diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
index 5b23055917b7379a0693cbbc6466c834f60cf52a..54d3bf1368926943a44e584e882aee9ac0ae1d16 100644
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
@@ -20,6 +20,24 @@
   notify:
     - restart php-fpm
 
+- name: create groups
+  group:
+    name: "{{ item.name }}"
+    system: true
+    state: present
+  with_items: "{{ fpm_pools|default([]) }}"
+
+- name: create groups
+  user:
+    name: "{{ item.name }}"
+    group: "{{ item.name }}"
+    system: true
+    home: "/var/www/{{ item.name }}"
+    shell: /usr/bin/nologin
+    createhome: false
+    state: present
+  with_items: "{{ fpm_pools|default([]) }}"
+
 - name: ensure we have all the pools we want
   template:
     src: pool.conf.j2
@@ -57,7 +75,7 @@
   # yamllint disable rule:line-length
   shell: |
     set -o pipefail
-    systemctl list-units --state=loaded | grep php-fpm@ | grep -v .socket | sed -E 's/.*php-fpm@(.*)\.service.*/\1/'
+    systemctl show --state=loaded --type=service --property=Id --value php-fpm@\* | cut -d@ -f2 | cut -d. -f1
   args:
     executable: /bin/bash
   # yamllint enable rule:line-length