Enhance Docker setup: set setgid bit on /opt/docker and /srv/docker, and configure default ACL for dockerdata group

playbooks/install-standard-docker.yml

@@ -85,6 +85,11 @@
         group: docker
         mode: "0775"
 
+    - name: Set setgid bit on /opt/docker so group is inherited
+      file:
+        path: "{{ docker_acl_path }}"
+        mode: "2775"
+
     - name: Check for existing default ACL on Docker folder
       command: getfacl --access --default {{ docker_acl_path }}
       register: facl_check
@@ -121,6 +126,20 @@
         group: "{{ docker_data_group }}"
         mode: "0770"
 
+    - name: Set setgid bit on /srv/docker so group is inherited
+      file:
+        path: "{{ srv_docker_path }}"
+        mode: "2770"
+
+    - name: Set default ACL for dockerdata group on /srv/docker
+      ansible.posix.acl:
+        path: "{{ srv_docker_path }}"
+        entity: "{{ docker_data_group }}"
+        etype: group
+        permissions: rwx
+        default: yes
+        state: present
+
   handlers:
     - name: Update apt cache
       apt: