diff --git a/defaults/main.yml b/defaults/main.yml
index 654733a..a6e1945 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -68,6 +68,7 @@ postgres_db: []
 
 postgres_db_extra: []
 
+postgres_clean_hba_file: True
 postgres_hba_entries:
   - contype: local
     databases:
diff --git a/tasks/install.yml b/tasks/install.yml
index cfa6055..e261b89 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -35,5 +35,14 @@
     - name: Ensure database is initialized
       command: "/usr/pgsql-{{ __postgres_version }}/bin/postgresql-{{ __postgres_version }}-setup initdb"
       when: not __pgdata_dir_version.stat.exists
+  
+    - name: Override default pg_hba.conf with a clean one
+      template:
+        src: templates/postgresql/data/pg_hba.conf.j2
+        dest: "{{ __postgres_config_path }}/pg_hba.conf"
+        mode: 0644
+      when:
+        - not __pgdata_dir_version.stat.exists
+        - postgres_clean_hba_file | bool
   become: True
   become_user: root
diff --git a/tasks/post_tasks.yml b/tasks/post_tasks.yml
index fdc7bf1..bf3a45a 100644
--- a/tasks/post_tasks.yml
+++ b/tasks/post_tasks.yml
@@ -9,7 +9,7 @@
     lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
     encoding: "{{ item.encoding | default('UTF-8') }}"
     template: "{{ item.template | default('template0') }}"
-    login_host: "{{ item.login_host | default('localhost') }}"
+    login_host: "{{ item.login_host | default(omit) }}"
     login_password: "{{ item.login_password | default(omit) }}"
     login_user: "{{ item.login_user | default(postgres_user) }}"
     login_unix_socket: "{{ item.login_unix_socket | default(omit) }}"
@@ -29,7 +29,7 @@
     priv: "{{ item.priv | default(omit) }}"
     role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
     db: "{{ item.db | default(omit) }}"
-    login_host: "{{ item.login_host | default('localhost') }}"
+    login_host: "{{ item.login_host | default(omit) }}"
     login_password: "{{ item.login_password | default(omit) }}"
     login_user: "{{ item.login_user | default(postgres_user) }}"
     login_unix_socket: "{{ item.login_unix_socket | default(postgres_socket_directories[0]) }}"
diff --git a/templates/postgresql/data/pg_hba.conf.j2 b/templates/postgresql/data/pg_hba.conf.j2
new file mode 100644
index 0000000..2f49f08
--- /dev/null
+++ b/templates/postgresql/data/pg_hba.conf.j2
@@ -0,0 +1,5 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
+# TYPE  DATABASE        USER            ADDRESS                 METHOD