Create system user and systemd service/socket

tasks/main.yml

@@ -1,5 +1,6 @@
 ---
-- import_tasks: packages.yml
+- name: Package tasks
+  ansible.builtin.import_tasks: packages.yml
   tags: packages
 
 - name: "Get PHP version"
@@ -9,5 +10,10 @@
   changed_when: false
   check_mode: false
 
-- import_tasks: php.yml
+- name: PHP tasks
+  ansible.builtin.import_tasks: php.yml
   tags: php
+
+- name: User tasks
+  ansible.builtin.import_tasks: user.yml
+  tags: never, user

tasks/user.yml

@@ -0,0 +1,44 @@
+---
+- name: "User | Create systemd user"
+  ansible.builtin.user:
+    name: "{{ php_user }}"
+    shell: /bin/false
+    create_home: "{{ create_home | default('false') }}"
+    password_lock: true
+
+- name: "User | Add www-data to user group"
+  ansible.builtin.user:
+    name: www-data
+    groups: "{{ php_user }}"
+    append: true
+
+- name: "User | Create log file"
+  ansible.builtin.file:
+    path: "{{ php_fpm_log_dir }}/{{ php_user }}.log"
+    state: touch
+    owner: "{{ php_user }}"
+    group: "{{ php_user }}"
+    mode: 0644
+
+- name: "User | Create PHP-FPM pool"
+  ansible.builtin.template:
+    src: fpmpool.cfg
+    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ php_user }}.cfg"
+    mode: 0644
+  notify:
+    - stop php-fpm-socket
+    - stop php-fpm-service
+    - start php-fpm-socket
+
+- name: "User | Enable systemd socket"
+  ansible.builtin.systemd:
+    name: "php-fpm@{{ php_user }}.socket"
+    enabled: true
+    state: started
+    daemon_reload: true
+
+- name: "User | Enable systemd service"
+  ansible.builtin.systemd:
+    name: "php-fpm@{{ php_user }}.service"
+    enabled: true
+    daemon-reload: true