---
# Having a custom group is useless so use nogroup
- name: "Create {{ appservice_user }} user"
  user:
    name: "{{ appservice_user }}"
    group: nogroup
    home: "{{ appservice_homedir }}"
    system: true
    shell: /bin/false
    state: present

# Only service user should be able to go there
- name: "Secure {{ appservice_user }} home directory"
  file:
    path: "{{ appservice_homedir }}"
    state: directory
    owner: "{{ appservice_user }}"
    group: nogroup
    mode: 0700