diff --git a/files/systemd/buildbot-worker@.service b/files/systemd/buildbot-worker@.service
new file mode 100644
index 0000000..79df92c
--- /dev/null
+++ b/files/systemd/buildbot-worker@.service
@@ -0,0 +1,24 @@
+# This template file assumes the buildbot master lives in a subdirectory of
+# /var/lib/buildbot
+# Usage:
+#   cd /var/lib/buildbot
+#   buildbot create-master [directory]
+#   systemctl enable --now buildbot@[directory].service
+[Unit]
+Description=Buildbot Master
+After=network.target
+
+[Service]
+User=%i
+Group=%i
+WorkingDirectory=~
+ExecStart=/usr/local/bin/buildbot --verbose start --nodaemon %I
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+#ProtectSystem=full
+#ProtectHome=yes
+#PrivateDevices=yes
+#PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tasks/worker.yaml b/tasks/worker.yaml
new file mode 100644
index 0000000..f0984dc
--- /dev/null
+++ b/tasks/worker.yaml
@@ -0,0 +1,19 @@
+---
+- name: buildbot-worker group
+  group:
+    name: "{{ buildbot_worker_group }}"
+
+- name: buildbot-worker user
+  user:
+    name: "{{ buildbot_worker_user }}"
+    group: "{{ buildbot_worker_group }}"
+    home: "{{ ez_directory }}"
+    shell: /usr/bin/fish
+
+- name: buildbot-worker home directory
+  file:
+    path: "{{ buildbot_worker_home_directory }}"
+    owner: "{{ buildbot_worker_user }}"
+    group: "{{ buildbot_worker_group }}"
+    state: directory
+    mode: u=rwx,g=rwx,o=
diff --git a/vars/main.yaml b/vars/main.yaml
index 6ddb69e..87cf057 100644
--- a/vars/main.yaml
+++ b/vars/main.yaml
@@ -28,3 +28,7 @@ buildbot_nginx_vhosts:
         proxy_pass http://localhost:8010;
         proxy_read_timeout 6000s;
       }
+
+buildbot_worker_user: "{{ buildbot_worker_name }}"
+buildbot_worker_group: "{{ buildbot_worker_name }}"
+buildbot_worker_home_directory: "/home/{{ buildbot_worker_name }}"