectto;
+allow container_t system_dbusd_var_run_t:sock_file write;
diff --git a/roles/homeassistant/tasks/main.yml b/roles/homeassistant/tasks/main.yml
index d8637aa..f2f53d1 100644
--- a/roles/homeassistant/tasks/main.yml
+++ b/roles/homeassistant/tasks/main.yml
@@ -10,6 +10,42 @@
     group: ha
     shell: /sbin/nologin
 
+- name: Install dependencies
+  ansible.builtin.package:
+    name: bluez
+    state: installed
+
+- name: Enable bluetooth services
+  ansible.builtin.service:
+    name: bluetooth
+    state: started
+    enabled: true
+
+- name: Copy SELinux module
+  ansible.builtin.copy:
+    dest: /usr/local/share/selinux/homeassistant-local.pp
+    src: homeassistant-local.pp
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Check if selinux module is loaded
+  ansible.builtin.command:
+    argv:
+      - semodule
+      - -l
+  register: result
+  check_mode: false
+  changed_when: false
+
+- name: Install SELinux module
+  ansible.builtin.command:
+    argv:
+      - semodule
+      - -i
+      - /usr/local/share/selinux/homeassistant-local.pp
+  when: '"homeassistant-local" not in result.stdout_lines'
+
 - name: Fix SELinux contexts from config directory
   community.general.sefcontext:
     path: /export/homeassistant(/.*)?
diff --git a/roles/homeassistant/templates/homeassistant-container.service.j2 b/roles/homeassistant/templates/homeassistant-container.service.j2
index e83d1a5..433490a 100644
--- a/roles/homeassistant/templates/homeassistant-container.service.j2
+++ b/roles/homeassistant/templates/homeassistant-container.service.j2
@@ -9,6 +9,8 @@ ExecStart=/usr/bin/podman run \
     --rm -p 127.0.0.1:8001:8123 \
     --name homeassistant \
     --env TZ=Europe/Helsinki \
+    --userns keep-id \
+    --volume /run/dbus:/run/dbus:rw \
     --volume /srv/homeassistant:/config:rw \
     docker.io/homeassistant/home-assistant:{{ homeassistant_version }}
 ExecStop=/usr/bin/podman stop --ignore homeassistant