diff --git a/README.md b/README.md
index 0b0d5d7e5d871e6f21f56624820f434d368bdb3f..076360754581f9546a843cda431fa91970fe19c1 100644
--- a/README.md
+++ b/README.md
@@ -100,4 +100,12 @@ exclude_files: {}
 # Only supportet in restic based backups
 # Ignored in vm-via-hypervisor mode
 include_files: {}
+
+# Run one or more hooks before and after each (standalone) backup run
+# Items are executed in bash in their own subshell
+hooks:
+  pre_run:
+  - mysqldump --all-databases > /var/backups/mysql-backup.sql
+  post_run:
+  - rm /var/backups/mysql-backup.sql
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index f8db1fff11ef6fff18e4870366d07d4a86388095..6bdfbf141a52d355b117edc3436c49b01ed4e8f2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -48,3 +48,6 @@ backups:
     '/root/.ansible/*': true
   include_files:
     '/': true
+  hooks:
+    pre_run: []
+    post_run: []
diff --git a/templates/backup-standalone.j2 b/templates/backup-standalone.j2
index bd5dd655c48905147570d46ef2b06958e56e85ad..375a96577c12a804b30a0f7b29dd5aa22636ca61 100755
--- a/templates/backup-standalone.j2
+++ b/templates/backup-standalone.j2
@@ -3,21 +3,38 @@ set -euo pipefail
 
 test -f "/etc/backup-client/enabled" || { echo "Standalone backup is disabled"; exit 0; }
 
-{% if backup_backend == 'restic' %}
-# restic backend
-source /etc/backup-client/restic.env
-
-restic backup \
-	{{ restic_combined_flags }} \
-	--verbose \
-	--exclude-caches \
-	--one-file-system \
-	--exclude "${RESTIC_REPOSITORY}" \
-	--exclude-file "/etc/backup-client/exclude_files" \
-	--files-from "/etc/backup-client/include_files"
+{% if backups.hooks.pre_run %}
+echo "Running pre_run hooks"
+{% for cmd in backups.hooks.pre_run %}
+( {{ cmd }} )
+{% endfor %}
+echo "Hooks done"
+{% endif %}
 
+{% if backup_backend == 'restic' %}
+# Run restic in subshell to avoid leaking environment to post_run hooks
+(
+	# restic backend
+	source /etc/backup-client/restic.env
 
+	restic backup \
+		{{ restic_combined_flags }} \
+		--verbose \
+		--exclude-caches \
+		--one-file-system \
+		--exclude "${RESTIC_REPOSITORY}" \
+		--exclude-file "/etc/backup-client/exclude_files" \
+		--files-from "/etc/backup-client/include_files"
+)
 {% endif %}
 {% if not backup_backend %}
 echo "Noop, backup is handled external"
 {% endif %}
+
+{% if backups.hooks.post_run %}
+echo "Running post_run hooks"
+{% for cmd in backups.hooks.post_run %}
+( {{ cmd }} )
+{% endfor %}
+echo "Hooks done"
+{% endif %}