diff --git a/files/docker.gpg b/files/docker.gpg
new file mode 100644
index 0000000..e5dc8cf
Binary files /dev/null and b/files/docker.gpg differ
diff --git a/playbook.yml b/playbook.yml
index 94f374a..31110d5 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -9,6 +9,7 @@
   tasks:
     - import_tasks: 'tasks/setup.yml'
     - import_tasks: 'tasks/network.yml'
+    - import_tasks: 'tasks/docker.yml'
     - import_tasks: 'tasks/radicale.yml'
     - import_tasks: 'tasks/syncthing.yml'
     - import_tasks: 'tasks/transmission.yml'
diff --git a/tasks/docker.yml b/tasks/docker.yml
new file mode 100644
index 0000000..1fdd32a
--- /dev/null
+++ b/tasks/docker.yml
@@ -0,0 +1,27 @@
+- name: 'prepare apt keyring'
+  become: true
+  command: install -m 0755 -d /etc/apt/keyrings
+
+- name: 'copy docker gpg key'
+  become: true
+  file:
+    src: 'files/docker.gpg'
+    dest: '/etc/apt/keyrings/docker.gpg'
+    owner: root
+
+- name: 'install docker apt source'
+  become: true
+  template:
+    src: 'templates/docker/docker.j2'
+    dest: '/etc/apt/sources.list.d/docker.list'
+    owner: root
+
+- name: 'install docker'
+  become: true
+  apt:
+    update_cache: true
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-compose-plugin
diff --git a/templates/docker.j2 b/templates/docker.j2
new file mode 100644
index 0000000..6fd69da
--- /dev/null
+++ b/templates/docker.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable
diff --git a/vars/main.yml b/vars/main.yml
index 395e098..013632a 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -6,3 +6,5 @@ packages:
   - mpd
   - python3-virtualenv
   - wireguard-tools
+  - ca-certificates
+  - gnupg