---
# Having a custom group is useless so use nogroup
- name: "Create {{ service_user }} user"
  user:
    name: "{{ service_user }}"
    group: nogroup
    home: "{{ service_homedir }}"
    system: true
    shell: /bin/false
    state: present

# Only service user should be able to go there
- name: "Secure {{ service_user }} home directory"
  file:
    path: "{{ service_homedir }}"
    state: directory
    owner: "{{ service_user }}"
    group: nogroup
    mode: 0700