diff --git a/.github/workflows/lint-ansible.yml b/.github/workflows/lint-ansible.yml
index 46804d3..5d18ee2 100644
--- a/.github/workflows/lint-ansible.yml
+++ b/.github/workflows/lint-ansible.yml
@@ -1,10 +1,6 @@
 name: Lint Ansible
 
 on:
-  push:
-    paths:
-      - 'ansible/**'
-      - '.github/workflows/lint-ansible.yml'
   pull_request:
     paths:
       - 'ansible/**'
diff --git a/ansible/inventory/host_vars/london-b.yml b/ansible/inventory/host_vars/london-b.yml
index fa7c949..30bf2c0 100644
--- a/ansible/inventory/host_vars/london-b.yml
+++ b/ansible/inventory/host_vars/london-b.yml
@@ -20,4 +20,3 @@ common_ufw_allowed_ports:
   - {port: 6881, proto: tcp, comment: "BitTorrent"}
   - {port: 6881, proto: udp, comment: "BitTorrent"}
   - {port: 445, proto: tcp, comment: "Samba"}
-
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index 5872d0c..fde1b5d 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -1,17 +1,73 @@
 ---
-# Install Docker and docker-compose, start the daemon.
+# Set up Docker's official apt repository and install Docker + Compose plugin.
 
-- name: Install Docker (Debian)
+- name: Install prerequisites for Docker repo (Debian/Ubuntu)
   ansible.builtin.apt:
     name:
-      - docker.io
+      - ca-certificates
+      - curl
+      - gnupg
+    state: present
+    update_cache: true
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Create keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Set Docker repo variables
+  ansible.builtin.set_fact:
+    docker_distro: >-
+      {{ 'ubuntu' if ansible_facts['distribution'] == 'Ubuntu' else 'debian' }}
+    docker_arch: >-
+      {{ ansible_facts['architecture']
+      | regex_replace('x86_64', 'amd64')
+      | regex_replace('aarch64', 'arm64') }}
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Build Docker repo line
+  ansible.builtin.set_fact:
+    docker_repo: >-
+      deb [arch={{ docker_arch }}
+      signed-by=/etc/apt/keyrings/docker.asc]
+      https://download.docker.com/linux/{{ docker_distro }}
+      {{ ansible_facts['distribution_release'] }} stable
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Add Docker GPG key
+  ansible.builtin.get_url:
+    url: "https://download.docker.com/linux/{{ docker_distro }}/gpg"
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'
+    force: false
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Add Docker apt repository
+  ansible.builtin.apt_repository:
+    repo: "{{ docker_repo }}"
+    filename: docker
+    state: present
+    update_cache: true
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Install Docker (Debian/Ubuntu)
+  ansible.builtin.apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
       - docker-compose-plugin
     state: present
   when: ansible_facts["os_family"] == "Debian"
 
-- name: Remove conflicting docker-compose package (Debian)
+- name: Remove old docker packages (Debian/Ubuntu)
   ansible.builtin.apt:
-    name: docker-compose
+    name:
+      - docker.io
+      - docker-compose
     state: absent
   when: ansible_facts["os_family"] == "Debian"
 
diff --git a/ansible/services/promtail/config/london-b.yml b/ansible/services/promtail/config/london-b.yml
index 4c979b6..33605b2 100644
--- a/ansible/services/promtail/config/london-b.yml
+++ b/ansible/services/promtail/config/london-b.yml
@@ -1,3 +1,4 @@
+---
 server:
   http_listen_port: 9080
   grpc_listen_port: 0
@@ -9,23 +10,23 @@ clients:
   - url: http://192.168.1.254:3100/loki/api/v1/push
 
 scrape_configs:
-- job_name: london-b
-  static_configs:
-  - targets:
-      - localhost
-    labels:
-      job: varlogs
-      instance: london-b
-      __path__: /var/log/*log
-  - targets:
-      - localhost
-    labels:
-      job: plex
-      instance: london-b
-      __path__: /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/*log
-  - targets:
-      - localhost
-    labels:
-      job: jellyfin
-      instance: london-b
-      __path__: /var/log/jellyfin/*log
+  - job_name: london-b
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: varlogs
+          instance: london-b
+          __path__: /var/log/*log
+      - targets:
+          - localhost
+        labels:
+          job: plex
+          instance: london-b
+          __path__: /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/*log
+      - targets:
+          - localhost
+        labels:
+          job: jellyfin
+          instance: london-b
+          __path__: /var/log/jellyfin/*log