From 19f2eff8fec8a7102d8d8bc16368878397da970b Mon Sep 17 00:00:00 2001
From: Ryan Hamilton <ryanehamil@outlook.com>
Date: Sun, 13 Jul 2025 21:24:00 -0500
Subject: [PATCH] Enhance Docker setup: set setgid bit on /opt/docker and
 /srv/docker, and configure default ACL for dockerdata group

---
 playbooks/install-standard-docker.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/playbooks/install-standard-docker.yml b/playbooks/install-standard-docker.yml
index ab1d8c5..a0cd09b 100644
--- a/playbooks/install-standard-docker.yml
+++ b/playbooks/install-standard-docker.yml
@@ -85,6 +85,11 @@
         group: docker
         mode: "0775"
 
+    - name: Set setgid bit on /opt/docker so group is inherited
+      file:
+        path: "{{ docker_acl_path }}"
+        mode: "2775"
+
     - name: Check for existing default ACL on Docker folder
       command: getfacl --access --default {{ docker_acl_path }}
       register: facl_check
@@ -121,6 +126,20 @@
         group: "{{ docker_data_group }}"
         mode: "0770"
 
+    - name: Set setgid bit on /srv/docker so group is inherited
+      file:
+        path: "{{ srv_docker_path }}"
+        mode: "2770"
+
+    - name: Set default ACL for dockerdata group on /srv/docker
+      ansible.posix.acl:
+        path: "{{ srv_docker_path }}"
+        entity: "{{ docker_data_group }}"
+        etype: group
+        permissions: rwx
+        default: yes
+        state: present
+
   handlers:
     - name: Update apt cache
       apt: