diff --git a/playbooks/install-standard-docker.yml b/playbooks/install-standard-docker.yml
index e20f0a3..fb8dd9d 100644
--- a/playbooks/install-standard-docker.yml
+++ b/playbooks/install-standard-docker.yml
@@ -1,18 +1,22 @@
 ---
-- name: Install Docker using official Docker documentation steps
+- name: Install Docker using official Docker documentation steps and set up /opt/docker
   hosts: docker
   become: true
+  gather_facts: true
 
   vars:
     docker_keyring_path: /etc/apt/keyrings/docker.asc
     docker_repo_list_path: /etc/apt/sources.list.d/docker.list
+    docker_acl_path: /opt/docker
 
   tasks:
+    # --- Prereqs ---
     - name: Ensure required packages are installed
       apt:
         name:
           - ca-certificates
           - curl
+          - acl # Required for setfacl
         state: present
         update_cache: yes
 
@@ -44,16 +48,47 @@
     - name: Flush handlers to update apt cache before install
       meta: flush_handlers
 
+    # --- Docker Install ---
     - name: Install Docker packages
       apt:
         name:
-          - docker-ce # Core Docker engine
-          - docker-ce-cli # CLI tool
-          - containerd.io # Container runtime
-          - docker-buildx-plugin # Buildx plugin
-          - docker-compose-plugin # Compose v2 plugin
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
         state: present
-        update_cache: no # already handled by handler
+        update_cache: no
+
+    - name: Ensure docker group exists
+      group:
+        name: docker
+        state: present
+
+    - name: Ensure Docker service is enabled and running
+      systemd:
+        name: docker
+        enabled: true
+        state: started
+
+    # --- ACL & Folder Standardization ---
+    - name: Ensure Docker base folder exists with correct ownership
+      file:
+        path: "{{ docker_acl_path }}"
+        state: directory
+        owner: root
+        group: docker
+        mode: "0775"
+
+    - name: Check for existing default ACL on Docker folder
+      command: getfacl --access --default {{ docker_acl_path }}
+      register: facl_check
+      changed_when: false
+      failed_when: false
+
+    - name: Set default ACL for docker group if not already present
+      command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
+      when: "'group:docker:rwx' not in facl_check.stdout"
 
   handlers:
     - name: Update apt cache