diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 8d8aedc..28b30f3 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -8,4 +8,4 @@ docker_compose: "{{ (docker_official | bool) | ternary('/usr/bin/docker compose'
 docker_official: false
 docker_repos_keys: "{{ docker_repos_path }}/.keys"
 docker_repos_keytype: rsa
-docker_repos_path: /srv/.compose_repos
\ No newline at end of file
+docker_repos_path: /srv/.compose_repos
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
index 7719bf2..843841c 100644
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@@ -4,7 +4,7 @@
   listen: compose_systemd
 
 - name: Find which services had a docker-compose.yml updated
-  set_fact:
+  ansible.builtin.set_fact:
     compose_restart_list: "{{ (compose_restart_list | default([])) + [item.item.name] }}"
   loop: "{{ compose_update.results }}"
   loop_control:
@@ -13,7 +13,7 @@
   listen: compose_restart
 
 - name: Find which services had their .env updated
-  set_fact:
+  ansible.builtin.set_fact:
     compose_restart_list: "{{ (compose_restart_list | default([])) + [item.item.name] }}"
   loop: "{{ compose_env_update.results }}"
   loop_control:
@@ -29,20 +29,20 @@
   listen: restart_mariadb # hijack handler for early restart
 
 - name: Set MariaDB as restarted
-  set_fact:
+  ansible.builtin.set_fact:
     mariadb_restarted: true
   when: not mariadb_restarted
   listen: restart_mariadb
 
-- name: Restart {{ docker_compose_service }} services
+- name: Restart compose services
   ansible.builtin.systemd:
     state: restarted
     name: "{{ docker_compose_service }}@{{ item }}"
-  loop: "{{ compose_restart_list | unique }}"
+  loop: "{{ compose_restart_list | default([]) | unique }}"
   when: compose_restart_list is defined
   listen: compose_restart
 
-- name: Start {{ docker_compose_service }} services and enable on boot
+- name: Start compose services and enable on boot
   ansible.builtin.service:
     name: "{{ docker_compose_service }}@{{ item.name }}"
     state: started
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 561dd16..90389c5 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -3,6 +3,9 @@
     url: "{{ docker_apt_keyring_url }}"
     dest: "{{ docker_apt_keyring }}"
     checksum: "sha256:{{ docker_apt_keyring_hash }}"
+    mode: "644"
+    owner: root
+    group: root
   when: docker_official
 
 - name: Remove official Docker APT key