diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
new file mode 100644
index 0000000..40709cf
--- /dev/null
+++ b/roles/docker/files/daemon.json
@@ -0,0 +1,4 @@
+{
+  "log-driver": "journald",
+  "userns-remap": "default"
+}
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
new file mode 100644
index 0000000..07aa0eb
--- /dev/null
+++ b/roles/docker/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart docker
+  ansible.builtin.service:
+    name: docker
+    state: restarted
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..7f03c6b
--- /dev/null
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: Enable repository
+  ansible.builtin.get_url:
+    url: https://download.docker.com/linux/centos/docker-ce.repo
+    dest: /etc/yum.repos.d/docker-ce.repo
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Install packages
+  ansible.builtin.package:
+    name: docker-ce
+    state: installed
+
+- name: Enable user namespaces
+  ansible.posix.sysctl:
+    name: user.max_user_namespaces
+    value: "10240"
+    sysctl_file: /etc/sysctl.d/00-docker.conf
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/docker
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Copy config
+  ansible.builtin.copy:
+    dest: /etc/docker/daemon.json
+    src: daemon.json
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart docker
+
+- name: Start service
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true