diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml
index 76e6d17..d7af76c 100644
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@@ -88,7 +88,7 @@ nomad_base_conf:
       cpu: 200
       # can be expressed as number, in which case it'll be the amount of RAM to reserve in MB
       # or as a percentage, in which case it'll be a percentage of the total RAM
-      memory: 15%
+      memory: 8%
       # When memory is expressed as a percentage, you can set a minimum amount (in MB) which will be set
       # if the percentage is less than that
       memory_min: 500
@@ -122,6 +122,15 @@ nomad_base_conf:
           - namespace
           - node_name
           - node_id
+        # Authentication for OCI registries
+        # auths:
+        #   - registry: oci.example.org
+        #     login: foo
+        #     password: bar
+        #   - registry: docker.io
+        #     login: daniel
+        #     password: S3cr3t.
+        auths: []
       raw_exec:
         enabled: False
       java:
diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index c76d426..1721c51 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -172,3 +172,7 @@
     - key: net.bridge.bridge-nf-call-iptables
       val: 1
   tags: nomad
+
+- name: Deploy Docker auth config
+  template: src=docker_auth.json.j2 dest={{ nomad_root_dir }}/docker/auth.json owner={{ nomad_user }} group={{ nomad_user }} mode=600
+  tags: nomad
diff --git a/roles/nomad/tasks/directories.yml b/roles/nomad/tasks/directories.yml
index fb4e3f8..1094b8a 100644
--- a/roles/nomad/tasks/directories.yml
+++ b/roles/nomad/tasks/directories.yml
@@ -32,6 +32,9 @@
     - dir: etc
       owner: root
       mode: 755
+    - dir: docker
+      owner: root
+      mode: 755
     - dir: tls
       owner: root
       mode: 755
diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2
index 00ff211..1e43e04 100644
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -109,6 +109,9 @@ client {
 plugin "docker" {
   config {
     allow_privileged = {{ nomad_conf.client.task_drivers.docker.allow_privileged | ternary('true', 'false') }}
+    auth {
+      config = "{{ nomad_root_dir }}/docker/auth.json"
+    }
 {% if nomad_conf.client.task_drivers.docker.volumes.enabled %}
     volumes {
       enabled = true