php: Set the sockets permissions when a pool is configured to use them.

library/roles/php-fpm/defaults/main.yml

@@ -8,6 +8,7 @@ phpfpm_remove_php_module: True
 php_from_ppa: False
 php_ppa: ppa:ondrej/php
 php_version: 7.2
+php_run_dir: '/run/php'
 
 phpfpm_root_dir: '/etc/php/{{ php_version }}'
 phpfpm_base_dir: '{{ phpfpm_root_dir }}/fpm'
@@ -40,12 +41,15 @@ phpfpm_event_mechanism: epoll
 
 # Pools settings
 phpfpm_default_pool_name: "php-fpm"
+phpfpm_pool_name: "{{ phpfpm_default_pool_name }}"
 phpfpm_remove_default_pool: True
 phpfpm_use_default_template: True
 phpfpm_create_users: True
 phpfpm_default_user: php-fpm
 phpfpm_default_group: '{{ phpfpm_default_user }}'
-phpfpm_default_listen: "127.0.0.1:9000"
+phpfpm_listen_on_socket: False
+phpfpm_default_listen: "{{ php_run_dir }}/{{ phpfpm_pool_name }}.sock"
+#phpfpm_default_listen: "127.0.0.1:9000"
 phpfpm_default_allowed_clients: "127.0.0.1"
 phpfpm_default_pm: "dynamic"
 phpfpm_default_pm_max_children: "50"

library/roles/php-fpm/templates/php-fpm-pool.conf.j2

@@ -28,9 +28,11 @@ listen.allowed_clients = {{ item.allowed_clients | default ('127.0.0.1') }}
 ; BSD-derived systems allow connections regardless of permissions. 
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0666
-;listen.owner = nobody
+{% if phpfpm_listen_on_socket %}
-;listen.group = nobody
+listen.owner = {{ item.user }}
-;listen.mode = 0666
+listen.group = www-data
+listen.mode = 0660
+{% endif %}
 
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group