diff --git a/db/network.tf b/db/network.tf
index 414a775..b7aee32 100644
--- a/db/network.tf
+++ b/db/network.tf
@@ -1,6 +1,7 @@
 resource "docker_network" "mariadb" {
-  name   = "mariadb"
-  driver = "bridge"
+  name     = "mariadb"
+  driver   = "bridge"
+  internal = true
 
   ipam_config {
     subnet  = "172.19.0.0/28"
@@ -9,11 +10,23 @@ resource "docker_network" "mariadb" {
 }
 
 resource "docker_network" "mongorocks" {
-  name   = "mongorocks"
-  driver = "bridge"
+  name     = "mongorocks"
+  driver   = "bridge"
+  internal = true
 
   ipam_config {
     subnet  = "172.20.0.0/29"
     gateway = "172.20.0.1"
   }
 }
+
+resource "docker_network" "postgres" {
+  name     = "postgres"
+  driver   = "bridge"
+  internal = true
+
+  ipam_config {
+    subnet  = "172.20.0.8/29"
+    gateway = "172.20.0.9"
+  }
+}
diff --git a/db/outputs.tf b/db/outputs.tf
index 12eb24f..44e6640 100644
--- a/db/outputs.tf
+++ b/db/outputs.tf
@@ -5,3 +5,7 @@ output "names-mariadb" {
 output "networks-mongorocks" {
   value = "${docker_network.mongorocks.name}"
 }
+
+output "postgres-network-id" {
+  value = "${docker_network.postgres.name}"
+}
diff --git a/db/postgres.tf b/db/postgres.tf
new file mode 100644
index 0000000..ef905f8
--- /dev/null
+++ b/db/postgres.tf
@@ -0,0 +1,45 @@
+resource "docker_container" "postgres" {
+  name  = "postgres"
+  image = "${docker_image.postgres.latest}"
+
+  volumes {
+    volume_name    = "${docker_volume.postgres_volume.name}"
+    container_path = "/var/lib/postgresql/data"
+    host_path      = "${docker_volume.postgres_volume.mountpoint}"
+  }
+
+  // This is so that other host-only services can share this
+  ports {
+    internal = 5432
+    external = 5432
+    ip       = "${var.ips["eth0"]}"
+  }
+
+  // This is a not-so-great idea
+  // TODO: Figure out a better way to make terraform SSH and then connect to localhost
+  ports {
+    internal = 5432
+    external = 5432
+    ip       = "${var.ips["tun0"]}"
+  }
+
+  memory                = 256
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  env = [
+    "POSTGRES_PASSWORD=${var.postgres-root-password}",
+  ]
+
+  networks = ["${docker_network.postgres.id}"]
+}
+
+resource "docker_image" "postgres" {
+  name          = "${data.docker_registry_image.postgres.name}"
+  pull_triggers = ["${data.docker_registry_image.postgres.sha256_digest}"]
+}
+
+data "docker_registry_image" "postgres" {
+  name = "postgres:${var.postgres-version}"
+}
diff --git a/db/variables.tf b/db/variables.tf
index 708e0b3..555c9fc 100644
--- a/db/variables.tf
+++ b/db/variables.tf
@@ -3,8 +3,14 @@ variable "mariadb-version" {
   default     = "10.2.14"
 }
 
+variable "postgres-version" {
+  description = "postgres version to use for fetching the docker image"
+  default     = "10-alpine"
+}
+
 variable "ips" {
   type = "map"
 }
 
 variable "mysql_root_password" {}
+variable "postgres-root-password" {}
diff --git a/db/volumes.tf b/db/volumes.tf
index 4a066c3..2ad7e2a 100644
--- a/db/volumes.tf
+++ b/db/volumes.tf
@@ -2,6 +2,10 @@ resource "docker_volume" "mariadb_volume" {
   name = "mariadb_volume"
 }
 
+resource "docker_volume" "postgres_volume" {
+  name = "postgres_volume"
+}
+
 resource "docker_volume" "mongorocks_data_volume" {
   name = "mongorocks_data_volume"
 }
diff --git a/main.tf b/main.tf
index 97f1f1f..9a96c91 100644
--- a/main.tf
+++ b/main.tf
@@ -26,9 +26,10 @@ module "docker" {
 }
 
 module "db" {
-  source              = "db"
-  mysql_root_password = "${var.mysql_root_password}"
-  ips                 = "${var.ips}"
+  source                 = "db"
+  mysql_root_password    = "${var.mysql_root_password}"
+  postgres-root-password = "${var.postgres-root-password}"
+  ips                    = "${var.ips}"
 }
 
 module "timemachine" {
@@ -71,12 +72,12 @@ module "radicale" {
 }
 
 module "tt-rss" {
-  source             = "tt-rss"
-  domain             = "rss.captnemo.in"
-  mysql_password     = "${var.mysql-ttrss-password}"
-  links-db           = "${module.db.names-mariadb}"
-  traefik-labels     = "${var.traefik-common-labels}"
-  traefik-network-id = "${module.docker.traefik-network-id}"
+  source              = "tt-rss"
+  domain              = "rss.captnemo.in"
+  mysql_password      = "${var.mysql-ttrss-password}"
+  traefik-labels      = "${var.traefik-common-labels}"
+  traefik-network-id  = "${module.docker.traefik-network-id}"
+  postgres-network-id = "${module.db.postgres-network-id}"
 }
 
 module "rss-bridge" {
diff --git a/providers.tf b/providers.tf
index 39a8f54..94d9629 100644
--- a/providers.tf
+++ b/providers.tf
@@ -14,6 +14,14 @@ provider "mysql" {
   password = "${var.mysql_root_password}"
 }
 
+provider "postgresql" {
+  host     = "postgres.in.bb8.fun"
+  port     = 5432
+  username = "postgres"
+  password = "${var.postgres-root-password}"
+  sslmode  = "disable"
+}
+
 provider "digitalocean" {
   token = "${var.digitalocean-token}"
 }
diff --git a/tt-rss/db-postgres.tf b/tt-rss/db-postgres.tf
new file mode 100644
index 0000000..833a41f
--- /dev/null
+++ b/tt-rss/db-postgres.tf
@@ -0,0 +1,10 @@
+resource "postgresql_database" "ttrss" {
+  name  = "ttrss"
+  owner = "ttrss"
+}
+
+resource "postgresql_role" "ttrss" {
+  name     = "ttrss"
+  login    = true
+  password = "${var.mysql_password}"
+}
diff --git a/tt-rss/db.tf b/tt-rss/db.tf
deleted file mode 100644
index d790d1e..0000000
--- a/tt-rss/db.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-resource "mysql_database" "ttrss" {
-  name = "ttrss"
-}
-
-resource "mysql_user" "ttrss" {
-  user               = "ttrss"
-  host               = "%"
-  plaintext_password = "${var.mysql_password}"
-}
-
-resource "mysql_grant" "ttrss" {
-  user       = "${mysql_user.ttrss.user}"
-  host       = "${mysql_user.ttrss.host}"
-  database   = "${mysql_database.ttrss.name}"
-  privileges = ["ALL"]
-}
diff --git a/tt-rss/main.tf b/tt-rss/main.tf
index d209401..9e4e7ee 100644
--- a/tt-rss/main.tf
+++ b/tt-rss/main.tf
@@ -22,9 +22,7 @@ resource "docker_container" "tt-rss" {
     container_path = "/config"
   }
 
-  networks = ["${var.traefik-network-id}"]
-
-  links = ["mariadb"]
+  networks = ["${var.traefik-network-id}", "${var.postgres-network-id}"]
 
   env = [
     "TZ=Asia/Kolkata",
diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf
index d47b922..71629cf 100644
--- a/tt-rss/variables.tf
+++ b/tt-rss/variables.tf
@@ -3,7 +3,7 @@ variable "domain" {
 }
 
 variable "mysql_password" {}
-variable "links-db" {}
+variable "postgres-network-id" {}
 
 variable "traefik-labels" {
   type = "map"
diff --git a/variables.tf b/variables.tf
index d8156f7..155b15c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -15,6 +15,10 @@ variable "mysql_root_password" {
   type = "string"
 }
 
+variable "postgres-root-password" {
+  type = "string"
+}
+
 variable "mysql_lychee_password" {}
 
 variable "mysql_airsonic_password" {}