diff --git a/roles/docker-distribution/handlers/main.yml b/roles/docker-distribution/handlers/main.yml
new file mode 100644
index 0000000..e5d7ddf
--- /dev/null
+++ b/roles/docker-distribution/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart docker-distribution
+  service:
+    name: docker-distribution
+    state: restarted
diff --git a/roles/docker-distribution/tasks/main.yml b/roles/docker-distribution/tasks/main.yml
new file mode 100644
index 0000000..181f565
--- /dev/null
+++ b/roles/docker-distribution/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: install packages
+  package:
+    name: docker-distribution
+    state: installed
+
+- name: create config file
+  template:
+    dest: /etc/docker-distribution/registry/config.yml
+    src: config.yml.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart docker-distribution
+
+- name: start service
+  service:
+    name: docker-distribution
+    state: started
+    enabled: true
diff --git a/roles/docker-distribution/templates/config.yml.j2 b/roles/docker-distribution/templates/config.yml.j2
new file mode 100644
index 0000000..a919ed4
--- /dev/null
+++ b/roles/docker-distribution/templates/config.yml.j2
@@ -0,0 +1,19 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+  cache:
+    layerinfo: inmemory
+  filesystem:
+    rootdirectory: /srv/registry
+http:
+  addr: :5000
+  tls:
+    certificate: {{ tls_certs }}/{{ inventory_hostname }}.crt
+    key: {{ tls_private }}/{{ inventory_hostname }}.key
+    clientcas:
+      - {{ tls_certs }}/ca.crt
+    minimumtls: 1.3
+  headers:
+    X-Content-Type-Options: [nosniff]